> The work-around is also posted on the MS security advisory that PA Bear
> posted.

Is it? I dont see any workaround on
http://www.microsoft.com/technet/sec...ry/912840.mspx

SH

It's under "Suggested Actions"

Tom
"Stephen Howe" <stephenPOINThoweATtns-globalPOINTcom> wrote in message
news:%23PDxfWIDGHA.3876@tk2msftngp13.phx.gbl...
|> The work-around is also posted on the MS security advisory that PA Bear
| > posted.
|
| Is it? I dont see any workaround on
| http://www.microsoft.com/technet/sec...ry/912840.mspx
|
| SH
|
|

> It's under "Suggested Actions"

No it is not. Those, in the strictest sense, do not prevent you getting
inadvertently infected. None of them do. A "workaround" would prevent you
getting infected. That is the normal meaning of the word "workaround".

Here is a workaround:

Run
regsvr32 /u shimgvw.dll

Stephen Howe

Suggested Actions
Workarounds

Microsoft has tested the following workaround. While this workaround will
not correct the underlying vulnerability, it will help block known attack
vectors. When a workaround reduces functionality, it is identified in the
following section.

Un-register the Windows Picture and Fax Viewer (Shimgvw.dll) on Windows
XP Service Pack 1; Windows XP Service Pack 2; Windows Server 2003 and
Windows Server 2003 Service Pack 1

From the MS Advisory:



To un-register Shimgvw.dll, follow these steps:

1.
Click Start, click Run, type "regsvr32 -u
%windir%\system32\shimgvw.dll" (without the quotation marks), and then click
OK.

2.
A dialog box appears to confirm that the un-registration process has
succeeded. Click OK to close the dialog box.


Impact of Workaround: The Windows Picture and Fax Viewer will no longer be
started when users click on a link to an image type that is associated with
the Windows Picture and Fax Viewer.

To undo this change, re-register Shimgvw.dll by following the above steps.
Replace the text in Step 1 with “regsvr32 %windir%\system32\shimgvw.dll”
(without the quotation marks).



Tom

"Stephen Howe" <stephenPOINThoweATtns-globalPOINTcom> wrote in message
news:umNfEnIDGHA.1180@TK2MSFTNGP09.phx.gbl...
|> It's under "Suggested Actions"
|
| No it is not. Those, in the strictest sense, do not prevent you getting
| inadvertently infected. None of them do. A "workaround" would prevent you
| getting infected. That is the normal meaning of the word "workaround".
|
| Here is a workaround:
|
| Run
| regsvr32 /u shimgvw.dll
|
| Stephen Howe
|
|
|
|
|

Stephen Howe wrote:
>> It's under "Suggested Actions"
>
> No it is not. Those, in the strictest sense, do not prevent you
> getting inadvertently infected. None of them do. A "workaround" would
> prevent you getting infected. That is the normal meaning of the word
> "workaround".
>
> Here is a workaround:
>
> Run
> regsvr32 /u shimgvw.dll
>
> Stephen Howe

Click on the plus sign beside Suggested Actions, then click on the plus sign
beside Workarounds. It is there.

Kerry

Stephen Howe wrote:

> > It's under "Suggested Actions"
>
> No it is not. Those, in the strictest sense, do not prevent you getting
> inadvertently infected. None of them do. A "workaround" would prevent you
> getting infected. That is the normal meaning of the word "workaround".
>
> Here is a workaround:
>
> Run
> regsvr32 /u shimgvw.dll
>
> Stephen Howe

The advice to unregister shimgvw.dll is indeed in the originally-posted MS
article. However, in true MS fashion, it is hidden several layers deep. You
have to click on the + to expand "Suggested Actions," then click on the +
next to "Workarounds" and finally, click on the + next to "Un-register the
Windows Picture and Fax Viewer (Shimgvw.dll) on Windows XP Service Pack 1;
Windows XP Service Pack 2; Windows Server 2003 and Windows Server 2003
Service Pack 1"



--
p

> The advice to unregister shimgvw.dll is indeed in the originally-posted MS
> article. However, in true MS fashion, it is hidden several layers deep.
You
> have to click on the + to expand "Suggested Actions," then click on the +
> next to "Workarounds" and finally, click on the + next to "Un-register the
> Windows Picture and Fax Viewer (Shimgvw.dll) on Windows XP Service Pack 1;
> Windows XP Service Pack 2; Windows Server 2003 and Windows Server 2003
> Service Pack 1"

Yeah your right. Sorry. I missed all those level of +'s

Stephen Howe

"Lem" <lemp40@hotmail.com> wrote in message
news:43B3FFEB.297EEB3D@hotmail.com...

> > Here is a workaround:
> >
> > Run
> > regsvr32 /u shimgvw.dll
> >
> > Stephen Howe
>
> The advice to unregister shimgvw.dll is indeed in the originally-posted MS
> article. However, in true MS fashion, it is hidden several layers deep.
You
> have to click on the + to expand "Suggested Actions," then click on the +
> next to "Workarounds"

I have to agree. I read those security articles religiously, and I missed
the workaround as well. Apparently I'm far from the only one that missed
this. This could be done better.

> > > regsvr32 /u shimgvw.dll


Was just looking at the option of putting this into the logon script,
however I notice that it also breaks quite a bit of the Explorer
functionality in relation to other types of images, and it's the kind of
functionality that is heavily relied-on by the less computer-literate users.
This point might need to be carefully evaluated before rolling-out, to avoid
disruption.