Windows Patches WMF Vulnerability
Earlier this week in the Security Article of the Week I described the huge vulnerability concerning Windows Graphics Rendering Engine. To be more specific, I talked about the way in which Windows processes WMF files. This flaw is extremely dangerous being given a “critical warning level” by many of the world’s top security experts including Microsoft. In this article, I offered what help I could until Microsoft comes out with an official patch, which in first reports would be in the shape of an unscheduled update taking place on January 10th.
With Microsoft surpassing my expectations, they have apparently created a patch that, according to critics, effectively fixes this huge security hole. If you have Windows 2000 or XP (Home or Pro) and you have your system to automatically update, then you may already have the patch installed. If you’re a manual updater like myself, then waste no time. Go out and patch your system, don’t put it off. You can always perform a manual update going to Start>All Programs>Windows Update (must be online to update) and follow the directions on the site to update. Keep doing this until there is nothing from the “High-Priority Updates” left to install.
If you were one of the WorldStart readers that took my advice and installed the unofficial update along with the command line procedure to unregister the shimgvw.dll, then follow the procedure below:
1. Reboot your system to clear any vulnerable files from memory
2. Download and apply the new patch
4. Uninstall the unofficial patch, by using one of these methods:
a. Add/Remove Programs. Look for “Windows WMF Metafile
b. or at a command prompt:
“C:\\Program Files\\WindowsMetafileFix\\unins000.exe” /SILENT
5. Re-register the .dll if you previously unregistered it (use the same command but without the “-u”):
6. Reboot one more time. It’s not necessary, but it may help things run a little smoother.
~ Chad S
Note: You can read Microsoft’s update notes at this link.