What is Digg?Sponsored by Sony Pictures
Adam Lambert sings the 2012 theme song, "Time for Miracles" view!
whowillsurvive2012.com - Watch the Adam Lambert music video for the 2012 theme song. See 2012, in theaters Nov 13
12 Comments
- Live4Soccer, on 10/12/2007, -0/+0Thanks mschapv2.
One should also note that ALL WINDOWS MACHINES including 95, 98, ME, 2000 are vulnerable and should run the workaround. It's not just XP.
Ahhh, the fun of running the Windows OS... - mschapv2, on 10/12/2007, -0/+0Suggested Actions
Workarounds
Microsoft has tested the following workaround. While this workaround will not correct the underlying vulnerability, it will help block known attack vectors. When a workaround reduces functionality, it is identified in the following section.
Un-register the Windows Picture and Fax Viewer (Shimgvw.dll) on Windows XP Service Pack 1; Windows XP Service Pack 2; Windows Server 2003 and Windows Server 2003 Service Pack 1
Note The following steps require Administrative privileges.
To un-register Shimgvw.dll, follow these steps:
1. Click Start, click Run, type "regsvr32 -u %windir%system32shimgvw.dll" (without the quotation marks), and then click OK.
2. A dialog box appears to confirm that the un-registration process has succeeded. Click OK to close the dialog box.
Impact of Workaround: The Windows Picture and Fax Viewer will no longer be started when users click on a link to an image type that is associated with the Windows Picture and Fax Viewer.
To undo this change, re-register Shimgvw.dll by following the above steps. Replace the text in Step 1 with “regsvr32 %windir%system32shimgvw.dll” (without the quotation marks). - Live4Soccer, on 10/12/2007, -0/+0"From Steve Gibson? That's the same "Patch" that Microsoft published on their page.
You have to love the grc attention whore"
It's not a "Patch" it's a workaround and how far into the Microsoft Website do you have to dig to find it? I just checked the front page of Microsoft, and the Official Windows and XP sites and FUNNY THING, they don't mention the vulnerability or workaround ANYWHERE. Imagine that. It's not like Microsoft to downplay flaws in their OS...so VERY strange.
WTF is the big deal trying to get the word out about the workaround? Most people on Digg know about Gibson and they trust the guy. So if it gets some people to run the workaround who otherwise wouldn't, then all the better.
Relax a little. Enjoy life. - cecil_t, on 10/12/2007, -0/+0"That's the same "Patch" that Microsoft published on their page."
Microsoft makes no mention of that workaround at all.
http://www.microsoft.com/technet/security/advisory/912840.mspx - YVRSteve, on 10/12/2007, -0/+0There is a short Security Now Audio update
A special (short) edition of "Security Now!" — On Sunday, January 1st, I phoned into Leo Laporte's KFI "Tech Guy" radio program to inform him and his radio audience of the availability of Ilfak's new patch and real solution. Leo produced a special edition of our weekly "Security Now!" audio podcast. Since this was by telephone the audio quality is not great, but the high-quality and lower-quality MP3 audio files are available here:
Higher-quality (larger) KFI Radio program update (64 kbps, MP3, 5.4 MB)
Lower-quality (smaller) KFI Radio program update.
On the website. - gamingdude, on 10/12/2007, -0/+0This work around needs to get to alot more people because there are alot of sites and emails now using this exploit.
- gbitten, on 10/12/2007, -0/+0(Sorry, correcting the links)
Some points:
1) This patch was produced by Ilfak Guilfanov, not by Steve Gibson (see http://www.hexblog.com/2005/12/wmf_vuln.html ).
2) This is UNofficial pacth.
3) Microsoft didn't release any pacth, only a workaround, BUT IT'S WORKAROUND DOESN`T RESOLVE THE VULNERABILITY COMPLETELY (see http://isc.sans.org/diary.php?storyid=982 )
4) This vulnerability is very critical, there are a least 2 exploits in wild, the Microsoft workaround is a weak protection. The Ilfak Guilfanov's pacth should be spread.
ISC Sans have a nice overview about this (http://isc.sans.org/diary.php?storyid=993 ). - jtibble, on 10/12/2007, -0/+0Hey they've got a new patch from Ilfak Guilfanov.... it fixes all versions except for '98.
DIGG THIS TO SPREAD AWARENESS - gbitten, on 10/12/2007, -0/+0Some points:
1) This patch was produced by Ilfak Guilfanov, not by Steve Gibson (see http://www.hexblog.com/2005/12/wmf_vuln.html).
2) This is UNofficial pacth.
3) Microsoft didn't release any pacth, only a workaround, BUT IT'S WORKAROUND DOESN`T RESOLVE THE VULNERABILITY COMPLETELY (see http://isc.sans.org/diary.php?storyid=982)
4) This vulnerability is very critical, there are a least 2 exploits in wild, the Microsoft workaround is a weak protection. The Ilfak Guilfanov's pacth should be spread.
ISC Sans have a nice overview about this (http://isc.sans.org/diary.php?storyid=993). - jtibble, on 10/12/2007, -0/+0all that workaround does is it turns off windows picture viewer and such from opening the file... it's not really a true "fix" like Guilfanov's... get the patch!!!
- blowdart, on 10/12/2007, -2/+0From Steve Gibson? That's the same "Patch" that Microsoft published on their page.
You have to love the grc attention whore - spamdies, on 10/12/2007, -2/+0meh
© Digg Inc. 2009
— Content created and posted by Digg users is