Windows thumbnail offers a hole to potential hackers

Microsoft is investigating new public reports of a vulnerability in the Windows Graphics Rendering Engine. An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the logged-on user. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

The vulnerability is caused when the Windows Graphics Rendering Engine improperly parses a specially crafted thumbnail image, resulting in a stack overflow

According to Microsoft’s Security Advisory 2490606,  Windows 7 and Server 2008 R2 are not affected.

Until a patch becomes available, Microsoft has suggested a workaround by modifying the access rights to the shimgvw.dll library in such a way that thumbnails are no longer displayed.

To modify the ACL on shimgvw.dll to be more restrictive, run the following commands from a command prompt as an administrator.

For 32-bit editions of Windows Vista and Windows Server 2008:

takeown /f %WINDIR%\SYSTEM32\SHIMGVW.DLL
icacls %WINDIR%\SYSTEM32\SHIMGVW.DLL /save %TEMP%\SHIMGVW_ACL.TXT
icacls %WINDIR%\SYSTEM32\SHIMGVW.DLL /deny everyone:(F)

More details can be found at Microsoft Security Advisory 2490606.

Posted by on , in Category Security with Tags
Anand Khanse is the Admin of TheWindowsClub.com, a 10-year Microsoft MVP Awardee in Windows (2006-16) & a Windows Insider MVP. Please read the entire post & the comments first, create a System Restore Point before making any changes to your system & be careful about any 3rd-party offers while installing freeware.