WMF vulnerabilty

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.
Joined
Jul 12, 2004
Messages
805
Steve Gibson's site is most definitely legit. However, there is a great difference of opinion on whether or not folks should install this non-Microsoft 3rd party patch. You might want to Google for "wmf vulnerability" and read a few of the sites/forums where this is being discussed.

This "hole" has existed all along, back as far as Win ME. My feeling is that I'll wait till MS decides to come out with a patch to fix it, if they do. I'm not too hip on this "fix" that is going around. However, that's just my unlearned opinion. Others with much more knowledge than I possess on this manner are recommending the patch. You'll have to research it and decide for yourself.

Luck!

~Eric
 
Joined
Sep 12, 2003
Messages
20,583
julilu said:
I received an email today requesting me to go to this website: http://www.grc.com/sn/notes-020.htm and download a patch to protect my computer from a WMF vulnerability. Before I do that, I'd like to know if this is legit. Thanks.
Hi julilu,

While Eric makes a point, I have personally experienced the intrusion which was detected by my PC-Cillin Internet Security 2005 notifying me of the WMF malware trying to enter my computer which was quarantined before I had a chance to cancel a download (which I didn't request) but poped-up as I was surfing and would have installed it.

The message is "Keep your AV up-to-date". If you use AVG free or subscribe to AVG paid, I would apply the patch to it in order to keep your computer safe - no telling when MS will get a round tuit!

-- Tom
 
Joined
Nov 29, 2005
Messages
86
Are we talking about 'exploit.win32.wmf', i have had the same type of e-mail from A-squared?, sorry, pure novice here.

Have done a full scan with everything i've got, so far nothing found, is it a serious threat?.
 
Joined
Sep 12, 2003
Messages
20,583
cool breeze said:
Are we talking about 'exploit.win32.wmf', i have had the same type of e-mail from A-squared?, sorry, pure novice here.
Have done a full scan with everything i've got, so far nothing found, is it a serious threat?.
Hi coolbreeze,

Long story short, yes! Look for a Windows Update fix on Jan 10, 2006 - i.e. 2nd Tuesday of month or Windows Update Tuesday.

Check here for long story on Microsoft Security Advisory (912840).

-- Tom
 
Joined
Nov 29, 2005
Messages
86
Hi Lotus,
THAT was some read, me thinks i'm pretty safe on that as i only visit sites that i'm used to, well 99% of the time, the 1% is the dodgy one. keeping fingers crossed till the 10th.

Cheers for the info.

Also done the regsvr -u shimgvw.dll as recommended.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top