Protection from critical WMF vulnerability

[Important update 12/30/2005 4:10 AM:  Registry patch does not work!]  With the recent zero-day WMF vulnerability on the loose dropping spyware left and right on fully patched Windows XP SP2 computers, you better apply this workaround from Jerome Athias now!

[Important update 12/30/2005 4:10 AM:  Registry patch does not work!]  With the recent zero-day WMF vulnerability on the loose dropping spyware left and right on fully patched Windows XP SP2 computers, you better apply this workaround from Jerome Athias now!  The workaround has two registry modifications to disable and re-enable the vulnerability ("disable" will protect you).  Jerome also posted command line commands to disable/enable the vulnerability but you probably don't want to go with this option because it will prevent image thumbnails from working in Windows File Explorer while the registry modification doesn't have this adverse effect[Update: I must apologize to all of my readers for jumping the gun yesterday afternoon and I should not have linked to this registry modification just because other sites were linking to it too.  I was too eager to give you a solution for this critical vulnerability and should have checked the fix more carefully given the fact that it was not an official source.  I just personally verified that Jerome Athias' registry fix DOES NOT work!  Please do not use it thinking you're protecting yourself against the WMF vulnerability.  More details on the right way and wrong way to protect yourself here.]

You'll note the title of Mr. Athias' workaround as "Someone wasted a nice bug on spyware".  I couldn't agree more and it's a good thing that such a vulnerability was "wasted" although the timing of the proof-of-concept code release before the arrival of an official patch from Microsoft is horrible.

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
See All
See All