The Windows Meta File bug

Home
ABC
Tips & Hints
Archive
Links
Search
Services
Contact

http://www.commissionmonster.com.au

As a new year's present, Windows users are confronted with a major security problem.

3 January 2006

Update: Microsoft have released a patch to fix this problem. All Windows users should visit the Windows Update site to install it.

Windows Meta File bug is extremely serious. Images using the WMF format can install rogue software. The risks are real, spyware writers are already using this exploit to infect users and we can expect many more viruses and spyware programs using this in the next few days. Keeping your Anti-virus and spyware programs up-to-date will help, but we are worried about the vendors keeping up with the bad guys.

This problem affects the graphics system in Windows, so the usual advice of using Firefox or Opera will not necessarily help. In fact, programs like Google Desktop might increase the risk of being infected.

Microsoft suggest unregistering the Picture and Fax viewer. This stops that program running and will stop the automatic display of pictures and faxes in Windows XP, 2000, ME and 98. However it won't completely protect users as other graphics programs, such as the MS Paint program built into Windows, are affected by this as well.

Our recommendations are as follows:

1. Carry out Microsoft's recommendation by clicking Start, Run and typing (without the quotation marks) "regsvr32 -u %windir%\system32\shimgvw.dll" this may affect the display of digital camera and other images.

2. You should run your computer as a Standard User, rather than as an Administrator, the downside with this is some programs, particularly games, will not run. To do this, open Control Panel, go to User Accounts, create a new user account and give it Administrator permissions, change all the existing users to "Restricted Users."

3. Avoid surfing to music sharing, game cheat and pornographic web sites.

4. Turn off auto preview features in email programs.

5. Do not open image files sent to you through email or instant messenging programs.

6. Follow the instructions in our Windows Protection Kit. But note that while virus and spyware checkers will reduce risks, it will not fix the underlying problem. Do not rely on security programs to protect against the fast changing exploits we will see in the next few weeks.

7. A third party patch is available from the Internet Storm Centre. While we have installed this on our systems, we are reluctant to recommend it at present as it has not been fully tested. Install at your own risk.

Microsoft are due an update to Windows next week, and it's fairly safe to say this problem should be fixed by then. We will keep you posted on this.

info@pcrescue.com.au
PC Rescue Pty Ltd, Suite 236, 4 Young Street Neutral Bay NSW 2089
ABN 36 082 635 765
ŠTechnology Publishing Australia, 2008