I've been following this thread closely. I have done the regsvr32 command on all my pc's so far. Is this command also safe for a server w/Win2K Server? Thanks, Duncan
On Tue, 03 Jan 2006 17:37 , Bill <[EMAIL PROTECTED]> sent: > > > >> -----Original Message----- >> From: [EMAIL PROTECTED] >[EMAIL PROTECTED]','','','')">[EMAIL PROTECTED] On Behalf Of Robert Turnbull >> Sent: Tuesday, January 03, 2006 2:12 PM >> To: hardware@hardwaregroup.com >> Subject: [H] Windows vulnerability? >> >> From ZDNet: http://blogs.zdnet.com/Ou/index.php\?p=143&tag=nl.e589> >> >> Microsoft's official workaround to unregister a certain DLL file using the >command of "regsvr32 /u shimgvw.dll" at the Start-Run prompt >> seems to also be very effective. Unfortunately, it kills the ability for >Windows Explorer to display thumbnail images but I'm afraid >> we'll have to live without it until an official patch from Microsoft comes >> out >(hopefully next month's patch cycle). There are new >> reports that there are certain cases where this fix doesn't work. MSPaint >> and >Lotus Notes can still be exploited even with this DLL >> unregistered. I think we haven't heard the end of this one yet and there may >be many more applications vulnerable to this exploit but >> the combination of hardware-enforced DEP and unregistering the shimgvw.dll >file seems to be very effective for now. >> >> >> Best to all. >> >> Robert Turnbull, Toronto, Canada >> l, Toronto, Canada > >Good point, however unregistering shimgvw.dll ALONE is currently viewed as >insufficient. >There is speculation that the exploit might perhaps have the ability to >re-register the DLL leaving one vulnerable once again. > >Bill > > > > This email scanned for Viruses and Spam by ZCloud.net