[quote name='Zing']1) MS has not released a patch or update for this exploit
2) Everyone here obviously has internet access and therefore the ability to Google. Why are we doing tech support for such a trivial, non-gaming issue?
3) In Windows Explorer, go to Tools -> Folder Options -> View -> Uncheck "do not cache thumbnails"[/QUOTE]
1) What part of the phrase "there's already a patch but it won't be finalized until jan. 10." was unclear? The patch was initially not going to be released until it was finalized at maximum by Jan. 10. I even pointed out the Microsoft bulletin URL so anyone could read it.
2) Yeah, you could Google it but there's such a thing as being helpful to a fellow CAGer. It's a really easy concept - if no one wanted to help him, no one would answer his question.
3) A better work around:
[quote name='Microsoft']Workarounds for Graphics Rendering Engine Vulnerability - CVE-2005-4560:
Microsoft has tested the following workaround. While this workaround will not correct the underlying vulnerability, it will help block known attack vectors.
•
Unregister the Windows Picture and Fax Viewer (Shimgvw.dll) on Windows XP Service Pack 1; Windows XP Service Pack 2; Windows Server 2003 and Windows Server 2003 Service Pack 1
Microsoft has tested the following workaround. While this workaround will not correct the underlying vulnerability, it helps block known attack vectors. When a workaround reduces functionality, it is identified in the following section.
Note This workaround is intended to help protect against Web based exploit vectors and is not effective against exploits that have Windows Metafile images embedded in Word documents and other similar attack vectors.
Note The following steps require Administrative privileges. We recommend that you restart the computer after you apply this workaround. Alternatively, you can log out and log back in after you apply the workaround. However, we do recommend that you restart the computer.
To un-register Shimgvw.dll, follow these steps:
1.
Click Start, click Run, type "regsvr32 -u %windir%\system32\shimgvw.dll" (without the quotation marks), and then click OK.
2.
When a dialog box appears that confirms that the process has been successful, click OK.
Impact of Workaround: The Windows Picture and Fax Viewer will no longer start when users click a link to an image type that is associated with the Windows Picture and Fax Viewer.
To undo this workaround after the security update has been deployed, reregister Shimgvw.dll. To do this, use this same procedure, but replace the text in step 1 with “regsvr32 %windir%\system32\shimgvw.dll” (without the quotation marks).[/QUOTE]
4) The patch has been released 5 days early:
http://www.microsoft.com/technet/security/bulletin/MS06-001.mspx
Conclusion: Don't be a dick.