If you haven’t noticed, or had the time to fix this exploit, here’s a quick step-by-step to address the Windows Meta File vulnerability, using Windows Server 2003 and Group Policy, before Microsoft issues a patch for it on January 10.

1. Open the Editor for your Group Policy Object.
2. Expand “Computer Configuration”, by clicking on the plus sign to the right of it, expand “Windows Settings” and expand “Security Settings.”
3. Expand “Software Restriction Policies” and then click “Add Software Restriction Policies” and create a path restriction under the folder “Additional Rules.”
4. Type in: %systemroot%\system32\shimgvw.dll

And click ok. And exit out of your GPO Editor.

This will stop the shimgvw.dll from running on whatever is the system root drive, typically the C: drive.

The Group Policy will be in effect the next time it is pushed or pulled to your users desktops. Just to be sure you might want to tell them to logout tonight, in light of the vulnerability.

Background reading:
Microsoft’s “Using Software Restriction Policies to Protect Against Unauthorized Software

Advertisements