As of the evening of January 5, 2006, an official patch from Microsoft is available to address the WMF vulnerability.
If you run Windows 2000, Windows XP, or Windows Server 2003 and have set your systems up to receive patches automatically, it should come through soon if it hasn't already; you can also go directly to Windows Update (using Internet Explorer) and download the relevant patch.
Now, let's suppose that you followed our earlier advice (which was based on the best advice available from security mavens we trust) and installed the temporary, "unofficial" patch. In this case, *after* you install the Microsoft patch and reboot your machine, you should do the following:
- Go to Start --> Control Panel --> Add or Remove Programs and remove the temporary fix (it appears in the list as "Windows WMF Vulnerability HotFix 1.2" or something similar to this.)
- Re-register the DLL that you temporarily disabled, by going to Start --> Run and typing the following in the dialog box:
regsvr32 %windir%\system32\shimgvw.dll
Related articles:
No comments:
Post a Comment