#154298 - 2005-12-30 06:31 PM
WMF vulnerability - debating on whether to roll out work around with kix
|
ostech
Lurker
Registered: 2005-07-05
Posts: 4
|
This latest, currently patch less, vulnerability (Microsoft Security Advisory (912840)) looks like it has possibilities of wide spread infection once the predicted worm makes it out. Currently the only work around is to unregister a dll: regsvr32 -u %windir%\system32\shimgvw.dll
Impact of Workaround: The Windows Picture and Fax Viewer will no longer be started when users click on a link to an image type that is associated with the Windows Picture and Fax Viewer.
I am debating on whether to roll out this work around via the logon script and wanted to open it up for discussion...
|
Top
|
|
|
|
#154301 - 2005-12-30 07:46 PM
Re: WMF vulnerability - debating on whether to roll out work around with ki
|
ostech
Lurker
Registered: 2005-07-05
Posts: 4
|
From the MS FAQ: ** Is this issue related to Microsoft Security Bulletin MS05-053 - Vulnerabilities in Graphics Rendering Engine Could Allow Code Execution (896424) which was released in November?*
No, these are different and separate issues.
|
Top
|
|
|
|
#154303 - 2005-12-30 09:12 PM
Re: WMF vulnerability - debating on whether to roll out work around with ki
|
ostech
Lurker
Registered: 2005-07-05
Posts: 4
|
Yes, at this point am going to rely on our desktop and perimeter security defenses, blocking known exploit sites, and external web mail. Our help desk would get crushed next week if users could not pull up images and faxes. I am hoping MS comes out with a patch over the weekend so we can get it deployed with WUS and HFNetChkPro before the work week starts. I have a feeling next week this topic will be front page news as the unprotected broadband systems get hit.
Thanks for your responses and have a Happy New Year!
|
Top
|
|
|
|
#154304 - 2005-12-30 09:32 PM
Re: WMF vulnerability - debating on whether to roll out work around with ki
|
Allen
KiX Supporter
Registered: 2003-04-19
Posts: 4549
Loc: USA
|
Les,
It is actually in the wild... I've been running into this on home pcs for about 2-3 weeks. Until yesterday, I had no idea how it was getting on their pcs (partly because my customers had no idea, and of course never admit to web sites they visit). Here is a link talking about it some more: Microsoft scrambles to fix 'severe' security flaw
|
Top
|
|
|
|
#154305 - 2005-12-30 10:08 PM
Re: WMF vulnerability - debating on whether to roll out work around with ki
|
NTDOC
Administrator
Registered: 2000-07-28
Posts: 11624
Loc: CA
|
Symantec detects this exploit as: Bloodhound.Exploit.56 The Bloodhound.Exploit.56 detection was updated as of the December 30th, 2005 LiveUpdate definitions. http://www.sarc.com/avcenter/venc/data/bloodhound.exploit.56.html
|
Top
|
|
|
|
#154307 - 2005-12-31 12:10 AM
Re: WMF vulnerability - debating on whether to roll out work around with ki
|
Allen
KiX Supporter
Registered: 2003-04-19
Posts: 4549
Loc: USA
|
ah... go wild, not in the wild...
Still... I'm surprised they consider this a low threat. From what I've seen it installs a program in the task bar saying your computer is "Infected with Spyware"... and then they try to extort $40 bucks for a piece of crap software that removes imaginary spyware. It also seems to install a few BHOs too.
|
Top
|
|
|
|
#154311 - 2006-01-03 01:14 AM
Re: WMF vulnerability - debating on whether to roll out work around with ki
|
NTDOC
Administrator
Registered: 2000-07-28
Posts: 11624
Loc: CA
|
|
Top
|
|
|
|
#154314 - 2006-01-03 09:46 AM
Re: WMF vulnerability - debating on whether to roll out work around with ki
|
NTDOC
Administrator
Registered: 2000-07-28
Posts: 11624
Loc: CA
|
ROFL - No, just a joke Jooel.
|
Top
|
|
|
|
Moderator: Arend_, Allen, Jochen, Radimus, Glenn Barnas, ShaneEP, Ruud van Velsen, Mart
|
0 registered
and 628 anonymous users online.
|
|
|