Okay, so this is kinda old news now, but just cos I guess it’s getting to be more and more of a problem, and also cos I know a few of y’all don’t pay ANY ATTENTION TO THE NEWS(!!!), I just wanted to quickly mention this. And for all you Mac users out there who don’t care cos once again, it don’t affect y’all, pffffft:p
I guess in late December, or maybe earlier, I dunno, some smarty pants discovered a bigtime Windows security vulnerability the likes of which haven’t been seen cos it affects every single version of Windows since Windows began (3.1 or something?) and all you have to do is look at pictures/graphics which everyone does everyday. Or something like that. They’re calling it “WMF” (Windows MetaFile) or “Zero Day” if you are keeping up with the news. Anyhows, Microsoft won’t come out with a patch ’til like the 10th, so here are some things you should do before then:
All this stuff is from Microsoft, but I know at least 1 of you (ahem, Kitty) won’t read that.
- Un-register Shimgvw.dll:
- Click Start, click Run, type “regsvr32 -u %windir%\system32\shimgvw.dll” (without the quotation marks), and then click OK. You can copy and paste.
- A dialog box appears to confirm that the un-registration process has succeeded. Click OK to close the dialog box.
- You won’t be able to use Thumbnail view or Microsoft Picture and Fax Viewer afterwards, but I think it’s important enough to be worth the inconvenience.
- If this is too complicated for you, I can send you a batch file that will do it, just mail me at mim*at*nothingedifying*dot*com. Basically, it’s a Windows text file that does the unregistering (cos it has the line I told you to copy and paste in it and nothing else), just double click and then click OK.
- To undo this change, re-register Shimgvw.dll by following the above steps. Replace the text in Step 1 with “regsvr32 %windir%\system32\shimgvw.dll” (without the quotation marks). I can send you a file to do that too. Although I should probably point out that running a batch file you got from some online person is probably not a great idea in general.
- Open up Symantec Antivirus — find and double click on the Symantec Antivirus icon on the bottom right of your screen.
- Find the LiveUpdate button probably on the bottom right of the Antivirus window and click on that. Then it’s a Next Next Next Finish deal. Right now, the latest definitions are from today. If your definitions aren’t from 1/3/2006, they’re behind, take care of it.
Update: Yut says that his are from 12/30/2005 and it won’t update more than that. So maybe that’s ok too. But make sure at least late December or early January.
- Right click on My Computer, choose Properties
- Click on the System Restore tab and make sure things are checked off and whatnot:)
System Restore should automatically create restore points, but if you feel like doing a manual one:
- Go to Start, Program Files, Accessories, System Tools, System Restore.
- Follow the wizard to create a restore point
Thus far, I only know one person who’s been affected by this, so maybe it’s not a big deal. But eh, just in case. Also, next time I visit, I don’t wanna spend all my time reinstalling Windows:p (hi CT:D)
For more information in easily understandable language, check out Security Fix, Brian Krebs’s column/blog on Washingtonpost.com, especially his article from a few days ago New Exploit for Unpatched Windows Flaw. His later articles include stuff about an unofficial patch, but you have to decide for yourself about that one. I installed it on a computer that I have an image for, and it’s been fine, but up to you. And if you do decide to install the unofficial patch, uninstall it before you install the official patch when it comes out.