Saturday, December 31, 2005

Windows At Risk--Again

This is NOT an "Explorer" problem--it's embedded in Windows, so using Firefox will not prevent the difficulty.

MS 'is scrambling.'

My Norton went ballistic yesterday and pointed to an item ("Bloodhound") in "Temporary Download." That particular file on my box is rather large, drat it all....

So keep your Norton up to date. There may be a lot more of this stuff going around in the next few days before MS comes up with a patch. One hopes that the BigBoys in MS security are not off on holiday breaks...

3 comments:

steveegg said...

Ouch. Send that file to Symantec ASAP; they're still calling for any files infected with Bloodhound. Fortunately, I haven't seen this exploit yet (McAfee simply calls it exploit-wmf and their Wednesday DAT does detect it).

There is a temporary workaround for this from Microsoft - disable Windows Picture and Fax Viewer (the problem program) by typing regsvr32 -u %windir%\system32\shimgvw.dll. If/when Macroshaft does fix it, you can restore its functionality by typing regsvr32 %windir%\system32\shimgvw.dll.

Microsoft warns that this does not correct the underlying vulnerability, and it isn't very friendly about allowing you to open a picture file with something else just by double-clicking it (I've been busy changing the various picture files to open with QuickTime PictureViewer).

Dad29 said...

Thankx.

Applied the MS temp fix.

File's gone. Didn't really have the time yesterday to go through the 'search' tool and that damn Norton doesn't allow 'copy/paste' of filenames when they're ID'd--thus, easier to simply delete the whole damn 'temp download' file, although I've had to re-do name/pwd for a few sites.

We'll see if MS coughs up a fix.

steveegg said...

As far as the reporting went, it was irresponsible for the discoverer of the problem to post how to exploit it. Back when buffer overflow problems were discovered in both Norton and McAfee, the folks that discovered the problems gave the companies time (almost a month, if memory serves) to correct the problems before making it public.