One of the techs at my work sent out this email today to all of our support contract customers and CC'd everyone within our office too about a nasty virus warning with Windows and there isn't a fix yet. So I thought I would share this with everyone here.
Dear Customer,
In late December, a vulnerability was found in the Windows Graphic Rendering Engine which affects all Microsoft Windows operating systems, from Windows 98 through ME, NT, 2000, XP, and 2003. This vulnerability has the serious potential for running malicious programs on PCs and servers by simply viewing a a picture through a web page, e-mail or instant messenger. Currently there is an MSN worm and "Happy New Year" e-mail exploiting this vulnerability and there are sure to be many more to follow.
Microsoft is aware of the issue and is rushing to deliver a patch as quickly as possible; Unfortunately, this patch will not be available until January 10th which leaves a window of oppertunity for this vulnerability to be exploited. Because this exploit is easily executed and the extremly high-risk this vulnerability presenents, we urge our customers to take one of the following actions:
Un-register the Windows Picture and Fax Viewer (Shimgvw.dll) on Windows XP Service Pack 1; Windows XP Service Pack 2; Windows Server 2003 and Windows Server 2003 Service Pack 1
Microsoft's recently released an article relating to this vulnerability in which they suggest unregistering the DLL responsible for viewing WMF files within Windows:
http://www.microsoft.com/technet/sec...ry/912840.mspx
The steps to unregister this DLL are as follows:
To un-register Shimgvw.dll, follow these steps:
1. Click Start, click Run, type "regsvr32 -u %windir%\system32\shimgvw.dll" (without the quotation marks), and then click OK.
2. A dialog box appears to confirm that the un-registration process has succeeded. Click OK to close the dialog box.
Impact of Workaround: The Windows Picture and Fax Viewer will no longer be started when users click on a link to an image type that is associated with the Windows Picture and Fax Viewer.
After a security update has been released and deployed, you can undo this change and re-register Shimgvw.dll by following the above steps. Replace the text in Step 1 with "regsvr32 %windir%\system32\shimgvw.dll" (without the quotation marks).
NOTE THIS DOESN'T WORK FOR WINDOWS 98/NT/2000
Apply a temporary fix to Windows
GRC.com has a comprehensive page outlining this vulnerability as well as a unofficial patch for Windows 2000, XP, 64-bit XP and 2003 server:
Website: http://grc.com/sn/notes-020.htm
Temporary patch: http://www.grc.com/miscfiles/wmffix_hexblog14.exe
Vulnerability checker: http://www.grc.com/miscfiles/wmf_checker_hexblog.exe
We have tested this temporary patch and it appears to resolve the vulnerability until Microsoft releases theirs next Tuesday. If you decide to deploy this temporary patch, you should REMOVE THIS PATCH to restore full functionality to Windows Metafile processing once WIndows has been officially updated and repaired.
To Remove: Simply open the Windows Control Panel "Add/Remove Programs", where you will find the "Windows WMF Metafile Vulnerability HotFix" listed. Remove it, then reboot.
Again, we urge you to take one of these actions until an official update is released by Microsoft. We will be contacting you shortly to see if you would like Zumasys to apply one of these "fixes" to your servers and/or PCs.
Kenneth McGarrity
Helpdesk Technician
So there you go!
HBjet