Microsoft has issued a Security
Advisory (912840) concerning the recent WMF vulnerability exploit. Microsoft
also confirmed the REGSVR32 workaround as a viable solution to protect your PC
until they have had time to fully research the vulnerability and issue a patch. The following is a quote from the Microsoft Security Advisory.
Un-register the Windows Picture and Fax Viewer (Shimgvw.dll)
1. Click Start, click Run, type "
regsvr32 -u %windir%/system32/shimgvw.dll" (without the quotation marks), and then click OK.
2. A dialog box appears to confirm that the un-registration process has succeeded. Click OK to close the dialog box.
Impact of Workaround: The Windows Picture and Fax Viewer will no longer be started when users click on a link to an image type that is associated with the Windows Picture and Fax Viewer. To undo this change, re-register Shimgvw.dll by following the above steps. Replace the text in Step 1 with "regsvr32 %windir%/system32/shimgvw.dll" (without the quotation marks).
Antivirus and Security Experts at F-Secure advise that this method is more secure than simply filtering WMF content, as many types of image files (.GIF, .BMP, .JPG, .TIF, etc...) could be used in this exploit. F-Secure warns that to date they have only experienced spyware and fake antispyware / antivirus installations with this exploit but that more serious infections may be coming soon.
View: F-Secure WMF Vulnerability Update
News source: Microsoft Security Advisory 912840