Vulnerability in Server Service Could Allow Remote Code Execution. For more information on this vulnerability, and to download the update, see Microsoft Security Bulletin MS06-040If you have your Windows system set to automatically download critical updates then you should be all set. To double-check you can click Start -> Control Panel -> Add or Remove Programs — then look in the Currently installed programs and updates list for Security Update for Windows XP (KB921883) — it will be pretty near the bottom of the list. If it’s there then you are all set (for this week anyway), if not you should download and install it immediately.

If you are responsible for system security or system support then this patch should be at the very top of your to-do list — or, better yet, scratched off of your to-do list because it is already done.

The next Sober Worm hits tomorrow, patch your system now! Since there is no official patch available from Microsoft we are strongly urging all of our clients to patch their system manually and immediately. Be aware that this patch will prevent you from being able to double-click a picture and viewing it with Windows Picture and Fax Viewer (there is a work-around for this if you have Firefox installed). Here are the instructions:

Click Start -> Run then enter CMD into the dialog box and click OK

At the command prompt type the following exactly and then press ENTER:

regsvr32 -u %windir%\system32\shimgvw.dll

You should then see a dialog box that says “DllUnregisterServer in C:\…\shimgvw.dll succeeded.”

Click OK and your system is patched.

Next Click Start -> Control Panel and then Double-Click Folder Options. Then Click the File Types tab and find GIF, JPE, JPEG and JPG – change the “Opens with:” program for all of these to Firefox.

Now you are done and safe from the impending Sober attack.

Of course you should also make sure that your Antivirus program is installed properly and up-to-date. We strongly recommend a manual virus signature download to be sure that you have the very latest signatures.

Note: Microsoft has finally issued Windows XP Security Update for Windows XP (KB912919) that resolves this issue, Once you have installed this update successfully you can safely reinstate the Windows Picture and Fax Viewer by following the above instructions to open a command prompt window and then type this command:

regsvr32 %windir%\system32\shimgvw.dll

You should then see a dialog box that says “DllRegisterServer in C:\…\shimgvw.dll succeeded.” Click OK and your system is all back to normal.

If you also changed the “Opens with:” follow the same instructions as above but click the “Restore” button for each of the file types.

And P-L-E-A-S-E make sure that your Antivirus program is installed properly and up-to-date.