With Microsoft promising a security update “upon completion of [an] investigation” of the WMF security flaw, there’s currently no vendor-sanctioned fix for the Windows Metafile vulnerability.However, there are ways to protect your system and network from potential attack.“If you are a Windows OneCare user and your current status is green, you are already protected from known malware that uses this vulnerability to attempt to attack systems,” according to Microsoft. If not, there are several other defense strategies, including: — Un-register the Windows shimgvw.dll file. The command “regsvr32 -u %windir%system32shimgvw.dll” (without the quotation marks) at the command-line prompt should do this on an individual system. “This workaround is better than just trying to filter files with a WMF extension,” according to security firm F-Secure, since some malicious WM files are being disguised with other file extensions. — Ilfak Guilfanov, “the main author of Interactive Disassembler Pro and…arguably one of the best low-level Windows experts in the world,” F-Secure says, has posted a temporary fix at hexblog.com. Security firm iDefense Inc. says it tested the patch and verified that it’s effective and doesn’t seem to include malicious code, but notes that the patch “is still from an independent source, and not the actual vendor, and should be treated as such.” SANS also says it has “reverse engineered, reviewed and vetted” the fix. Guilfanov recommends uninstalling his workaround once Microsoft issues an official fix.— “Configure Internet Explorer to a HIGH security level,” iDefense suggests in a listing of several protection strategies. — Block several IP addresses that have been associated with malicious activity in the past, according to Johannes Ullrich with SANS. Details are posted on the SANS Internet Storm Centre diary.“WMF exploitation has rapidly become a major threat, especially as the work week resumes after a long holiday weekend,” iDefense spokesman Ken Dunham said in an e-mail advisory. “The situation is rapidly escalating now with hundreds of hostile sites purported, dozens confirmed, and more from public and private data shared to date. …Traditionally, any rapid exploitation on a widespread basis within seven days or less has led to a major meta-event.”For more information on the WMF vulnerability from security vendors and experts:– F-Secure’s blog– Hexblog– Steve Gibson’s explainer of the fix on Hexblog – SANS Internet Storm Center diary– Microsoft’s initial security advisoryBy Sharon Machlis – Computerworld (US online) Related content brandpost Sponsored by Microsoft Security Building an AI strategy for the modern SOC Transforming SOC teams with the power of AI—identify the highest risk areas, cybersecurity maturity, existing architecture and tools, and budgetary constraints…just to name a few. By Microsoft Security May 23, 2024 5 mins Security news Tracking manual attacks may deliver zero-day previews According to analysis from LexisNexis, human-based digital fraud attacks are increasing more quickly than bot-based attacks — a difference CISOs should leverage for their defenses. By Evan Schuman May 23, 2024 4 mins Cyberattacks Fraud Cybercrime news analysis Microsoft amps up focus on Windows 11 security to address evolving cyberthreats In addition to its Copilot+ secure-cored PC, the company announced enterprise security enhancements, admin privilege changes, and the deprecation of legacy authentication protocols. By Lynn Greiner May 23, 2024 7 mins Windows Security news LockBit no longer world’s No. 1 ransomware gang After dominating for eight months, LockBit has been overtaken by ransomware gang Play in the wake of a law enforcement crackdown and unmasking of LockBit’s alleged creator. By Viktor Eriksson May 23, 2024 2 mins Ransomware Cybercrime PODCASTS VIDEOS RESOURCES EVENTS SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe