The flaw in the processing of (yet another) graphics file – the wmf file is actively being exploited to load spyware and other nasties. At the moment there is no patch available and the workaround on the above site is to disable the Windows Picture and Fax Viewer engine by doing the following.
(I wish the unregistration was silent as I could then deploy it in a login script) By adding a /s before the %windir% it becomes silent so I *can* deploy. I’ll make a check to see it has already been deployed and then unregister it if it hasn’t)
Un-register the Windows Picture and Fax Viewer (Shimgvw.dll) on Windows XP Service Pack 1; Windows XP Service Pack 2; Windows Server 2003 and Windows Server 2003 Service Pack 1
To un-register Shimgvw.dll, follow these steps:
1.Click Start, click Run, type “regsvr32 -u %windir%\system32\shimgvw.dll” (without the quotation marks), and then click OK.
2.A dialog box appears to confirm that the un-registration process has succeeded. Click OK to close the dialog box.
Impact of Workaround: The Windows Picture and Fax Viewer will no longer be started when users click on a link to an image type that is associated with the Windows Picture and Fax Viewer.
To undo this change, re-register Shimgvw.dll by following the above steps. Replace the text in Step 1 with “regsvr32 %windir%\system32\shimgvw.dll” (without the quotation marks).