Workaround for the critical WMF zero-day exploit



The Windows Meta File (WMF) zero-day (0-day) exploit is apparently, VERY nasty, no user intervention required (unless running firefox or opera). Just VISITING a malicous site (viewing a malicious email with image…) would be enough to get the system owned. It sounds as though a FULL reinstall is the best solution. Sunbelt has had some coverage…


There’s also a good deal over at The security fix. There is reported a workaround to immunize a system against the attack….

1. Click on the Start button on the taskbar.
2. Click on Run…
3. Type “regsvr32 /u shimgvw.dll” to disable.
4. Click ok when the change dialog appears.

iDefense notes that this workaround may interfere with certain thumbnail images loading correctly, though I have used the hack on my machine and haven’t had any problems yet. The company notes that once Microsoft issues a patch, the WMF feature may be enabled again by entering the command “regsvr32 shimgvw.dll” in step three above.

They are now reporting the exploit on thousands of web sites installing bogus anti-spyware software (prompting for credit card information to clean up the infection.) It also installs a mail server and starts sending out SPAM.

Be cautious and hope for a fix from Microsoft SOON. Given that we’re in between Christmas and New Year’s web traffic seems to be higher, home machines may be getting hammered by this.

   Send article as PDF   

Similar Posts