We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
WMF - IMPORTANT Warning for all Windows users!
Options
Comments
-
Just remember though that one Antivirus doesnt always pic up something that another AV does... so the list kinda becomes irrelevant after a short period of time as updates
will be sent out..... Just reminds me of the Spyware Wars.
This doesnt mean rush out and get two AVs on yer PC.0 -
Oh great fun! Someone has posted (on rapidshare) what purports to be the official Microsoft patch ...
So now we have the Microsoft advice, the unofficial patch, and a leaked official patch (maybe). Any more for any more?
SJB0 -
Errr does anyone not think installing an unofficial patch sounds a bit suspect?
And expecially an 'official' one from P2P.0 -
mr_fishbulb wrote:Errr does anyone not think installing an unofficial patch sounds a bit suspect?
And expecially an 'official' one from P2P.
Yes thats why I did the registry fix. :beer:0 -
mr_fishbulb wrote:Errr does anyone not think installing an unofficial patch sounds a bit suspect?
And expecially an 'official' one from P2P.
I wouldn't use the one from P2P
But a long list of the most respected anti-virus, and anti-spyware companies are recommending the unofficial patch.
The original page I linked to is actually the show notes for episode 20 of the Security Now Podcast where you can listen to more details of the vunerability.0 -
so if i disable this file(regsvr32 -u shimgvw.dll) i will be fine until ms patch is released?spanky xx
DFW weight watchers 28lbs to lose
lost so far 11.5 lbs0 -
spankymonkey wrote:so if i disable this file(regsvr32 -u shimgvw.dll) i will be fine until ms patch is released?
The GRC site lists that as
"Microsoft responded with an acknowledgement of the problem which included a very weak workaround (the shimgvw.dll unregistration) that provides very little protection. Theirs is not a cure, and it is not known how long the Windows user community will now be waiting for a true patch from Microsoft."
which is why a lot of major sites are suggesting the unofficial patch
BTW GRC is Steve Gibson's site - who came up with the word 'spyware' in the first place0 -
It was real Microsoft patch, but 'a pre-release version'. http://www.microsoft.com/technet/security/advisory/912840.mspx (in FAQ)I heard that Microsoft’s security update for the WMF issue has been posted on the Internet. What’s Microsoft’s response to these postings?
In our effort to put this security fix on a fast track, a pre-release version of the update was briefly and inadvertently posted on a security community site. There has been some discussion and pointers on subsequent sites to the pre-release security update. Microsoft recommends that customers disregard the postings.
We just have to wait for the new moon after the first Monday of the month, except when there's an 'r' in the month or it's a leap year ... the 10th of January, anyway.
SJB0 -
That isn't a real patch; it's merely switching off a component that is vulnerable.StephenB wrote:It was real Microsoft patch, but ...
The description 'workaround' doesn't apply either, as that seems to say that the fax-to-email services I subscribed to will not work for now.The Windows Picture and Fax Viewer will no longer be started when users click on a link to an image type that is associated with the Windows Picture and Fax Viewer.
The unofficial Russian patch is also recommended in the Windows Secrets newsletter, which also says that the Internet Storm Center has tested it
http://windowssecrets.com/comp/060104/The experts at the ISC, a division of the SANS Institute, say they've examined and tested the patch and found it to be safe and effective. That's as good a testimonial as we can expect for any software.
http://isc.sans.org/diary.php?storyid=994Will unregistering the DLL (without using the unofficial patch) protect me?
It might help. But it is not foolproof. We want to be very clear on this: we have some very stong indications that simply unregistering the shimgvw.dll isn't always successful. The .dll can be re-registered by malicious processes or other installations, and there may be issues where re-registering the .dll on a running system that has had an exploit run against it allowing the exploit to succeed. In addition it might be possible for there to be other avenues of attack against the Escape() function in gdi32.dll. Until there is a patch available from MS, we recommend using the unofficial patch in addition to un-registering shimgvw.dll.0 -
Ah, I fear we are talking at cross-purposes here Redux. My fault for trying to be brief.
The 'real' Microsoft patch I referred to was an .exe file that was posted on rapidshare.de (having escaped from 'a security community website', see http://www.microsoft.com/technet/security/advisory/912840.mspx). I think (apologies if I am wrong) that you are refrerring to the 'regsvr32 -u shimgvw.dll' workaround (Microsoft's description, not mine, I don't have a strong opinion).
Over and above the two items above, we have the patch that is referred to as the Russian patch or the Ilfak Guilfanov patch, but AIUI is now a collaboration between a couple of people, see http://isc.sans.org/diary.php?storyid=996 (if it ever loads).
SJB0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 351.2K Banking & Borrowing
- 253.2K Reduce Debt & Boost Income
- 453.7K Spending & Discounts
- 244.2K Work, Benefits & Business
- 599.2K Mortgages, Homes & Bills
- 177K Life & Family
- 257.6K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 37.6K Read-Only Boards