Free Republic
Browse · Search 		News/Activism
Topics · Post Article

To: HAL9000

Someone else posted this fix from GRC:
There's also a third party fix but I'm leery about using it.

http://www.grc.com/sn/notes-020.htm


UNTIL THIS IS REPAIRED BY MICROSOFT, ANY ATTEMPT
TO DISPLAY A MALICIOUS IMAGE IN WINDOWS COULD
INSTALL MALICIOUS SOFTWARE INTO THE COMPUTER.

This is a so-called "0-day vulnerability" because exploits for the vulnerability appeared before any updates or patches were available.

Although NOT a complete solution, Microsoft has recommended temporarily disabling the automatic display of some images by the operating system and web browser. This can be done, as detailed below, by "unregistering" the "SHIMGVW.DLL" Windows DLL. THIS IS NOT A COMPLETE SOLUTION, but it significantly lowers the risk from this vulnerability from web surfing.

For Windows 2000, XP, 64-bit XP and 2003 server

The temporary patch described above is a FAR superior
solution. ONLY use the de-registration approach below if
you are unable to use Ilfak's temporary patch.

Do not open any "WMF" — Windows Metafiles — you receive by eMail, and reports are that other file types may also be dangerous.

Anti-virus companies have responded to this, so update your anti-virus signature files for updated protection.

You should IMMEDIATELY disable Windows' use of this
vulnerable DLL until patches from Microsoft are available.

Note that this WILL temporarily disable the "Thumbnail" view
in Windows Explorer and Window's Image and FAX viewer. This is
by design, since these viewers are no longer safe to use until a
non-vulnerable file has been produced by Microsoft and installed.

To immediately disable the vulnerable Windows component:

1) Logon as a user with full administrative rights.

2) Click the Windows "Start" button and select "Run..."

3) Enter the following string into the "Open" field:

regsvr32 -u shimgvw.dll

(You can copy/paste from this page using Ctrl-C/Ctrl-V)

4) Click "OK" to unregister the vulnerable DLL.

If all goes well, you will receive a confirmation prompt, and your system is now safe. No need to reboot, but you might want to just to be sure that any possible currently loaded instance is flushed out.


To eventually re-enable the "SHIMGVW.DLL" component:

Logon as a user with full administrative rights.

Click the Windows "Start" button and select "Run..."

Enter the following string into the "Open" field:

1) regsvr32 shimgvw.dll

(You can copy/paste from this page using Ctrl-C/Ctrl-V)
Same as the one above, but no "-u" for "uninstall".

Click "OK" to re-register the (hopefully) non-vulnerable DLL.


7 posted on 01/03/2006 11:49:47 AM PST by Lx (Do you like it, do you like it. Scott? I call it Mr. and Mrs. Tennerman chili.)
[ Post Reply | Private Reply | To 1 | View Replies ]

To: Lx

I installed the patch from GRC's recommendation on my XP machines a few days ago, and unregistered the DLL on my W2K machines, and have had no problems thus far.

I tend to trust Gibson fairly well.


10 posted on 01/03/2006 12:04:32 PM PST by MarineBrat (Talk is cheap because supply exceeds demand.)
[ Post Reply | Private Reply | To 7 | View Replies ]
To: Lx

I used that temp patch yesterday, and it is now showing my pc has no apparent vunerability.

Gibson (at GRC) is a very reliable source. He developed one of the early programs to 'set' hard drive parameters. He's an ancient sage -- in Internet years. lol.


11 posted on 01/03/2006 12:28:28 PM PST by TomGuy
[ Post Reply | Private Reply | To 7 | View Replies ]

Free Republic
Browse · Search 		News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson