New Windows Vulnerability - InfoJanuary 4, 2006

Time: January 4, 2006
Location:
Audience:Campus
Category:
Attendancenone
Description
Untitled Page

Vulnerability
The vulnerability allows code to be executed on a computer when viewing a particular type of graphic file (wmf files). This vulnerability makes it possible for computers to become infected (with viruses, spyware or malware) simply by VIEWING infected web sites, viewing graphic attachments in email or chat. No clicking or opening is required. This is a very serious vulnerability, considering that many students, faculty and staff use their computers to do online banking, purchasing and have huge amounts of private or corporate information on their systems.

All version of Windows are susceptible to this vulnerability. Macintosh machines are safe. Score one for the Macs!

Patches
Microsoft has announced that it will patch this vulnerability on January 10th. There is a beta version of this patch available, it would be hard for us to recommend this as a fix for users - as it is unclear how it will work in the long term with official patches and updates from Microsoft. It is also unclear if Microsoft will offer a patch for Windows 98 machines, as their official support for 98 stopped at the end of December. Stay tuned.

Temporary Fix
There is a temporary fix that has been recommended by Technology Services (any many others) and sent out via email (to tech-announce from Bruce). This temporary fix un-registers the dll required to view the wmf files.
Run at a command prompt -
regsvr32 /u shimgvw.dll
Available on the web at:
< http://www.gustavus.edu/wmf/wmfFix1.bat>

There are some consequences to un-registering the dll. The nice Windows XP picture viewing options - like thumbnails and view as slide show - don't work. Users can use other applications to view their image files - IE, Microsoft Photo Editor, Paint to name a few. Right click and select Open With and select the application.

We don't recommend re-registering the dll - as suggested by someone last night - as this negates the fix making the machine again vulnerable to the original problem. The command to re-register the dll is
regsvr32 shimgvw.dll

As always we continue to recommend:
Updated virus definitions
FireFox for web browsing
Not opening any "unknown" graphic files, web links or attachments in email or chat

For now:
Using the temporary fix
Browsing only "known" websites

ContactTami Aune