Fri, Dec 30 2005 22:17
Just a heads up the Security Advisory was updated
*I have DEP enabled on my system, does this help mitigate the vulnerability?*
Software based DEP does not mitigate the vulnerability. However, Hardware based DEP may work when enabled: please consult with your hardware manufacturer for more information on how to enable this and whether it can provide mitigation.
....so what am I going to do? Nothin' for now because the office is closed and the machines are off so they are as protected as they can be..... ask me next Tuesday and I'll let you know what my risk tolerance is then.... for now... I'm sitting tight....
Shavlik Provides Workaround For Zero-Day WMF Exploit
Filed under: Security
On December 28^th , Microsoft announced a Security Advisory (912840) for a zero-day exploit that could allow an attacker to execute arbitrary code on a user’s system by hosting a specially crafted Windows Metafile (WMF) image on a malicious Web site. Malicious code on a number of web sites exploited the vulnerability on users’ machines. Microsoft has not issued a patch for this security exploit at this time. Users running a fully patched version of Microsoft Windows are still vulnerable to attack.
For administrators that cannot wait for Microsoft to issue a patch to protect against this vulnerability and need an immediate workaround, Shavlik Technologies has released updated XML files for Shavlik NetChk Protect, its patch and spyware management solution, to help users protect against this attack. Shavlik NetChk Protect allows users to un-register the SHIMGVW.DLL files that enable the malicious code to attack systems on Windows XP and Windows 2003. This is a workaround recommended by the United States Computer Emergency Readiness Team (CERT) as an option for vulnerability protection. Shavlik Technologies cannot validate this as a proper fix. To read more about this vulnerability, visit the CERT web site at _http://www.kb.cert.org/vuls/id/181038_.
Shavlik Technologies recommends that administrators determine their security needs and implement this workaround only if it offers an acceptable solution to their individual security needs and all risks are understood. By offering this workaround, Shavlik Technologies puts the option for protection in the hands of the administrator. Users should be aware that by un-registering the .dll file, other applications that use this .dll file can break, but this is the only workaround available at this time, as quoted from the advisory.
For Shavlik HFNetChkPro™ users, Shavlik Technologies has developed a workaround to help administrators address this vulnerability. For more information visit Shavlik’s Support Forum at _http://forum.shavlik.com/viewtopic.php?t=2731_
The Microsoft Security Advisory affects the following operating systems:
o Windows 2000 SP 4
o Windows XP
o Windows Server 2003
More information on the Microsoft Security Advisory can be found on Microsoft’s Web site at: _http://www.microsoft.com/technet/security/advisory/912840.mspx_.
Users are affected by either navigating to web sites that contain a link to a Windows Metafile that exploits this security vulnerability, or opening an email attachment that exploits this security vulnerability.
When Microsoft releases a patch to protect against this vulnerability, Shavlik NetChk Protect will include this patch and will allow users to re-register the .dll file, returning the system to its previous state.
For further information about this zero-day exploit, visit Shavlik’s Security Center at _www.shavlik.com_ <http://www.shavlik.com>.