In This Site
At Last, We have a Patch
January 6, 2006, Microsoft officially released a
patch to fix the WMF Exploit vulnerability that
we addressed the day prior. Customers should
deploy this patch immediately.
We have had reports of computer slowdowns for
no reason in addition to Blue Screens being
reported with issues related to network files.
We are not sure that these are related directly
to the vulnerability, but have seen improvements
in system performance once the patch was
We recommend that customers take the
following steps to install the Microsoft patch.
This installation includes steps to uninstall
the leaked Microsoft patch if that is installed,
and the Guifanov patch if that is installed.
Included, too, is the step to re-register the
shimgvm.dll file if you unregistered that file.
Thanks to Brian Livingston for providing these
Step 1. Reboot your PC. This will remove
any infected images that may remain in your PC's
in the Workarounds portion of the Vulnerability
Details section. To re-register the file, run
the same command but leave out the -u and
the space after it.
Step 2. Uninstall the leaked MS06-001 patch,
if you installed it. The leaked patch is
detected by Windows Update and may interfere
with installing the official patch.
Step 3. Run Microsoft Update (or sync your
SUS or WSUS server to get the update).
Install MS06-001 and any other critical patches
you may need. If you haven't yet upgraded from
Windows Update (WU) to the newer Microsoft
Update (MU), you may use WU. But I recommend
that you upgrade to MU when WU suggests you do
so. MU updates Microsoft Office and other apps
as well as Windows.
Step 4. Re-register Shimgvw.dll, if you
deregistered it. Complete information on
deregistering this file is contained in
Microsoft security bulletin
Step 5. Uninstall the unofficial Guilfanov
patch, if you installed it. The developer
himself and several other experts have confirmed
that his patch does not need to be removed
before installing Microsoft's official patch,
which rewrites files on disk. After installing
MS06-001, there is no need for the Guilfanov
patch. It fixes the DLL in memory, which is no
longer necessary, and his patch should be
Printing problems were reported with some older
Windows programs; these issues appear to be
related to the DLL file being deregistered. The
problems will probably by cured (but not
necessarily) by installing MS06-001 and
re-registering the DLL, as explained by the
08 January 2006
In This Section
What's New in
Guidance on XP SP3
VOIP now available