How to protect against Windows WMF attacks

With Microsoft promising a security update "upon completion of [an] investigation" of the WMF security flaw, there's currently no vendor-sanctioned fix for the Windows Metafile vulnerability.

However, there are ways to protect your system and network from potential attack.

"If you are a Windows OneCare user and your current status is green, you are already protected from known malware that uses this vulnerability to attempt to attack systems," according to Microsoft. If not, there are several other defense strategies, including:

-- Un-register the Windows shimgvw.dll file. The command "regsvr32 -u %windir%system32shimgvw.dll" (without the quotation marks) at the command-line prompt should do this on an individual system. "This workaround is better than just trying to filter files with a WMF extension," according to security firm F-Secure, since some malicious WM files are being disguised with other file extensions.

-- Ilfak Guilfanov, "the main author of Interactive Disassembler Pro and...arguably one of the best low-level Windows experts in the world," F-Secure says, has posted a temporary fix at Security firm iDefense Inc. says it tested the patch and verified that it's effective and doesn't seem to include malicious code, but notes that the patch "is still from an independent source, and not the actual vendor, and should be treated as such." SANS also says it has "reverse engineered, reviewed and vetted" the fix. Guilfanov recommends uninstalling his workaround once Microsoft issues an official fix.

-- "Configure Internet Explorer to a HIGH security level," iDefense suggests in a listing of several protection strategies.