Several firms, Microsoft included, told users to disable the Windows Picture and Fax Viewer, the application that Internet Explorer automatically launches to display WMF image files.
Microsoft's advisory instructed users to click the Start menu, choose Run, then enter "regsvr32 -u %windir%\system32\shimgvw.dll" (without the quote marks), and click OK.
Doing so, however, breaks the viewer so that it won't display other associated image file formats, such as those with the .jpg extension, a popular format used by most digital cameras.
And it might not solve the problem. "Any application which automatically displays or renders WMF files is vulnerable," wrote Chris Carboni, an analyst with the Internet Storm Center, in a blog entry Thursday.
Another tactic, said some security vendors, is to block all WMF image files at the network perimeter. Symantec, for instance, listed that advice in its latest bulletin about the vulnerability. Unfortunately, hackers can simply rename a malicious WMF file with a different extension -- .gif or .jpg, for example -- to pass through an exploit. Windows parses WMF files based not on the extension it reads, but on the content of the file, making such blocking strategies ineffective.
We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
2017 State of IT ReportIn today's technology-driven world, "innovation" has become a basic expectation. IT leaders are tasked with making technical magic, improving customer experience, and boosting the bottom line -- yet often without any increase to the IT budget. How are organizations striking the balance between new initiatives and cost control? Download our report to learn about the biggest challenges and how savvy IT executives are overcoming them.
Infographic: The State of DevOps in 2017Is DevOps helping organizations reduce costs and time-to-market for software releases? What's getting in the way of DevOps adoption? Find out in this InformationWeek and Interop ITX infographic on the state of DevOps in 2017.