IMPORTANT: WMF Vulnerability Exploited

I can't view pictures as thumbnails on my computer after unregistering the dll. Is it supposed to be like that? :suprised:

Edit: Can't open pictures either.
 
Last edited:
did you use the temp hotfix patch by Ilfak Guilfanov that was approved by SANS?..I dont seem to have a problem....
Ilfak's patch completely eliminates the vulnerability, until MS releases the offical patch
http://www.grc.com/sn/notes-020.htm
 
Yup, that's the one I used. But I think it happened after I unregistered the dll.
 
~bk said:
I can't view pictures as thumbnails on my computer after unregistering the dll. Is it supposed to be like that? :suprised:

Edit: Can't open pictures either.
Click to expand...


unregistering is taking away any and all image manipulation stuff that windows needs with regards to images outside of what it needs to render to show you a desktop. You want the following:


http://www.hexblog.com/2005/12/wmf_vuln.html

Check the other page for a way to re-register it, I don't remember of the top of my head.
 
to re-register simply remove the /u so:

regsvr32 shimgvw.dll

will re-register it.
 
Risk is still low because there has not been much spread yet, wait until everyone gets back to work Tuesday.

Re-registering the shimgvw.dll is easy. I did it by mistake. All I did was select a program to display .jpg in Explorer-Tools-Folder Options-File Types and it re-registered the DLL.
 
Last edited:
Mastershakes said:
Fastest in the business.
Click to expand...

lol, they are targeting their patch for January 10th, only two weeks after its widespread exploitation.
 
Nope, not kidding. Those operating systems you speak of are on fewer than 5% of all computers and are not attacked as a result (no fun, no cash to be made).

On average MS patches flaws faster than anybody in the business, considering the numbers that are exposed thanks to legions of people attempting to crack in, to cash in. MS's latest server releases patch quicker than the competition, and have been judged to be more secure.

Keep living the dream.

As an expiriment I'm not patching any of my home PCs. I doubt I'll get nailed.
Keep posting j79zlr, my colleagues and I are enjoying a good chuckle.

They thought the funniest was when you were saying FF couldn't be touched.

;)
 
All B.S. aside, the facts are that Microsoft has 90% of the market share in regards to computer Operating Systems, period. This is not just a Windows XP thing, this is a Windows thing. This effects Windows systems that have come out since 1991.

Let's think about that for a second...if they release a patch right away, that fixes the issue, and say, breaks something else, that would almost be a bigger problem. There is a "Microsoft approved" workaround for the mean time, and they have acknowledged the flaw. They are internally testing the patch to avoid future issues, which is BEST PRACTICE. In regards to security response, while it may help you sleep at night, you simply CAN'T compare Windows to any other Operating System, because the market share isn't quite the same. Regardless of which one you like, use, or think is better, you simply can't compare. You are also missing the point that Microsoft doesn't just release patches in English, rather in 23 languages. That is more of an achievement in itself than you would think.

Read this, taken from the MS Security Advisory directly:
Why is it taking Microsoft so long to issue a security update?
Creating security updates that effectively fix vulnerabilities is an extensive process. There are many factors that impact the length of time between the discovery of a vulnerability and the release of a security update. When a potential vulnerability is reported, designated product specific security experts investigate the scope and impact of a threat on the affected product. Once the MSRC knows the extent and the severity of the vulnerability, they work to develop an update for every supported version affected. Once the update is built, it must be tested with the different operating systems and applications it affects, then localized for many markets and languages across the globe.
Click to expand...

It takes time, if you don't like it, don't use Windows. If you don't use Windows, don't bi**h about it. The problem has been identified, they have taken it on the chin as one of the biggest security flaws ever known, and it will be fixed. Although it's possible, as of yet there have not been any CONFIRMED reports of major problems, only speculation.

Wow, testing a security patch to make sure it doesn't cause problems with other components of the Operating System and development going forward....what are they thinking?
 
Last edited:
Well said KC.

I'm hoping I don't get touched til the patch comes out. Home PCs have 7 days plus to stand up to the net.
 
Yeah, good post indeed chief ;)

Mastershakes: Why play with fire? :p
 
Grandmaster said:
Yeah, good post indeed chief ;)

Mastershakes: Why play with fire? :p
Click to expand...

I find it interesting I guess. It's how I learned how to fix alot of them. Track the changes it makes, reverse engineering basically. I obviously would like to patch it eventually...

I also do it so I can see who, in my household has bad browsing habits. :) Then I tighten the security zones for them if needed.
 
j79zlr said:
I really hope you are kidding, if not, provide me one link to a Linux or BSD vulnerability, this is critical, that has taken longer a day or so to patch.
Click to expand...

While you aren't doing anything at work, why not find me a link since you think this is laughable? I can't believe that you all think that this is Ok somehow? Why wouldn't M$ at least roll out a simple patch that unregisters the dll until the official patch? Make too much sense, or maybe they just don't give a ****. Sure I can unregister/reregister the dll, but Joe Schmo isn't going to have a clue on how to do that.

On average MS patches flaws faster than anybody in the business, considering the numbers that are exposed thanks to legions of people attempting to crack in, to cash in. MS's latest server releases patch quicker than the competition, and have been judged to be more secure.
Click to expand...

Now THAT is laughable, based on what information, Microsoft's? I mean seriously, there are XP exploits that are YEAR's OLD, that will never get patched. That is nothing but pure fanboy talk.
 
j79zlr said:
While you aren't doing anything at work, why not find me a link since you think this is laughable? I can't believe that you all think that this is Ok somehow? Why wouldn't M$ at least roll out a simple patch that unregisters the dll until the official patch? Make too much sense, or maybe they just don't give a ****. Sure I can unregister/reregister the dll, but Joe Schmo isn't going to have a clue on how to do that.
Click to expand...
Quite simply, even if they did roll out a patch to fix the issue temporarily, it would still have to go through extensive testing. If this was to be done, it would waste time and take away from the final and more permanent fix. I hate to beat a dead horse, but it goes back to market share yet again. They simply can't just release a patch without thorough testing, because of the possible consequences. They have provided an approved workaround, and they have announced when a permanent fix will be made available. If, for some reason, they miss the deadline of patch Tuesday, then we can be concerned.

Also worth pointing out, Microsoft does NOT support 3rd party patches, which are just to "fix" the problem until Microsoft does. Download those at your own risk, and they all say to remove after Microsoft releases an official patch.
 
Last edited:
Okay, calm down. Don't make me get my edit powers out of the drawer.

Stay on topic. Thank you.
 
You must log in or register to reply here.

Members online

No members online now.
Total: 302 (members: 0, guests: 302)

Affiliates

lunarsoft.net techzonez.com

- Contact us to trade links -

OSNN OSNN NTFS XP-erience

Latest profile posts

Steevo
Steevo
Also Hi EP and people. I found this place again while looking through a oooollllllldddd backup. I have filled over 10TB and was looking at my collection of antiques. Any bids on the 500Mhz Win 95 fix?
•••
Steevo
Steevo
Any of the SP crew still out there?
•••
Xie
Xie wrote on Electronic Punk's profile.
Impressed you have kept this alive this long EP! So many sites have come and gone. :(

Just did some crude math and I apparently joined almost 18yrs ago, how is that possible???
•••
N
Nismo83
hello peeps... is been some time since i last came here.
•••
Electronic Punk
Electronic Punk wrote on Sazar's profile.
Rest in peace my friend, been trying to find you and finally did in the worst way imaginable.
•••

Forum statistics

Threads
62,015
Messages
673,494
Members
5,621
Latest member
naeemsafi
Back