Do you have a question? Post it now! No Registration Necessary. Now with pictures!
- Posted on
- WMF Exploit patch
- John Hyde
January 2, 2006, 7:34 pm
rate this thread
NIST website? Does it do anything worth trying?
Linked from their article on :
Closest link I think is:
The page says that you still need to unregister shimgwv.dll. Naturally,
what is really needed is the ability to get back to business as usual.
(I've been amazed at how many things apparently use shimgwv for image
Thanks for thoughts
Re: WMF Exploit patch
routines in the vulnerable shimgwv.dll file. It completely mitigates
any threat from this vulnerability. No need to run Microsoft suggested
unregister command but it doesn't hurt to do so (belt and suspenders is
what SANS called it).
My only problem with this fix is its not very enterprise friendly. It
requires installation on every machine through non-automated processes
(yes, you can automate an install yourself) and should be uninstalled
after Microsoft releases their fix.
The latest exploit kits allow creation of WMF files with varying
signatures. This was intended to make detection by IDS/IPS and
antivirus programs much harder or impossible. So this unofficial hotfix
maybe all we have at the moment.
You can read more at http://www.NIST.org
Check back often for updates or subscribe to the NIST.org RSS feed.