Exploited Windows Vulnerability

Here is a summary of what to do RIGHT NOW:

  • To immediately disable the vulnerable Windows component:
  • Logon as a user with full administrative rights.
  • Click the Windows “Start” button and select “Run…”
  • Enter the following string into the “Open” field:
    regsvr32 -u %windir%\system32\shimgvw.dll
  • Click “OK” to unregister the vulnerable DLL.

For a more complete description and assistance go to infosecpodcast.com

No Comments

  1. tangerine says:

    Performed request because I trust you.
    I got:
    “DllUnregisterServerinC:\Windows\system32\shimgvw.dll
    succeeded.

    Woo!

    What did I just do?

    Thanks Mike!

  2. Steve M. says:

    What you did is disable Window’s ability to indisciminately open picture files, which is how the new exploit spreads. You have just made your computer safe until MS patches the vulnerability.

  3. Tangerine says:

    Oh.
    So that explains why my Windows Picture and Fax Viewer no longer works. As I realized about 30 minutes ago.

    It’s great to have security, but I use the viewer. So next question:

    How can I use it for my own selfish and personal needs?

    Right now I am using paintdotnet.

    Thank you Steve for answering, because I had forgotten I listed to Mike last night.

    LOL

  4. Mike says:

    That’s a good question, because I have the same problem. I will look into a temp fix until Microsoft updates the DLL.

  5. tangerine says:

    Thanks Mike.

    It is a frustration, but glad I am not the only one!

    Let me know how to go around it.

  6. You can find all the details on unregistering the DLL and the unofficial temp patch over at the Internet Storm Center at http://www.incidents.org