Current recommendations for Malicious WMF Exploits in-the-wild

   Microsoft has issued Security Advisory 912840 for a critical vulnerability in the Windows graphics rendering engine. As noted in the bulletin they have the highest priority in testing out and providing solutions for the WMF exploits that are currently circulating in-the-wild. 

So far, most WMF attacks come from visiting unsafe websites, so follow best practices and "think before you click" in web surfing and never click on links in email or Instant Messenging.

Current recommendations for Malicious WMF Exploits in-the-wild

1. Keep your Anti-Virus and Anti-Spyware software as up-to-date as possible.  For example, McAfee users should install DAT 4661 or higher immediately
2. Stay away from all questionable websites.  Do not open WMF files or links in any environment (e.g., IM, email, web surfing, explorer, etc.).
3. Filter and block WMF files in email or content filtering systems in the corporate environment.
4. Don't rely just on the WMF extension.  Windows metadata processing can process a disguised and renamed extension.  For example, the extension for a corrupted WMF file might renamed to GIF and when Windows opens it, it may recognize that it was a WMF file originally and an infection could result.
5. As an extra safety precaution, you can turn off the vulnerable DLL.   The Full Disclosure workaround has downloadable *.REG file that allows toggling shimgvw.dll on and off.  Another option might be to turn off the shimgvw.dll service completely.  Turning services completely off will result in a minor loss of functionality for thumbnail previews in Explorer and the Windows Fax & Picture viewer can be affected.  Still it's easy to restore this service later after better protective solutions emerge, as noted in the Full Disclosure link.

Please click on this link for more information:

Malicious Zero Day Windows Media File Exploits are in-the-wild