Windows Security Flaw Is 'Severe'

Washington Post ^ | December 30, 2005 | By Brian Krebs

[zeugma]

Some people use IE and Outlook?

Yeah. Some people don't know better. While at relatives the other week, I ended up installing Firefox and Thunderbird for them, and deleting every single outlook and IE icon I could find.

[LexBaird]

And what exactly is that supposed to mean? Are you impuning El Rushbo's sexual orientation?

It means he prefers to remain a masochistic MicroSerf, afraid to look at any attachment not verified by the Pope, and afraid to visit half the Web for fear that he'll have to spend the next week cleaning the crap off his zombie PC .... for the 937th time this year. All because he mistakes a tool for a lifestyle.

I'm on a Mac, and have been for over ten years. Anti-virus? None. Trojans? None. Viruses? Worms? None and none. Downtime from malware? None. Time dealing with security updates in the last year? Maybe 10 minutes, total.

I also maintain a design dept. LAN, with 5 Macs and one MS print server. In over eight years, there has never been a minute lost to downtime on any Mac due to malware. The MS server, OTOH, was used one afternoon by a "visitor" to browse the Net. In spite of a hardware router firewall and virus protection, in one day that box got 187 pieces of crap infecting it, that took at least 5 reboots before we got them removed. I wish I could just take Exploder off of the file server completely, but I don't have the time to figure out how without removing vital OS parts.

[The_Reader_David]

Ah, but the liberals hate him because he's rich. Those of on the right stand with Linus Torvalds in this regard: "I don't mind Bill Gates being rich. I mind Bill Gates having a lousy operating system."

[Havoc]

ROFL. This is great. Seems the only way anything coming from MS works as designed is if they stole it from someone else. Xerox and IBM should have awards for being the best at making MS crap work.

[octobersky]

But if you must turn off the preview pane.

[RunningWolf]

I don't use Outlook, but I went ahead and disabled Outlook as much as I could by deleting all the *.dll files.

If I completely remove Outlook, XP puts it back in

[derllak]

Go to command prompt and type
regsvr32 -u %windir%\system32\shimgvw.dll

This disables the offending dll. Then rename it so some other program doesn't reactivate it.
ren %windir%\system32\shimgvw.dll %windir%\system32\shimgvw.dll_bad

[Williams]

Sorry to have to ask this, but how exactly do I go to command prompt?

[Uri’el-2012]

So is there a fix yet?

./

Get Root !

[derllak]

It's getting worse... New IM Worm Exploiting WMF Vulnerability

[derllak]

So is there a fix yet?

There is an unofficial fix available for folks running XP. If you are running Win2K, you are out of luck until Microsoft releases something.

[Optimist]

Algore already invented a fix.

[derllak]

Here's an update to the unofficial fix posted above. The folks at sans.org have taken the patch apart and modified it to work on WIN2K systems.. It's running on my system with no apparent ill effects. I'll be patching the other computers in the house shortly.

You guys had better begin patching your own systems soon because this is HUGH and SERIES. ;)