Who Am I?

My name is John and I am a 27 year old systems administrator. I do web design. I like backpacking. I use WordPress. On this site I talk mostly about the things I like. This is a site about me.

Things I Do...

I have several projects I maintain, when they are done, I usually replace them with other things to keep me busy. Currently I am working on taking WordPress Junkie live. Contact me if you would like to help.

Critical Windows Security Issue

Posted on 30 December 2005
Tags: updates

Microsoft Security Advisory (912840) Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution Microsoft is investigating new public reports of a vulnerability in Windows. Microsoft is also aware of the public release of detailed exploit code that could be used to exploit this vulnerability. Based on our investigation, this exploit code could allow an attacker to execute arbitrary code on the user’s system by hosting a specially crafted Windows Metafile (WMF) image on a malicious Web site. Microsoft is aware that this vulnerability is being actively exploited.

Microsoft has determined that an attacker using this exploit would have no way to force users to visit a malicious Web site. Instead, an attacker would have to persuade them to visit the Web site, typically by getting them to click a link that takes them to the attacker’s Web site. In an e-mail based attack, customers would have to be persuaded to click on a link within a malicious e-mail or open an attachment that exploited the vulnerability. In both the web and email based attacks, the code would execute in the security context of the logged-on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Temorary Workaround to prevent infection

  1. Logon as a user with full administrative rights.
  2. Click the windows “Start button and select “Run…”
  3. Enter the following string into the “Open” field:
    regsvr32 -u %windir%\system32\shimgvw.dll
  4. Click “OK” to unregister the vulnerable DLL.

If all goes well, you will receive a confirmation prompt, and your system is now safe. No need to reboot, but you might want to just to be sure that any possible currently loaded instance is flushed out.

To eventually re-enable the “SHIMGVW.DLL” component:

  1. Logon as a user with full administrative rights.
  2. Click the Windows “Start” button and select “Run…”
  3. Enter the following string into the “Open” field:
    regsvr32 %windir%\system32\shimgvw.dll
  4. Click “OK” to re-register the (hopefully) non-vulnerable DLL.

Additional reading and information:
http://www.f-secure.com/weblog/archives/archive-122005.html#00000754
http://secunia.com/advisories/18255/
http://vil.mcafeesecurity.com/vil/content/v_137760.htm
http://www.securityfocus.com/bid/16074/info
http://sunbeltblog.blogspot.com/2005/12/new-exploit-blows-by-fully-patched.html
http://redxii.blogspot.com/2005/12/vulnerabilities-in-graphics-rendering.html
http://www.microsoft.com/technet/security/advisory/912840.mspx

View this post on my blog

 

Trackbacks

(Trackback URL)

close Reblog this comment
Powered by Disqus · Learn more
blog comments powered by Disqus
-->

RECENTPOSTS

MYSITES

MYARCHIVE

RECENTCOMMENTS

MOSTCOMMENTS

LINKLOVE

-->
iphoneA Rare Picture of MeMy sisterMontgomery Fire Dept (Downtown)Because I don't post enough photos of the RSA TowerRSA TowerDowntown SceneAnother Fountain PictureCourt Square Panorama part 2