Neil Turner's Blog

Blogging about technology and randomness since 2002

Temporary fix for Windows WMF Vulnerability

Via F-Secure is a temporary fox to the WMF vulnerability which does not restrict Windows functionality. Microsoft’s current suggested workaround involves disabling the Windows Picture and Fax Viewer, which you may want to do if you actually use that program.
This fix patches a system DLL to prevent the vulnerable function from working, so that you can use WMF files safely. To get it to work, download the file, install it and then reboot.
It is, however, only a ‘temporary’ fix and the author suggests removing it when Microsoft releases an official patch. The next round of Windows patches is due on January 10th, so this patch will bind you over until then (or earlier if MS manages to get something done quicker).
Note, however, that you may not even be vulnerable to the WMF exploit. If you are using a processor that supports hardware DEP (Data Execution Prevention), then the vulnerability cannot be exploited on your machine. As far as I know, AMD Athlon 64 processors, plus other very recently launched processors from AMD and Intel support this extension. Sunbelt Blog has details about how to tell if your system has hardware DEP. You will need to change the settings from “Turn on DEP for essential Windows programs and services only” to “Turn on DEP for all programs and services except those I select” to be properly protected, and it will only work if Windows doesn’t warn you that your computer does not support hardware DEP.

One Comment

  1. That “fix” does break your ability to view thumbnails in XP, which many graphic artists use as part of Explorer (e.g. open a folder and view your thumbnails).
    Some external programs can replace that functionality (and do it better) but that is something many are accustomed to that they will lose.
    The patch is out by now, however.