Warning: new security flaw in Windows
Saying there’s a security flaw in Windows makes a tech’s eyes roll. Anyone who’s run Windows Update periodically know that there are flaws that crop up. However, recently, a new flaw was discovered that has yet to be fixed — a fully patched Windows XP machine with updated Norton Antivirus was able to be breached…by visiting a web page.
The problem has to do with the way Windows handles Windows Meta Files, which are meant to be image files. That’s right, not executables, not unsafe ActiveX controls, just image files. Well, wmf files are a little more than images; they have some scripting capability built into them, and that’s part of the problem.
The problem is, all you need to do is download the file. So, visit a malicious web page in Internet Explorer, and that’s it. In Firefox, you may get a warning about downloading a wmf file; if you do, that’s it. It’s that easy right now to get your PC hacked.
The quick workaround is to Go to Start->Run, and run the following:
regsvr32 /u shimgvw.dll
This will break some image thumbnail support. However, it’s better than running around with the threat of getting hacked. After Microsoft releases a patch, you should run:
regsvr32 shimgvw.dll
This is a quick workaround to running a little safer, but will break some things. (Not that many of you would notice.) Microsoft, release a patch already!
Reference:
Washington Post: Exploit Released for Unpatched Windows Flaw
