Just received this e-mail from a colleague, who received it from a reliable source within MS.
I cannot vouch for that source since I don't know him, but I believe it to be legit:
-----------------------
A new vulnerability has surfaced which at this moment in time has no fix for. It relates to how Windows renders WMF (Windows Meta Files) and it is a new threat in that for the first time you don't have to click anything to be hit, simply viewing an image that takes advantage of the vulnerability can execute commands on your PC, such as installing spyware/virus code.
The vulnerability is in a core Windows rendering component, shimgvw.dll which is called to render WMF images from any application so you can be hit whether viewing a web page, previewing an email etc.
More information can be found at
- http://www.microsoft.com/technet/security/advisory/912840.mspx
- http://www.kb.cert.org/vuls/id/181038
At this time the only workaround is to disable the problem component:
Un-register the Windows Picture and Fax Viewer ( Shimgvw.dll)
1. Click Start, click Run, type "regsvr32 -u %windir%\system32\shimgvw.dll"
(without the quotation marks), and then click OK.
2. A dialog box appears to confirm that the un-registration process has succeeded.
Click OK to close the dialog box.
Impact of Workaround: The Windows Picture and Fax Viewer will no longer be started when users click on a link to an image type that is associated with the Windows Picture and Fax Viewer.
To undo this change, re-register Shimgvw.dll by following the above steps.
Replace the text in Step 1 with "regsvr32 %windir%\system32\shimgvw.dll" (without the quotation marks).
Just blocking WMF files will not work as a the other image types could also be used.
I will keep you informed of any updates but for now you should visit only "trusted" web sites as the number of sites now using this vulnerability is growing. Also since we use Outlook 2003 it does not download images automatically so for now ensure do not download is configured (Tools – Options – Security – Change Automatic Download Settings…)
I cannot vouch for that source since I don't know him, but I believe it to be legit:
-----------------------
A new vulnerability has surfaced which at this moment in time has no fix for. It relates to how Windows renders WMF (Windows Meta Files) and it is a new threat in that for the first time you don't have to click anything to be hit, simply viewing an image that takes advantage of the vulnerability can execute commands on your PC, such as installing spyware/virus code.
The vulnerability is in a core Windows rendering component, shimgvw.dll which is called to render WMF images from any application so you can be hit whether viewing a web page, previewing an email etc.
More information can be found at
- http://www.microsoft.com/technet/security/advisory/912840.mspx
- http://www.kb.cert.org/vuls/id/181038
At this time the only workaround is to disable the problem component:
Un-register the Windows Picture and Fax Viewer ( Shimgvw.dll)
1. Click Start, click Run, type "regsvr32 -u %windir%\system32\shimgvw.dll"
(without the quotation marks), and then click OK.
2. A dialog box appears to confirm that the un-registration process has succeeded.
Click OK to close the dialog box.
Impact of Workaround: The Windows Picture and Fax Viewer will no longer be started when users click on a link to an image type that is associated with the Windows Picture and Fax Viewer.
To undo this change, re-register Shimgvw.dll by following the above steps.
Replace the text in Step 1 with "regsvr32 %windir%\system32\shimgvw.dll" (without the quotation marks).
Just blocking WMF files will not work as a the other image types could also be used.
I will keep you informed of any updates but for now you should visit only "trusted" web sites as the number of sites now using this vulnerability is growing. Also since we use Outlook 2003 it does not download images automatically so for now ensure do not download is configured (Tools – Options – Security – Change Automatic Download Settings…)