Quoted from Zen:
Recently an exploit was found out in the wild by a research on the
It is recommended users take the following actions as a preventive measure until further information and patch is available from Microsoft:
- Switch to a browser such as Opera, Mozilla, Netscape, Safari, or Firefox.
THESE BROWSERS ARE NOT 100% IMMUNE : When they encounter aWMF file, they’ll ask if you would like to open it. If you are unsure of the origin of the file, do not open it. Also make sure your browser isn’t configured to automatically open WMF files.
- If you are an expert that knows exactly what you’re doing and you know Internet Explorer’s security settings inside out, then make sure Internet Explorer is hardened to prevent this from happening. If you’re not, use an alternate browser as your primary means of getting around the web.
- Do not click on
WMF files found on your system. Windows Explorer is designed to parse files when you click on it to provide information about the file on the hover tooltip. This parsing routine will cause the program code in the WMF file to execute.
- Do not use Thumbnail view in Explorer, for the same reason as above: Windows need to parse the file in order to generate a thumbnail; the process will trigger the code in
WMF.
- Because Windows XP also parses file headers to discover file type information, the harmful
WMF file could be renamed to any image format (.GIF, .JPG, .PNG, etc.). Windows will still see the file as a WMF file from the header, and parse it as a WMF file, thus triggering the code. Therefore, do not trust images from strangers – don’t open them, don’t click on them, etc.
- If you do not have anti-virus software installed on your system, you need to do so – and keep it updated. Popular antivirus software packages include:
- If you DO have Anti-Virus software installed on your system, make sure it’s up to date, and that your subscription to virus definitions is current.
- If your system supports
DEP (Data Execution Prevention), please enable its support in Windows XP (Control Panel->System; click on Advanced tab, click on the “Settings” button under the Performance tab, click on the “Data Execution Prevention” tab, and turn it on. You can see if DEP is supported through hardware by reading the text at the bottom of the dialog box.)
- Disable the Windows Fax & Image viewer extension. Go to start->run, and type in
regsvr32 /u shimgvw.dll, and click OK. You’ll see a window pop up – click OK on that window and the extension will be disabled.
On the HG side, we will convert all user-posted images on the forums to links until a patch is released by Microsoft. Since there will always be people who can’t / won’t update their machines for various reasons (laziness, warezed windows install, they’re on dialup, etc.), this temporary measure only helps to stop the initial wave of exploiters and give users a chance to be exposed to news of the problem and a chance to patch their system.
Up-to-date information can be found at the following web pages:
World_in_Conflict_Heaven || Age_of_Empires_III_Heaven || Support_HeavenGames || The_Playpen || Do_The_Right_Thing