I am no computer geek by any stretch of the imagination, but this is something that we ALL need to do for our computers to keep them as safe as possible until Microsoft releases a security patch. I'm going to try and keep this as short as possible, to help avoid confusion. Do check the links I've provided to satisfy yourself.
This vunerability is specifically related to WMF images files, but is not limited to those image files only. I won't go into all of the details. Reading all the links I've provided should help you understand more.
I first heard about this vunerability on the MSNBC website (12/30/05) and thought, "OK, MS will issue an update soon...." Yeah.RIGHT! {/snark}
Microsoft scrambles to fix 'severe' security flawThen last night a diary at
Daily Kos was posted and has grown to over 270 comments, and I decided to act. Feel free to wade through it, but if you don't want to take the time right now, and just want the temporary fixes (until MS gets their act together) this is what you'll need to do:
1) You'll need to un-register a .dll file, then
2) Install a small patch provided by
Ilfak Guilfanov (This patch will later be removed through your Windows Add/Remove Programs when MS issues their patch, and you'll more than likely need to register the dll again)
There are a few sites you can check for the seriousness of this MS flaw:
http://www.f-secure.com/weblog/http://www.grc.com/sn/notes-020.htmhttp://www.hexblog.com/2005/12/wmf_vuln.htmlAfter pretty much reading everything, this is what I did for my computer (and my son's):
Click Start, then Run. In the dialog box type:
regsvr32 -u %windir%\system32\shimgvw.dll Click OK
NEXT:
Download and install this 284kb patch from Ilfak Guilfanov (Direct Executable file):
http://www.hexblog.com/security/files/wmffix_hexblog13.exe
You can also download it directly from Ilfak's web blog:
http://www.hexblog.com/security/files/wmffix_hexblog13.exe
He also has a WMF vunerability checker that you can use either before or after you've made your fixes:
http://www.hexblog.com/2006/01/wmf_vulnerability_checker.html
Bookmark any of these sites to keep abreast of on-going news.
Lastly, if you don't want to do anything now, at least stay away from unknown websites, no IM'ing or Windows Messaging with images (I don't use either), and for God's sake don't open or view unknown email with images in them.
Also, could you keep this kicked for awhile, so everyone gets a chance to see it? Posts drop so quickly in this forum. *sigh*