Monday, 2. January 2006
SANS, Trust and WMF
Quoting Tom Liston's piece in yesterday's handlers' diary:
Looking forward to the week ahead, I find myself in the very peculiar position of having to say something that I don't believe has ever been said here in the Handler's diary before: "Please, trust us."
I've written more than a few diaries, and I've often been silly or said funny things, but now, I'm being as straightforward and honest as I can possibly be: the Microsoft WMF vulnerability is bad. It is very, very bad.
We've received many emails from people saying that no one in a corporate environment will find using an unofficial patch acceptable.
Acceptable or not, folks, you have to trust someone in this situation.
To the best of my knowledge, over the past 5 years, this rag-tag group of volunteers hasn't asked for your trust: we've earned it. Now we're going to expend some of that hard-earned trust:
This is a bad situation that will only get worse. The very best response that our collective wisdom can create is contained in this advice - unregister shimgvw.dll and use the unofficial patch. You need to trust us.
Well, I trust these guys implicitly. And in case you missed it - simply unregistering shimgvw.dll isn't enough. Some malware is capable of reregistering it. And deleting or renaming the dll won't help because Windows File Protection will put it back. There is no official patch from Microsoft but there is one from Ilfak Guilfanov as tested and recommended by the SANS ISC handlers. I am using it here. Do yourself a favour and use it too. Oh, and also block those networks named at the top of yesterday's handlers' diary piece at your firewall.
Category: Viruses and Worms
Technorati: Viruses and Worms
Comments :
None yet...
Unable to post a comment? Please read this for a possible explanation...
- 
