Windows Users, Critical Security Alert!!!

[scorpion]

A serious new remotely exploitable vulnerability has been discovered in Microsoft Windows' image processing code.

UNTIL THIS IS REPAIRED BY MICROSOFT, ANY ATTEMPT TO DISPLAY A MALICIOUS IMAGE IN WINDOWS COULD INSTALL MALICIOUS SOFTWARE INTO THE COMPUTER.

All versions of Windows from Windows 98 through ME, NT, 2000, XP, and 2003 are known to be vulnerable, and a large and rapidly growing number of malicious exploits (57 at last count) are already circulating in the wild. They are being actively used to install malware and Trojans into user's machines. Viruses and worms are expected to appear shortly.

Proof of Concept:
Open http://www.fxfisherman.com/downloads/anything.wmf and see for yourself. A calculator program is open and then your computer is crashed. Note: Save all files before preceeding with this expiment. I will not be responsible for any damages.

Workaround
Logon as a user with full administrative rights.

Click the Windows "Start" button and select "Run..."

Enter the following string into the "Open" field:

regsvr32 -u shimgvw.dll

(You can copy/paste from this page using Ctrl-C/Ctrl-V)

Click "OK" to unregister the vulnerable DLL.

If all goes well, you will receive a confirmation prompt, and your system is now safe. No need to reboot, but you might want to just to be sure that any possible currently loaded instance is flushed out.


To eventually re-enable the "SHIMGVW.DLL" component:

Logon as a user with full administrative rights.

Click the Windows "Start" button and select "Run..."

Enter the following string into the "Open" field:

regsvr32 shimgvw.dll



Additional reading and information:
http://www.f-secure.com/weblog/archi....html#00000754
http://secunia.com/advisories/18255/
http://vil.mcafeesecurity.com/vil/content/v_137760.htm
http://www.securityfocus.com/bid/16074/info
http://sunbeltblog.blogspot.com/2005...y-patched.html
http://redxii.blogspot.com/2005/12/v...rendering.html
http://www.microsoft.com/technet/sec...ry/912840.mspx

[scorpion]

Microsoft released a fix yesterday, so make sure you don't miss it by enabling auto windows update.

[gazuz]

Updated all the computers I have here, thanks for the warning scorpion... This is a huge, I actually didn't think the new fix that I updated did anything and then I read this and updated all other computers

forgot to mention: what do you think caused this?

[scorpion]

Yes this is huge.

A researcher found the file shimgvw.dll is vulnerable, so he released a security advisor along with 0-day exploit in his blog on Christmas day, knowing Microsoft's security experts are on holidays, no one to fix it asap.

The problem presents itself when a user views a malicious WMF formatted file, triggering the vulnerability when the engine attempts to parse the file. (check out http://www.fxfisherman.com/downloads/anything.wmf)

The issue may be exploited remotely or by a local attacker. Any remote code execution that occurs will be with the privileges of the user viewing a malicious image. An attacker may gain SYSTEM privileges if an administrator views the malicious file.