Update: This is NOT a guaranteed fix.  See latest.

Based on preliminary research, we’re finding that systems with software-enforced DEP will get the WMF exploit, but systems with hardware-enforced DEP will not.   However, your results may vary, so don’t take this as gospel.

For those of you unfamiliar with DEP, Microsoft explains it well:

Data Execution Prevention (DEP) is a set of hardware and software technologies that perform additional checks on memory to help prevent malicious code from running on a system. In Microsoft Windows XP Service Pack 2 (SP2) and Microsoft Windows XP Tablet PC Edition 2005, DEP is enforced by hardware and by software.

DEP is installed by default with Service Pack 2.  However, in order to get the full capabilities of DEP, you will need to have a processor that supports these advanced features (this is called hardware-enforced DEP). 

For example, the processor in my newer Dell Inspirion Optiplex (bought sometime in the last 12 months) has hardware-enforced DEP and I don’t get the exploit (I test in Vmware). Instead, I get this message:

Depmsg24a212113

However, my Dell home system (purchased last winter) does not have hardware-enforced DEP and I get the exploit on it.

Here’s how to see if you have hardware- or software-enforced DEP:

Right click on My Computer, choose Properties, then Advanced.  Then, under Performance, choose Settings.  (Alternatively, go to the Control Panel, and if you’re in Classic View, choose System, then Advanced.  If you’re running in Category View, choose Performance and Maintenance, and then System.)

Performancescreen

You’ll see a tab for Data Execution Prevention. 

If your processor supports DEP, you’ll see something like the following. Update: You’ll want to choose the option of Turn on DEP for all programs and services except those I select just to be sure.

   Depwithardwareenforced

If your processor doesn’t support DEP (in other words, it’s software-enforced), you’ll see something like this:

Depsettingshardwaremodeclick

 

Alex Eckelberry

IMPORTANT UPDATE:  This is absolutely not a foolproof solution, but it’s free and it’s not hard to implement.  See my latest blog on this subject.