Be Careful of WMF Files and Images
Well it looks like there is a new serious vulnerability out in the woods children, and this one is bad to the bones. Based off the vulnerability announced by Microsoft. Browsing the web was not safe anymore, regardless of the browser. Microsoft will certainly come up with a thouroughly tested fix for it in the future, but meanwhile developers have come up with their own patch.
The first thing you’ll want to do is disable the Windows Picture and Fax Viewer. To do this follow these steps:
1) Click Start, click Run, type
“regsvr32 -u %windir%\system32\shimgvw.dll”
(without the quotation marks), and then click OK.
2) A dialog box appears to confirm that the un-registration process has succeeded. Click OK to close the dialog box.
Outcome: The Windows Picture and Fax Viewer will no longer be started when users click on a link to an image type that is associated with the Windows Picture and Fax Viewer.
To Restart the service: re-register Shimgvw.dll by following the above steps.
Replace the text in Step 1 with
“regsvr32 %windir%\system32\shimgvw.dllâ€Â
(without the quotation marks).
The next step you can take is to add the following IPs to your block list in your router as outlined by the SANS Internet Storm Center
InterCage Inc.: 69.50.160.0/19 (69.50.160.0 – 69.50.191.255)
Inhoster: 85.255.112.0/20 (85.255.112.0 – 85.255.127.255)
Finally you’ll want to get the non-microsoft patch for this and again that can be found at the SANS Internet Storm Center. Give this artile a read to see what went into the making of this patch.
And get the patch here.
Hope this helps everyone out.