Windows vulnerability

Discussions, problem solving, and tips and trick for operating systems go here. Windows, Mac, and Linux are ok. If you want to fight or put down an OS go to The Hundred Year War Forum. It will not be tolerated here. Make sure to post what OS is being discussed in the title of your post.

Moderator: The Mod Squad

Windows vulnerability

Postby evasive » Wed Jan 05, 2011 2:20 am

there's a biggy out there once again:
http://www.microsoft.com/technet/securi ... 90606.mspx

and just disabling the dll is about the most crude solution I have seen so far... something really wrong there...
We hate rut, but we fear change.
********************************
System error, strike any user to continue...
evasive
Mobo-fu Master
Mobo-fu Master
 
Posts: 37389
Joined: Sun May 06, 2001 12:01 am
Location: Netherlands

Postby fussnfeathers » Wed Jan 05, 2011 6:28 am

Doesn't affect Win 7 or the latest Server 2008, just XP, Vista, and the older server OS's. Still a nasty one, though.
Faster than the speed of snot

Two wrongs don't make it right, but I sleep pretty good at night
fussnfeathers
Mobo-fu Master
Mobo-fu Master
 
Posts: 3147
Joined: Thu Dec 04, 2008 8:25 pm
Location: Right behind you

Postby bdub » Wed Jan 05, 2011 11:41 am

http://www.politicalwrinkles.com/tech-h ... tc-14.html

"Workarounds

Workaround refers to a setting or configuration change that does not correct the underlying issue but would help block known attack vectors before a security update is available. Microsoft has tested the following workarounds and states in the discussion whether a workaround reduces functionality:

• Modify the Access Control List (ACL) on shimgvw.dll

To modify the ACL on shimgvw.dll to be more restrictive, run the following commands from a command prompt as an administrator:

For 32-bit editions of Windows XP and Windows Server 2003:

Echo y| cacls %WINDIR%\SYSTEM32\shimgvw.dll /E /P everyone:N

For 64-bit editions of Windows XP and Windows Server 2003:

Echo y| cacls %WINDIR%\SYSTEM32\shimgvw.dll /E /P everyone:N
Echo y| cacls %WINDIR%\SYSWOW64\shimgvw.dll /E /P everyone:N

For 32-bit editions of Windows Vista and Windows Server 2008:

takeown /f %WINDIR%\SYSTEM32\SHIMGVW.DLL
icacls %WINDIR%\SYSTEM32\SHIMGVW.DLL /save %TEMP%\SHIMGVW_ACL.TXT
icacls %WINDIR%\SYSTEM32\SHIMGVW.DLL /deny everyoneF)

For 64-bit editions of Windows Vista and Windows Server 2008:

takeown /f %WINDIR%\SYSTEM32\SHIMGVW.DLL
takeown /f %WINDIR%\SYSWOW64\SHIMGVW.DLL
icacls %WINDIR%\SYSTEM32\SHIMGVW.DLL /save %TEMP%\SHIMGVW_ACL32.TXT
icacls %WINDIR%\SYSWOW64\SHIMGVW.DLL /save %TEMP%\SHIMGVW_ACL64.TXT
icacls %WINDIR%\SYSTEM32\SHIMGVW.DLL /deny everyoneF)
icacls %WINDIR%\SYSWOW64\SHIMGVW.DLL /deny everyoneF)

Impact of Workaround: Media files typically handled by the Graphics Rendering Engine will not be displayed properly.

How to undo the workaround:

Run the following commands from a command prompt as an administrator:

For 32-bit editions of Windows XP and Windows Server 2003:

cacls %WINDIR%\SYSTEM32\shimgvw.dll /E /R everyone

For 64-bit editions of Windows XP and Windows Server 2003:

cacls %WINDIR%\SYSTEM32\shimgvw.dll /E /R everyone
cacls %WINDIR%\SYSWOW64\shimgvw.dll /E /R everyone

For 32-bit editions of Windows Vista and Windows Server 2008:

icacls %WINDIR%\SYSTEM32 /restore %TEMP%\SHIMGVW_ACL.TXT

For 64-bit editions of Windows Vista and Windows Server 2008:

icacls %WINDIR%\SYSTEM32 /restore %TEMP%\SHIMGVW_ACL32.TXT
icacls %WINDIR%\SYSWOW64 /restore %TEMP%\SHIMGVW_ACL64.TXT"
my main rig...
asrock 970 extreme3
AMD athlonII X3 440
zalman cpns5x performa hs/fan
crucial ballistix 2x4gb sport ddr3-1333
powercolor ax7750 1GBK3-H vga
antec neo he 650r
Samsung 840 EVo SSD 120 GB
toshiba 2TB HDD 64M cache sata3
seagate 1TB HDD 64M cache sata3
hitachi 2TB HDD 64M cache sata3
lg wh14ns40 bd burner
optiarc ad-7240s sata dvdrw (nec chipset)
bdub
Black Belt 3rd Degree
Black Belt 3rd Degree
 
Posts: 3657
Joined: Wed Feb 19, 2003 2:12 am
Location: Washington D.C.


Return to Operating Systems

Who is online

Users browsing this forum: No registered users and 1 guest