Wmf Patch Temporary Fix


Recommended Posts

Hey everyone,

I was reading a few days ago, and stumbled apon this:

http://www.hexblog.com/2005/12/wmf_vuln.html#more

This is a temporary patch which is approved by SANS. This is a needed thing, but is only temporary!

When Microsoft Issues a patch, please use that one!

Here are the technical details:

this is a DLL which gets injected to all processes loading user32.dll.

It patches the Escape() function in gdi32.dll. The result of the patch is that the SETABORT escape sequence is not accepted anymore.

I can imagine situations when this sequence is useful. My patch completely disables this escape sequence, so please be careful. However, with the fix installed, I can browse files, print them and do other things.

If for some reason the patch does not work for you, please uninstall it. It will be in the list of installed programs as "Windows WMF Metafile Vulnerability HotFix". I'd like to know what programs are crippled by the fix, please tell me.

Also, take a look at this post over at Computer Trouble forums. It has a bunch of information, and is really helpful :thumbsup:

I believe that all of the sites that have HOSTS files are updating them so that the wmf exploit gets blocked.

Danny :thumbsup:

Edited by Danny
Link to post
Share on other sites

Pete_C posted this at G$.

Lots of bad advice for critical WMF vulnerability!

As they say, most of these recommended fixes are worthless, giving false sense of security.

The best thing to do is turn on hardware DEP if your motherboard supports it and unregister the dll by going to start / run and type

regsvr32 /u shimgvw.dll

This disables the dll file being exploited so that it cannot happen. Then once microsoft releases the patch (new version of the dll) you just go and type

regsvr32 /i shimgvw.dll

To install and activate it.

Edited by TheTerrorist_75
Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...