Saturday, December 31, 2005

ANY ATTEMPT TO DISPLAY A MALICIOUS IMAGE IN WINDOWS

Security Now! Notes for Episode #20: "regsvr32 -u shimgvw.dll" This is from Steve Gibson from www.GRC.com
This fix is temporary, until Microsoft comes out with a patch Steve has an undo for it if it breaks anything.
To immediately disable the vulnerable Windows component:

Logon as a user with full administrative rights.

Click the Windows "Start" button and select "Run..."

Enter the following string into the "Open" field:



regsvr32 -u shimgvw.dll

(You can copy/paste from this page using Ctrl-C/Ctrl-V)

Click "OK" to unregister the vulnerable DLL.

If all goes well, you will receive a confirmation prompt, and your system is now safe. No need to reboot, but you might want to just to be sure that any possible currently loaded instance is flushed out.

1 comment:

  1. wow, I posted that as a comment on Jack's original post about this exploit. Reading the blog, is a highly recommended thing :P~

    ReplyDelete

All comments are moderated.

Note: Only a member of this blog may post a comment.