| Author | Thread |
|
|
01/02/2006 11:07:00 PM · #26 |
Oh yeh I don't see thumbs either. I wondered why but now I know! :P
|
|
|
|
01/02/2006 11:09:49 PM · #27 |
Yipes! Thanks for the heads up on that info I shall pass that link with the info to others offsite.
What a headache to deal with ..... |
|
|
|
01/02/2006 11:48:01 PM · #28 |
Originally posted by Konador:
Oh yeh I don't see thumbs either. I wondered why but now I know! :P |
Yep, I also confirmed that disabling the DLL makes JPEG thumbs disappear. It only affects Windows explorer though, all other programs seem to show thumbs just fine.
I'm leaving it disabled until a patch is released, this one's got the potential to become a pandemic and I'd rather be safe than sorry.
|
|
|
|
01/02/2006 11:51:53 PM · #29 |
Any idea when a patch might be released? And will it be a Window's patch, or a Norton/other antivirus update?
I'm nervous and sorta' in the dark, so please bear with me...
|
|
|
|
01/02/2006 11:57:17 PM · #30 |
I'd guess that Microsoft will patch this in a hurry, it's a hole so big you could drive a truck through, but should be easy enough to plug.
|
|
|
|
01/03/2006 12:00:37 AM · #31 |
Thanks kirbic! I'm off to deactivate whatever it is until I hear about a patch.
When any of you get the patch, could you post here so we all know it's out? Thanks!
|
|
|
|
01/03/2006 12:07:53 AM · #32 |
Originally posted by kirbic:
This exploit is even more dangerous than previously reported. It is NOT dependent on the browser you're using, and disabling viewing of WMFs is not adequate to prevent the exploit from succeeding. In fact, if someone creates a malicious WMF file called LOOKATME.WMF, then renames it to LOOKATME.JPG, windows will still recognize it as a WMF file by its contents and interpret it as such, so the exploit still works! Now, you cannot just disable all JPEGs, so what CAN you do?
If you're running XP you don't need to deal with WMF files in the short term (or at all), you can disable the DLL that interprets them, defeating the exploit, no matter what the file name. To do so:
Start ==> Run, type, regsvr32 /u shimgvw.dll and press Enter.
to reenable the DLL, after a patch becomes available:
Start ==> Run, type, regsvr32 shimgvw.dll and press Enter. |
I just did what you said (thank you for the tip) but do I need to restart my computer? I still see jpg thumbnails. And what is a wmf file? sorry if I sound dumb on this...(running winxp) Is it a windows media file? such as video.
Message edited by author 2006-01-03 00:09:05. |
|
|
|
01/03/2006 12:12:25 AM · #33 |
Originally posted by southern_exposure:
I just did what you said (thank you for the tip) but do I need to restart my computer? I still see jpg thumbnails. And what is a wmf file? sorry if I sound dumb on this...(running winxp) Is it a windows media file? such as video. |
Yes, restart the computer. WMF = Windows Metafile, vector graphics... or clipart (to not get to technical). There is also WMA files, those are Windows Media Audio files ... music.
|
|
|
|
01/03/2006 12:28:13 AM · #34 |
Originally posted by fotomann_forever:
Originally posted by southern_exposure:
I just did what you said (thank you for the tip) but do I need to restart my computer? I still see jpg thumbnails. And what is a wmf file? sorry if I sound dumb on this...(running winxp) Is it a windows media file? such as video. |
Yes, restart the computer. WMF = Windows Metafile, vector graphics... or clipart (to not get to technical). There is also WMA files, those are Windows Media Audio files ... music. |
Thank you |
|
|
|
01/03/2006 03:58:31 AM · #35 |
//www.pcdoctor-guide.com/wordpress/?p=2068 has a lot of not-very-technical information, and a link to an unofficial patch. MicroSoft's monthly patching cycle means that you'll have to wait at least a week for an official patch, and if they don't get it out by then, a month and a week.
Message edited by author 2006-01-03 04:15:16. |
|
|
|
01/03/2006 08:29:23 AM · #36 |
The following was posted in another forum I frequent....
------
Windows WMF Vulnerability News & Updates
Quick Background:
The active exploitation of a very serious vulnerability in all versions of Windows was discovered in late December.
Word of this spread rapidly through the hacker community ΓΆ€” many of whom where presumably on holiday vacation from school, bored, and looking for something to do.
So several days later nearly one hundred different instances of exploitation of this newly discovered vulnerability had been found.
Note that this is not a "new vulnerability" ΓΆ€” it (and perhaps other similar bugs) have been lying unknown in Windows since 1991. What's "new" is the discovery of this long-present vulnerability in Windows' metafile processing.
Almost immediately there were reports of an MSN Messenger worm, and now F-Secure is reporting that "Happy New Year" SPAM eMail is carrying an exploit.
Anti-Virus vendors quickly updated and began pushing out their A-V signature files. These have been effective, but a new very flexible exploit generation tool has appeared that's able to create so many different variations of the exploit that A-V signatures are having trouble keeping up.
Microsoft responded with an acknowledgement of the problem which included a very weak workaround (the shimgvw.dll unregistration) that provides very little protection. There's is not a cure, and it is not known how long the Windows user community will now be waiting for a true patch from Microsoft.
Ilfak Guilfanov (see GREEN box below) produced a highly-effective true patch which successfully suppresses all known exploitable vulnerabilities for anyone using Windows 2000, XP, server 2003, or 64-bit XP. No patch is available for Windows 95, 98, ME or NT, and none is expected to be forthcoming. But anyone using Windows 2000, XP, server 2003, or 64-bit XP should IMMEDIATELY install Ilfak's exploit suppressor into all of their systems.
Continued.........
I can't endorse this as I know nothing about it other than an online acquaintance posted it. I'm going to try it and see what happens though. |
|
|
|
01/03/2006 09:14:48 AM · #37 |
| Well, I've installed it. Here's hoping it works. |
|
|
|
01/03/2006 05:44:37 PM · #38 |
Originally posted by kirbic:
[quote=Konador] I'm leaving it disabled until a patch is released, this one's got the potential to become a pandemic and I'd rather be safe than sorry. |
Would you remind the rest of us to reenable when you do? I have a feeling I will forget and then in several weeks I won't remember what's causing my thumbs not to show! :)
|
|
|
|
01/03/2006 05:57:29 PM · #39 |
Kirbic's "unregister the DLL" patch is good, but not complete as you can have another program on your PC properly reregister the DLL.
The "unofficial patch" seems to be what is being recommended by the business community in the face of delayed response from Microsoft.
Details here - //isc.sans.org/
Patch here - //handlers.sans.org/tliston/WMFHotfix-1.1.14.msi
Dave
|
|
|
|
01/03/2006 10:17:13 PM · #40 |
@Butterflysis and anyone else who suspects that they may forget about this little patch:
You might consider writing a brief note to yourself in a text file on the desktop. (right click on the desktop and go to NEW-->Text file)
Cut and paste either the link to this thread or make a few notes to yourself.
Then you won't forget about it forever. When you get the next critical update (probably at the end of January if MS is 'quick' about it - their 'quick' is a slightly more loose usage of the word), you will know exactly what to do.
Having been hit by it once, I am actually risking leaving the hole open. I am being very careful about what sites I visit though and I have installed the restricted websites add-on from IE-SPYAD as per this very useful and helpful link //www.geekstogo.com/forum/index.php?autocom=custom&page=How_did_I
Of course, I don't recommend leaving vulnerabilities open to others. |
|
|
|
01/03/2006 10:31:41 PM · #41 |
Word I got today is Microsoft is supposed to have a patch available for us by the 10th. I'm not sure if it will be released to the public at the same time or not. Regardless, it looks to be at least next week before an official patch is released. Unless of course MS surprised us all and releases it ahead of time.
|
|
|
|
01/05/2006 05:10:38 PM · #42 |
It's available now via windows update...
|
|
|
|
01/05/2006 05:13:39 PM · #43 |
|
|
|
01/05/2006 06:02:39 PM · #44 |
|
|
|
01/05/2006 07:26:23 PM · #45 |
|
|
|
01/05/2006 08:51:27 PM · #46 |
Apparently Windows Picture and Fax Viewer must use this DLL because it doesn't work for me...no big deal really.
|
|
|
|
01/06/2006 12:50:10 AM · #47 |
Originally posted by jmsetzler:
It's available now via windows update... |
I assume it's safe to reload the DLL once this patch has been installed....
|
|
|
|
01/06/2006 01:02:15 AM · #48 |
Originally posted by LoudDog:
Originally posted by melodee:
i just want to know what is the purpose of viruses anyway |
They keep IT security people gainfully employed |
So we can buy lots of camera stuff and pewters and xbox 360's. Woot.
Official Patch is up on MS Here.
ED: Guess I should read more... link posted below.
Message edited by author 2006-01-06 01:02:56. |
|
Home -
Challenges -
Community -
League -
Photos -
Cameras -
Lenses -
Learn -
Help -
Terms of Use -
Privacy -
Top ^
DPChallenge, and website content and design, Copyright © 2001-2025 Challenging Technologies, LLC.
All digital photo copyrights belong to the photographers and may not be used without permission.
Current Server Time: 09/22/2025 01:50:22 AM EDT.
