ARCHIVED: In Windows XP, why are my picture files not opening when I double-click them, and how can I view them?

This content has been archived, and is no longer maintained by Indiana University. Information here may no longer be accurate, and links may no longer be available or reliable.

Update

On January 5, Microsoft released a Critical Update for the issue discussed below. You can obtain the update by visiting the Windows Update site, using Internet Explorer, at one of the following URLs: 

  http://update.microsoft.com

  http://windowsupdate.microsoft.com

The update is also available locally through IUware Online at: 

  http://iuware.iu.edu/title.aspx?id=508

If you've configured Windows Automatic Updates, then your computer should be downloading it according to the schedule you specified, unless you choose to obtain and apply it early. However, you will still not be able to view pictures as you normally do until ITSO and UITS reverse the security precaution.

Windows vulnerability

Normally, in Windows XP, when you double-click an image file, the Picture and Fax Viewer launches to display the image. Now, however, when you do this, nothing happens: the Picture and Fax Viewer doesn't launch, and neither does any other program; you do not get any error messages; you are not prompted to tell Windows which program you want to use to view the image. This also affects thumbnail viewing.

This behavior is not an error. Rather, it is a temporary effect of a necessary security precaution, taken in response to a severe vulnerability in Windows. The IU IT Security Office (ITSO) has created a policy in response to this vulnerability; you can read the IT Security Office's bulletin on the problem at:

  https://itso.iu.edu/bulletins/ITSO.2005.12.29.wmf

For more information on the problem, you can also read the following links from Microsoft and the Carnegie Mellon Software Institute's Computer Security response team (CERT) at:

  http://www.microsoft.com/technet/security/advisory/912840.mspx

  http://www.kb.cert.org/vuls/id/181038

In summary, Windows has a flaw with how it handles a certain type of file called a "Windows Metafile", which is an image file with a .wmf extension. Malicious programmers, or hackers, can build special .wmf image files that can compromise a computer, just like a virus can. They will then attempt to have an unsuspecting user launch the malicious .wmf file, either by sending the user to a web site that contains the image file, by emailing it to the user, or by tricking the user into saving the file and manually launching it.

Picture and Fax Viewer is the program that normally launches to view such files. Therefore, pending a patch from Microsoft, the ITSO has pushed a policy through the IU network that prevents Picture and Fax Viewer from automatically launching when trying to view an image file, whether from double-clicking the file or from any other method of opening it. That happens with any image file, including:

  • JPEGs (files with extensions reading .jpg, .jpeg, .jpe, etc.)
  • GIFs (.gif)
  • TIFFs (.tif, .tiff)
  • Windows bitmapped files (.bmp)
  • Windows Metafile (.wmf)

This list is not exhaustive; any image file that by default used to open in Picture and Fax viewer will no longer do so.

The policy affects only Windows XP Professional computers joined to the IU Active Directory. Computers not joined, even if they are on the IU network, will not be affected by this network policy; that includes Macintosh, Windows operating systems prior to XP, Windows XP Home (users of which cannot join a domain), Linux, etc. Only Windows XP Professional computers are affected, and only if they are joined to the Indiana University Active Directory. No other computers are affected by this policy.

Note: All that has been disabled is the automatic launching of the Picture and Fax Viewer program when an attempt is made to view an image. Your pictures are still viewable. The idea behind disabling the automatic launching of Picture and Fax Viewer is to give YOU the opportunity to avoid opening a maliciously constructed file. You are given the option to view only those image files that you know are clean and that come from a trusted source. With this policy, UITS is not preventing compromises from happening. UITS is simply preventing such compromises from happening automatically. If you go out of your way to manually open a bad file, your computer will still be compromised.

While the policy is in effect, you can do the following:

  • Wait until after the temporary policy is lifted. At that time, normal behavior will be restored.
  • Use a different image viewer. If you have installed Microsoft Office, the Microsoft Photo Editor is available, and Microsoft Paint is available on any Windows computer. To launch Microsoft Paint manually, from the Start menu, select Accessories, and then Paint; then, to open the image within Microsoft Paint, from the File menu, select Open.

    Note: While Paint can handle many image file types, it cannot handle all of them.

  • Install a third-party image editor or viewer. Adobe Photoshop is one example; the freeware program Gimp is another. But be careful about doing this: Those programs tend to take over file type associations and allow you to open by double-clicking an image. As said above, the idea behind the network policy is to give you the opportunity to avoid opening a maliciously constructed file. You should still practice going through File menu, then Open, just to give yourself that opportunity to stop and think about whether you trust the image file you're opening or not. You don't give yourself that opportunity with a quick double-click; the damage is done by the time you realize you shouldn't be opening the image.
  • Drag and drop the image onto a web-browser icon on your desktop, or the icon of any other program capable of displaying the image. Again, though, the above caveat regarding trustworthy image files applies.

Be careful about doing any of these steps. If you choose to do any of them with a maliciously constructed file, your computer will still be compromised, the only difference being that you will have gone out of your way to allow it. You should still be careful about what files you choose to open using these steps. Those image files should come from trustworthy sources, and you should do your best to confirm the safety of the files (such as determining whether the files were originally created by your trustworthy source. For example, unless your source happens to be a known hacker or malicious programmer, the file you get is almost certainly safe if that person is indeed trustworthy and personally took, scanned, or created the image file).

This is document ateb in the Knowledge Base.
Last modified on 2018-01-18 14:54:12.