ZDNet UK


Skip to Main Content

ZDNet.co.uk - Winner of Best Business Website 2007
  1. Home
  2. News
  3. Blogs
  4. Reviews
  5. Jobs
  6. Resources
  7. Community
  8. My ZDNet

 

ZDNet UK RSS Feeds


Security threats Toolkit

Windows JPEG exploit goes public

Published: 23 Sep 2004 08:45 BST

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

A sample program hit the Internet on Wednesday, showing by example how malicious coders could compromise Windows computers by using a flaw in the handling of a widespread graphics format by Microsoft's software.

Security professionals expect the release of the program to herald a new round of attacks by viruses and Trojan horses incorporating the code to circumvent security on Windows computers that have not been updated. The flaw, in the way Microsoft's software processes JPEG graphics, could allow a program to take control of a victim's computer when the user opens a JPEG file.

"Within days, you'll likely see (attacks) using this code as a basis," said Vincent Weafer, senior director of security response for antivirus-software company Symantec. "This is dangerous in a sense that everyone processes JPEG files to some degree."

The program is the latest example of "exploit code," a sample that shows others how to create attack programs that can take advantage of a particular flaw. Such code preceded the Sasser worm by two days and the MSBlast worm by nine days.

The critical flaw the program exploits has to do with how Microsoft's operating systems and other software process the widely used JPEG image format. Because the software giant's Internet Explorer browser is vulnerable, Windows users could fall prey to an attack just by visiting a Web site that has JPEG images.

The flaw affects various versions of at least a dozen Microsoft software applications and operating systems, including Windows XP, Windows Server 2003, Office XP, Office 2003, Internet Explorer 6 Service Pack 1, Project, Visio, Picture It and Digital Image Pro. The software giant has a full list of the applications in the advisory on its Web site. Windows XP Service Pack 2, which is still being distributed to many customers' computers, is not vulnerable to the flaw.

Users can download the patches from Microsoft's Windows Update and Office Update servers. In addition, the software giant has made available online programs that scan for vulnerable software and patch it.

Symantec and other antivirus companies have released updates for their software to detect graphics being used in attempts to exploit the flaw.

  • Email
  • Trackback
  • Clip Link
  • Print friendlyPrint with Konica

Did you find this article useful?
58 out of 105 people found this useful


In association with Intel

Talkback

Post a comment


Full Talkback thread

0 comments

Related Links

More In Security threats


Company/Topic Alerts

Create a new alert from the list below:




Related Jobs

Senior IT Network Systems Engineer

1st/2nd Line IT Support Engineer/IT Technician - Essex

2nd Line Support Analyst/Engineer

Sentry Posts Blog

Toshiba touts Quantum Key Distribution

Toshiba research scientists have developed a method of distributing quantum keys more efficiently, the company has claimed in a statement: "[Quantum Key Distribution -- ] QKD --... More

Post a comment

Virtual Teams: Small Business Innovati...

Virtual Teams: Small Business Innovation Author: Eric Everson, Founder – MyMobiSafe.com As the founder of MyMobiSafe.com, I’ve found that because of our presence in the industry... More

Post a comment

Mobile Security and Innovation: An Ope...

Mobile Security and Innovation: An Open Case Author: Eric Everson, Founder MyMobiSafe.com The times are changing in the mobile industry as “big wireless” in the US Markets are calling... More

Post a comment

Featured Oracle Resources

Human Resources Management eBook

Supply Chain Management eBook

Design and Innovation Report

Economist Intelligence Unit Report - Technology and growth at mid-sized companies

See All White Papers