Be Smart About WMF Remediation

By Cameron Sturdevant  |  Posted 2006-01-03 Print this article Print

Opinion: Look to the network perimeter for ways to block malicious files.

One way to remedy Microsoft Corp. Windows insecure handling of WMF graphics files is to go machine-by-machine and unregister the regsvr32 DLL that is at the root of the problem. However, until an effective patch is released or anti-virus vendors release signature files that catch the growing number of malicious files resulting from this vulnerability, another way for IT managers to handle the problem is by using an IDS or firewall to block WMF files. Keep in mind that malicious WMF files are easily changed to evade perimeter protection systems. However, for those sites that are still using unchanged WMF files, perimeter systems may provide a minimal level of protection.
The reason is simple enough: Filtering malicious content at the edge of the network is more cost-effective than making changes to individual machines (or even using Group Policy to change large numbers of systems).
How serious is the WMF vulnerability? Click here to read more. Further, it seems likely that once a patch is available, it will be easier to apply the patch to systems and then open the network perimeter at the convenience of the organization. Managing in a crisis—and IT managers should first take steps to understand if the WMF vulnerability is indeed a crisis for the organization—means taking steps to create the time for rational decisions. Editors Note: This story was updated because new information as of Jan. 4 showed that malicious WMF files can evade many perimeter defenses.

Technical Director Cameron Sturdevant can be reached at Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at Security Center Editor Larry Seltzers Weblog.
Cameron Sturdevant Cameron Sturdevant is the executive editor of Enterprise Networking Planet. Prior to ENP, Cameron was technical analyst at PCWeek Labs, starting in 1997. Cameron finished up as the eWEEK Labs Technical Director in 2012. Before his extensive labs tenure Cameron paid his IT dues working in technical support and sales engineering at a software publishing firm . Cameron also spent two years with a database development firm, integrating applications with mainframe legacy programs. Cameron's areas of expertise include virtual and physical IT infrastructure, cloud computing, enterprise networking and mobility. In addition to reviews, Cameron has covered monolithic enterprise management systems throughout their lifecycles, providing the eWEEK reader with all-important history and context. Cameron takes special care in cultivating his IT manager contacts, to ensure that his analysis is grounded in real-world concern. Follow Cameron on Twitter at csturdevant, or reach him by email at

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel