Many of you already know this if you receive advance notification from Microsoft. For everybody else, see their announcement about an early release of the WMF patch. The patch and details about it are available here. If you have installed any of the earlier patches or workarounds, here is our recommendation for updating:
1. Reboot your system to clear any vulnerable files from memory
2. Download and apply the new patch
3. Reboot
4. Uninstall the unofficial patch, by using one of these methods:
a. Add/Remove Programs on single systems. Look for “Windows WMF Metafile Vulnerability HotFix”
b. or at a command prompt:
“C:\\Program Files\\WindowsMetafileFix\\unins000.exe” /SILENT
c. or, if you used msi to install the patch on multiple machines you can uninstall it with this:
msiexec.exe /X{E1CDC5B0-7AFB-11DA-8CD6-0800200C9A66} /qn
5. Re-register the .dll if you previously unregistered it (use the same command but without the “-u”):
regsvr32 %windir%\\system32\\shimgvw.dll
6. Optionally, reboot one more time just for good measure (not required, but doesn’t hurt)
Sans tested the patch, and it does block the attack just like the unofficial patch does.
