Microsoft Security Advisory (912840): Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution

#1 01-05-2006, 04:35 PM

X-post to Security, Security.Homeusers, IE6 & WinXP General newsgroups.
Followup set to microsoft.public.security.

Microsoft Security Advisory (912840): Vulnerability in Graphics
Rendering Engine Could Allow Remote Code Execution
http://www.microsoft.com/technet/sec...ry/912840.mspx

Welcome to the Microsoft Security Response Center Blog!
New Security Advisory for Possible Windows Vulnerability
http://blogs.technet.com/msrc/archiv...29/416569.aspx
--
~PA Bear

#2 01-05-2006, 04:35 PM

Here's a way to avoid the risk altogether:

http://geekswithblogs.net/lorint

"PA Bear" wrote:

> X-post to Security, Security.Homeusers, IE6 & WinXP General newsgroups.
> Followup set to microsoft.public.security.
>
> Microsoft Security Advisory (912840): Vulnerability in Graphics
> Rendering Engine Could Allow Remote Code Execution
> http://www.microsoft.com/technet/sec...ry/912840.mspx
>
> Welcome to the Microsoft Security Response Center Blog!
> New Security Advisory for Possible Windows Vulnerability
> http://blogs.technet.com/msrc/archiv...29/416569.aspx
> --
> ~PA Bear
>
>

#3 01-05-2006, 04:35 PM

The work-around is also posted on the MS security advisory that PA Bear
posted.

Tom
"Lorin Thwaits" <Lorin Thwaits@discussions.microsoft.com> wrote in message
news:0D495E47-39D5-44B9-A58D-263DC3367C69@microsoft.com...
| Here's a way to avoid the risk altogether:
|
| http://geekswithblogs.net/lorint
|
|
|
| "PA Bear" wrote:
|
| > X-post to Security, Security.Homeusers, IE6 & WinXP General newsgroups.
| > Followup set to microsoft.public.security.
| >
| > Microsoft Security Advisory (912840): Vulnerability in Graphics
| > Rendering Engine Could Allow Remote Code Execution
| > http://www.microsoft.com/technet/sec...ry/912840.mspx
| >
| > Welcome to the Microsoft Security Response Center Blog!
| > New Security Advisory for Possible Windows Vulnerability
| > http://blogs.technet.com/msrc/archiv...29/416569.aspx
| > --
| > ~PA Bear
| >
| >

#4 01-05-2006, 04:35 PM

Hmmm, if it was out there before then it isn't there anymore. The strongest
protection I see mentioned is to enable Enhanced Security Configuration. I
still recommend this solution:

http://geekswithblogs.net/lorint

"Tom [Pepper] Willett" wrote:

> The work-around is also posted on the MS security advisory that PA Bear
> posted.
>
> Tom
> "Lorin Thwaits" <Lorin Thwaits@discussions.microsoft.com> wrote in message
> news:0D495E47-39D5-44B9-A58D-263DC3367C69@microsoft.com...
> | Here's a way to avoid the risk altogether:
> |
> | http://geekswithblogs.net/lorint
> |
> |
> |
> | "PA Bear" wrote:
> |
> | > X-post to Security, Security.Homeusers, IE6 & WinXP General newsgroups.
> | > Followup set to microsoft.public.security.
> | >
> | > Microsoft Security Advisory (912840): Vulnerability in Graphics
> | > Rendering Engine Could Allow Remote Code Execution
> | > http://www.microsoft.com/technet/sec...ry/912840.mspx
> | >
> | > Welcome to the Microsoft Security Response Center Blog!
> | > New Security Advisory for Possible Windows Vulnerability
> | > http://blogs.technet.com/msrc/archiv...29/416569.aspx
> | > --
> | > ~PA Bear
> | >
> | >
>
>
>

#5 01-05-2006, 04:35 PM

> The work-around is also posted on the MS security advisory that PA Bear
> posted.

Is it? I dont see any workaround on
http://www.microsoft.com/technet/sec...ry/912840.mspx

SH

#6 01-05-2006, 04:35 PM

It's under "Suggested Actions"

Tom
"Stephen Howe" <stephenPOINThoweATtns-globalPOINTcom> wrote in message
news:%23PDxfWIDGHA.3876@tk2msftngp13.phx.gbl...
|> The work-around is also posted on the MS security advisory that PA Bear
| > posted.
|
| Is it? I dont see any workaround on
| http://www.microsoft.com/technet/sec...ry/912840.mspx
|
| SH
|
|

#7 01-05-2006, 04:35 PM

It's under "Suggested Actions"

Tom
"Lorin Thwaits" <Lorin Thwaits@discussions.microsoft.com> wrote in message
news:98B0BB9C-AAFB-4DD5-935D-335E23C2C130@microsoft.com...
| Hmmm, if it was out there before then it isn't there anymore. The
strongest
| protection I see mentioned is to enable Enhanced Security Configuration.
I
| still recommend this solution:
|
| http://geekswithblogs.net/lorint
|
|
| "Tom [Pepper] Willett" wrote:
|
| > The work-around is also posted on the MS security advisory that PA Bear
| > posted.
| >
| > Tom
| > "Lorin Thwaits" <Lorin Thwaits@discussions.microsoft.com> wrote in
message
| > news:0D495E47-39D5-44B9-A58D-263DC3367C69@microsoft.com...
| > | Here's a way to avoid the risk altogether:
| > |
| > | http://geekswithblogs.net/lorint
| > |
| > |
| > |
| > | "PA Bear" wrote:
| > |
| > | > X-post to Security, Security.Homeusers, IE6 & WinXP General
newsgroups.
| > | > Followup set to microsoft.public.security.
| > | >
| > | > Microsoft Security Advisory (912840): Vulnerability in Graphics
| > | > Rendering Engine Could Allow Remote Code Execution
| > | > http://www.microsoft.com/technet/sec...ry/912840.mspx
| > | >
| > | > Welcome to the Microsoft Security Response Center Blog!
| > | > New Security Advisory for Possible Windows Vulnerability
| > | > http://blogs.technet.com/msrc/archiv...29/416569.aspx
| > | > --
| > | > ~PA Bear
| > | >
| > | >
| >
| >
| >

#8 01-05-2006, 04:35 PM

> It's under "Suggested Actions"

No it is not. Those, in the strictest sense, do not prevent you getting
inadvertently infected. None of them do. A "workaround" would prevent you
getting infected. That is the normal meaning of the word "workaround".

Here is a workaround:

Run
regsvr32 /u shimgvw.dll

Stephen Howe

#9 01-05-2006, 04:36 PM

Stephen Howe wrote:
>> It's under "Suggested Actions"
>
> No it is not. Those, in the strictest sense, do not prevent you
> getting inadvertently infected. None of them do. A "workaround" would
> prevent you getting infected. That is the normal meaning of the word
> "workaround".
>
> Here is a workaround:
>
> Run
> regsvr32 /u shimgvw.dll
>
> Stephen Howe

Click on the plus sign beside Suggested Actions, then click on the plus sign
beside Workarounds. It is there.

Kerry

#10 01-05-2006, 04:36 PM

Stephen Howe wrote:

> > It's under "Suggested Actions"
>
> No it is not. Those, in the strictest sense, do not prevent you getting
> inadvertently infected. None of them do. A "workaround" would prevent you
> getting infected. That is the normal meaning of the word "workaround".
>
> Here is a workaround:
>
> Run
> regsvr32 /u shimgvw.dll
>
> Stephen Howe

The advice to unregister shimgvw.dll is indeed in the originally-posted MS
article. However, in true MS fashion, it is hidden several layers deep. You
have to click on the + to expand "Suggested Actions," then click on the +
next to "Workarounds" and finally, click on the + next to "Un-register the
Windows Picture and Fax Viewer (Shimgvw.dll) on Windows XP Service Pack 1;
Windows XP Service Pack 2; Windows Server 2003 and Windows Server 2003
Service Pack 1"

--
p

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
MS Security Bulletin MS06-001: Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution (912919)	PA Bear	Internet Explorer 6	0	01-05-2006 11:15 PM
Re: Microsoft Security Advisory (912840): Vulnerability in Graphics Re	Stephen Howe	Windows XP General	8	01-05-2006 02:28 AM
Re: Microsoft Security Advisory (912840): Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution	Kerry Brown	Windows XP General	1	01-05-2006 02:25 AM
Re: Microsoft Security Advisory (912840): Vulnerability in Graphics Re	PA Bear	Windows XP General	0	01-05-2006 02:25 AM
Re: Microsoft Security Advisory (912840): Vulnerability in Graphic	Tom [Pepper] Willett	Windows XP General	0	01-05-2006 02:24 AM