STANFORD UNIVERSITY

SECURE COMPUTING

Security Alerts

January 5, 2006

Microsoft Releases Patch for Critical "WMF" Vulnerability

Summary

On Jan 5, 2006, Microsoft did an early release of a critical security update, in response to publicly circulating exploits of the Windows "WMF" vulnerability.

All current versions of Windows are affected by the vulnerability patched in this update. This vulnerability can result in system-level compromise, possibly without direct user interaction.

What to Do

Windows users can manually use "Windows Update" to download and install the current operating system patches.

Additionally, it is recommended that all Windows machines have an automated patch management solution installed and configured on their system. Stanford provides BigFix to automatically patch Windows machines; it is available at http://patching.stanford.edu. Alternatively, Windows Automatic Update should be enabled.

Please remember to reboot your machine after patching manually, or when prompted to do so by Windows Update or by your BigFix administrator. Most patches do not take effect until after a reboot.

Undo the Workaround

If you have applied the manual workaround described in the previous security alert and unregistered shimgvw.dll, you should re-register it after your machine has been fully updated and rebooted. The procedure requires that you be logged in with administrative privileges.

  1. Click Start, click Run, type: regsvr32 %windir%\system32\shimgvw.dll and then click OK.
  2. A dialog box appears to confirm that the registration process has succeeded. Click OK to close the dialog box.

Technical Detail

Information regarding this security update is available at http://www.microsoft.com/technet/security/bulletin/ms06-001.mspx.

MS06-001 - Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution (KB912919)

  • Affected platforms:
    • Windows 98, 98SE, ME
    • Windows 2000, all versions
    • Windows XP, all versions
    • Windows Server 2003, all versions
  • May be activated by a malicious web page, email, attachment, instant message, or any other channel for transferring a file.
  • Exploits are currently circulating on the Internet.

The Information Security Office would like to thank the Windows Systems Team in ITS for their assistance in producing this alert.

Last modified Monday, 08-Oct-2007 04:34:18 PM

Stanford University Home Page