Install Microsoft’s WMF patch

Microsoft released on Jan. 5 an emergency patch, named MS06-001, which corrects Windows’ so-called WMF (Windows metafile) vulnerability. A WMF exploit can silently infect a PC when it merely displays an image in any browser, instant messaging, P2P, e-mail, or in a directory listing in Windows Explorer; when desktop-search applications index an infected image file; and in other ways.

I published a special news update earlier in the week urging readers to install an unofficial patch for this problem. This workaround was also strongly recommended by F-Secure, the SANS Institute’s Internet Storm Center (ISC), and several other security sites.

Readers should now install the official patch instead, following the steps I describe below.

It’s highly unusual for Microsoft to release a patch on a date other than the 2nd Tuesday of each month. In fact, Microsoft had originally announced that it would not release a solution for the WMF hole, which was being actively exploited on the Internet, until Jan. 10.

Microsoft’s decision to reverse itself and release the patch out-of-cycle is to be commended. This action reinforces my belief that the WMF hole was so serious that Windows users needed to protect themselves immediately and not wait a week or more for an official Microsoft patch.

The unofficial patch, by Belgian developer Ilfak Guilfanov, was not the only workaround that became available to Windows users in recent days. Microsoft itself suggested in its Dec. 28 security advisory 912840 (which has now been mostly deleted) that users deregister Shimgvw.dll, a vulnerable file. In addition, an unauthorized version of the MS06-001 patch was leaked on some Web sites.

I recommend that individual PC users take the following steps. The procedure I describe below helps you install the official Microsoft patch without problems, regardless of which of the above workarounds, if any, you used. (Information for corporations on scripting patches to install them across a network is available from the ISC.)

Step 1. Reboot your PC. This will remove any infected images that may remain in your PC’s memory.

This article is part of our premium content. Join Now.

Already a paid subscriber? Click here to login.

Get our unique weekly Newsletter with tips and techniques, how to's and critical updates on Windows 10, Windows 8, Windows 7, Firefox, Internet Explorer, Google, etc. Join our 460,000 subscribers!

Enter your email above to receive messages about offerings by Penton, its brands, affiliates and/or third-party partners, consistent with Penton's Privacy Policy.
The Windows 7, Vol 3 (Excerpt)

Subscribe and get our monthly bonuses - free!

The Windows 7 Guide, Volume 3: Advanced maintenance and troubleshooting provides advanced tools for keeping Microsoft's premier operating system up and running smoothly. Get this excerpt and other 4 bonuses if you subscribe FREE now!

= Paid content

All Windows Secrets articles posted on 2006-01-06: