Thread: New virus threat for MS systems
View Single Post
  #4   Report Post  
Posted to alt.machines.cnc,comp.cad.solidworks,misc.survivalism,rec.crafts.metalworking
 
Posts: n/a
Default New virus threat for MS systems

Cliff wrote:
http://www.washingtonpost.com/wp-dyn...122901456.html

[
Windows Security Flaw Is 'Severe'
PCs Vulnerable to Spyware, Viruses

By Brian Krebs
Special to The Washington Post
Friday, December 30, 2005; Page D01
snip
Cliff
----------------------------
Stee Gibson at GRC.com has a simple interium "fix" to give some
protection
unitl MS etc figure out a better solution.

Terry

-------------------------
http://www.grc.com/sn/notes-020.htm
--------------------------

A serious new remotely exploitable vulnerability has been discovered in
Microsoft Windows' image processing code.

UNTIL THIS IS REPAIRED BY MICROSOFT, ANY ATTEMPT
TO DISPLAY A MALICIOUS IMAGE IN WINDOWS COULD
INSTALL MALICIOUS SOFTWARE INTO THE COMPUTER.

This is a so-called "0-day vulnerability" because exploits for the
vulnerability appeared before any updates or patches were available.

All versions of Windows from Windows 98 through ME, NT, 2000, XP, and
2003 are
known to be vulnerable, and a large and rapidly growing number of
malicious exploits
(57 at last count) are already circulating in the wild. They are being
actively used to
install malware and Trojans into user's machines. Viruses and worms are
expected to appear shortly.

Although NOT a complete solution, Microsoft has recommended
temporarily disabling the automatic display of some images by the
operating system and web browser. This can be done, as detailed below,
by "unregistering" the "SHIMGVW.DLL" Windows DLL. THIS IS NOT A
COMPLETE SOLUTION, but it significantly lowers the risk from this
vulnerability from web surfing.

snip

To immediately disable the vulnerable Windows component:

Logon as a user with full administrative rights.

Click the Windows "Start" button and select "Run..."

Enter the following string into the "Open" field:

regsvr32 -u shimgvw.dll

(You can copy/paste from this page using Ctrl-C/Ctrl-V)

Click "OK" to unregister the vulnerable DLL.

If all goes well, you will receive a confirmation prompt, and your
system is now safe.
No need to reboot, but you might want to just to be sure that any
possible currently
loaded instance is flushed out.
------------------------------------------


To eventually re-enable the "SHIMGVW.DLL" component:

Logon as a user with full administrative rights.

Click the Windows "Start" button and select "Run..."

Enter the following string into the "Open" field:

regsvr32 shimgvw.dll

(You can copy/paste from this page using Ctrl-C/Ctrl-V)
Same as the one above, but no "-u" for "uninstall".

Click "OK" to re-register the (hopefully) non-vulnerable DLL.

Reply With QuoteReply With Quote