For those without Windows 2003 Server GPO to help them out with the Windows Meta File Vulnerability, there is a more localized solution. The most effective and practical way to protect your machine is to unregister, effectively disabling, the Image and Fax Viewer service. (Although this has not yet been proven to be one 100% effective, unregistering the service will stop the greatest vector of the threat.) Unregistering the Image and Fax Viewer will also disable the thumbnail view in Windows Explorer and may cause problems changing user accounts and desktop background pictures. The consensus in the IT community is that the loss of these services seems to be a small price to pay, given the vulnerability.

In order to unregister the Image and Fax Viewer service, do the following on a workstation (Windows 2000 and XP only):

1. Go to Start -> Run
2. Paste the following in the Open Field: regsvr32 -u %windir%\system32\shimgvw.dll
3. Click OK.
4. A little window will pop up saying that this command succeeded. Click Ok.

On January 10th, Microsoft intends to launch a patch to fix this problem. At that point, the change can be undone by simply replacing the text in step 2 with: regsvr32 %windir%\system32\shimgvw.dll

Additional Reading:
http://news.com.com/Windows+flaw+spawns+dozens+of+attacks/2100-7349_3-6016140.html?tag=nefd.lede
http://www.kb.cert.org/vuls/id/181038

Advertisements