George Ou has posted blog entry where he states that hardware-enforced DEP (Data Execution Prevention) does NOT protect against the WMF Windows MetaFile exploit.  I have tested this and conclude with Alex Eckelberry that it does seem to work but since we have a limited base of machines to test on this might not be the case for everyone.

Things that DO work are:

• Unregistering the shimgvw.dll file
• Use Sunbelt Kerio Firewall and add the Snort rule

The registry fix that is mentioned on the web DOES NOT work!

Bottom line, we need a Microsoft fix!

This entry was posted on Friday, December 30th, 2005 at 15:29 and is filed under PC Doctor's Useful Links, Stay Secure. You can follow any responses to this entry through the RSS 2.0 feed. Responses are currently closed, but you can trackback from your own site.