Thursday, December 29, 2005

Windows 0-day exploit found on Web

Ok people - be VERY careful!

Do not visit websites you don't know, do not click on any links in emails or IM messages, and if you can possibly avoid it, don't even open any emails that you are not 100% sure of.

An HTML email can send you to an infected website automatically and infect your system no matter what patches, anti-virus, or other precautions you may have taken. Right through a firewall.

This is a bad one.

The only way to be safe (relatively safe, anyway) is to open a command window with start/run, then entering the following:

regsvr32 -u %windir%\system32\shimgvw.dll

and hitting enter. This will disable the part of windows that is vulnerable, but will also disable the part of windows that allows thumbnails of pictures and several other functions.

I hate these guys that write exploit code and post it publicly. They should be flogged to death.

As always, keep your anti-virus up to date, as well as your anti-spyware software and all microsoft patches. It's better than nothing, even if they won't protect you against this problem until MS gets off its butt and puts out a patch.