Newsletter Sign-Up

Receive the latest technology news and information.

Windows WMF flaw: How to protect against attacks

There is no vendor-sanctioned fix yet for the Windows Metafile vulnerability

By Sharon Machlis

January 2, 2006 12:00 PM ET

Computerworld - With Microsoft promising a security update "upon completion of [an] investigation" of the WMF security flaw, there's currently no vendor-sanctioned fix for the Windows Metafile vulnerability (see "Risk of Windows WMF attacks jumps 'significantly,' security firm warns").
However, there are ways to protect your system and network from potential attack.

"If you are a Windows OneCare user and your current status is green, you are already protected from known malware that uses this vulnerability to attempt to attack systems," according to Microsoft. If not, there are several other defense strategies, including the following:

Unregister the Windows shimgvw.dll file. The command regsvr32 -u %windir%\system32\shimgvw.dll at the command-line prompt should do this on an individual system. "This workaround is better than just trying to filter files with a WMF extension," according to security firm F-Secure Corp., since some malicious WMF files are being disguised with other file extensions.

Ilfak Guilfanov, "the main author of Interactive Disassembler Pro and ... arguably one of the best low-level Windows experts in the world," F-Secure says, has posted a temporary fix at hexblog.com. Security firm iDefense Inc. says it tested the patch and verified that it's effective and doesn't seem to include malicious code. But it notes that the patch "is still from an independent source and not the actual vendor, and should be treated as such." SANS Institute also says that it has "reverse engineered, reviewed and vetted" the fix. Guilfanov recommends uninstalling his work-around once Microsoft issues an official fix.

"Configure Internet Explorer to a HIGH security level," iDefense suggests in a listing of several protection strategies.

Block several IP addresses that have been associated with malicious activity in the past, according to Johannes Ullrich at SANS. Details are posted on the SANS Internet Storm Center diary.

"WMF exploitation has rapidly become a major threat, especially as the work week resumes after a long holiday weekend," iDefense spokesman Ken Dunham said in an e-mail advisory. "The situation is rapidly escalating now with hundreds of hostile sites purported, dozens confirmed, and more from public and private data shared to date. ...Traditionally, any rapid exploitation on a widespread basis within seven days or less has led to a major meta-event."

The following resources provide more information on the WMF vulnerability:

F-Secure's blog

Hexblog

Steve Gibson's explainer of the fix on Hexblog

SANS Internet Storm Center diary

Microsoft's initial security advisory

For additional Computerworld coverage, see

"WMF flaw can't wait for Microsoft fix, researchers say"

"Risk of Windows WMF attacks jumps 'significantly,' security firm warns"

Recommend Digg Twitter ShareThis

Email Print Send Feedback Reprints

Jump to comments

Viruses

Additional Resources

WHITE PAPER

Do You Know the 7 Steps to Successful Data Migration?

Approximately 60 percent of data migration projects overrun time or budget, while some fail completely. Download this white paper, "Enhancing Your Chance for Successful Data Migration," to learn the critical steps you need to take to execute a data migration project with minimum cost and risk to your business.

WHITE PAPER

Total Cost of Ownership of Server Computing Vs. PCs

Read the Gartner research note to learn why the TCO of a server-based computing deployment used to deliver all applications to users is around 50% lower than that of an unmanaged desktop deployment.

WHITE PAPER

IDC White Paper: Linux in a Global Recession

Economic downturns have a tendency to accelerate emerging technologies, boost the adoption of effective solutions, and punish solutions that are not cost competitive or that are out of synch with industry trends. This IDC White Paper presents the results of an IDC survey of 330 companies in Western Europe, Asia/Pacific and the Americas that measures the receptiveness to Linux and takes into consideration changing views driven by the disruptive economic environment that businesses face today.

White Papers & Webcasts

Share our Strength
Download Now

Key Strategies for Managing Data Growth
What are you storage challenges?

Can Heuristic Technology Help Your Company Fight Viruses?
What is Heuristic Technology and how can it help safeguard your business against viruses? Learn more.

Extending Client Refresh - 11 Steps to Maximize Savings
Register Now!

Eradicate Spam & Gain 100% Asurance of Clean Mailboxes
Get this paper now!

Lower the Cost and Complexity of a Mobile Workforce through Automation
Download This Resource Now!

Mastering eDiscovery: The IT Manager's Guide to Preservation, Protection & Production
Get this paper now!

Managing Mobility: Improve Data Security, Compliance and Manageability
Download This Resource Now!

Not Just Words: Enforce Your Email and Web Acceptable Usage Policies
Get this paper now!

Consolidate Your Servers and Storage to Lower Costs with Oracle Database 11g
Register for this webcast!

All White Papers | All Webcasts

Computerworld Reports

8 Questions To Ask About Your Intrusion-Security Solution

Computerworld Technology Briefings IT Service Management

Computerworld Briefing - Analytics: The Art and Science of Better

All Computerworld Reports

	Security
	Virus and Vulnerability Roundup
	Computerworld Daily News (First Look and Wrap-Up)
	Computerworld Blogs Newsletter
	The Weekly Top 10
	Cloud Computing

resource center

Newsletter Sign-Up

Windows WMF flaw: How to protect against attacks

There is no vendor-sanctioned fix yet for the Windows Metafile vulnerability

Viruses

Additional Resources

White Papers & Webcasts

Computerworld Reports

White Papers

Sponsored Links