There is a lot information about the WMF vulnerability around, a few additional comments on that:
Microsoft has updated the security bulletin:http://www.microsoft.com/technet/security/advisory/912840.mspx
The important part is, that it is planed to release the patch next Tuesday:
"Microsoft has completed development of the security update for the vulnerability. The security update is now being localized and tested to ensure quality and application compatibility. Microsoft’s goal is to release the update on Tuesday, January 10, 2006, as part of its monthly release of security bulletins. This release is predicated on successful completion of quality testing."
On the web there are different sites referring to a third-party fix. At the end, it is your risk assessment where you have to decide what to do. Basically you have to understand the risks of such third-party fixes. We know of this problem since about two weeks. Since this time our teams works 24*7 to deliver a resolution to it, means: analyzing the problem, developing a fix and - probably most important – testing it to make sure that it meets our quality bar. Now, there seems to be a team out there – if your read the blogs – which has done the same in a few hours... This has definitely to be part of you risk assessment.
Temporary workaround:Click Start, click Run, type "regsvr32 -u %windir%\system32\shimgvw.dll", and click OK.(without the quotation marks...)(A dialog box appears to confirm that the un-registration process has succeeded. Click OK to close the dialog box.)
Beside most antivirus/spyware tools, our online service will help to detect currently known malware:Windows Live Safety Centerhttp://safety.live.com/site/en-US/default.htm
Urs & Roger
U swiss guys r on top of it - go go 01100110
Hello everyone, wanna be part of some kind of community, possible here? anyone here?