Ilfak Guilfanov, who has brilliantly come up with the ONLY legitimate patch for the WMF exploit, has a new tool to check to make sure it’s working.

Wmfwera89234

Link to his vulnerability checker here. Link to the actual WMF exploit patch here.

I recommend applying his hotfix.  At this point, it is the only broadly effective deterrent to the WMF exploit. 

As Tom Liston at SANs says:

To the best of my knowledge, over the past 5 years, this rag-tag group of volunteers hasn’t asked for your trust: we’ve earned it.  Now we’re going to expend some of that hard-earned trust:

This is a bad situation that will only get worse.  The very best response that our collective wisdom can create is contained in this advice – unregister shimgvw.dll and use the unofficial patch.  You need to trust us

However, it does not support Windows 98 and ME.  For that, I would unregister shimgvw.dll (still not a perfect fix) as explained here and keep your AV signatures updated.   You can apply all my other ideas optionally, but those two things are the core things to do.  

 

Alex Eckelberry