2) Combined those sigs with SunBelt's Free (or Full) Kerio Firewall, to help block and detect the WMF exploit. Get the how-to on the SunBeltBlog.
3) Disabling the library that contains the vulnerability will also work. From the ISC/SAN website. FYI - Infocon = Green
The vulnerability seems to be within SHIMGVW.DLL. Unregistering this DLL (type REGSVR32 /U SHIMGVW.DLL at the command prompt or in the "Start->Run" Window, then reboot) will resolve most of the vulnerability, but will also break your Windows "Picture and Fax Viewer", as well as any ability of programs like "Paint" and "Explorer" to display thumbnails of any picture and real (benign) WMF files.
No comments:
Post a Comment