GrayScales - Scams, Viruses & More
Jim's Blatherings - Simple ramblings (maybe rants) from the Co-Founder of Quikonnex about Scams, Viruses, Internet Marketing, web techniques, tips & anything else that pops into his head.
Subscribe without Email Subscribe without Email
GrayScales - Scams, Viruses & More

Microsoft creates JPEG Image Vulnerability

Thursday, September 16, 2004
Graphics used to be safe, until Microsoft got their hands on them. JPEG images are processed by Windows using a program called GDI+ (Graphics Device Interface). Bottom line, Microsoft left a hole in it whereas a user's computer could be attacked. The hole would allow a JPEG image file to run a malicious program on a victim's computer as soon as the file is viewed.

The Internet Explorer browser is vulnerable, thus Windows users could fall prey to an attack just by visiting a Web site that has affected images. No known exploit has been discovered yet, according to McAfee, but the potential for it is very high.

Windows XP Service Pack 2 is not vulnerable to this exploit, but many users have resisted its installation due to perceived problems (and YES there are problems, even though I didn't encounter any during my upgrade). Over a dozen Microsoft applications are affected including Microsoft's .NET framework. It's critical that you either switch to Linux or go to Microsoft's site at JPEG Processing (GDI+) Security Update and perform a check for updates as well as run their tool for checking for vulnerable programs that are known to be vulnerable. So far, I've been lucky. I've applied every update (been doing this continuously since I started using XP) and have never encountered a problem. I have had a client's computer get totally zapped during an XP SP2 update, but that I understand is a rare occurence. If you've not been keeping up with the updates, you may be in for a surpise and SOON! It only takes a few days for those very smart and evil virus writers to create a program to exploit Microsoft weaknesses.

In all fairness to Microsoft, they're not the only ones who've created problems with graphic files. On Aug 5th, CNet reported on a flaw with the PNG graphic format exposed by a software library used by the Mozilla and Opera browsers and various email clients. Among the programs that use this library and are likely to be affected by the flaws are the Mail application on Apple Computer's Mac OS X, the Opera and Internet Explorer browsers on Windows, and the Mozilla and Netscape browsers on Solaris. The Mozilla Foundation released patches the day after the flaw was discovered, whereas Microsoft just started studying the issue. I've not discovered if Microsoft has done anything with it. Just goes to show how flexible the open source community is.
Posted on 09/16/04 at 09:16:31 by Jim Gray
Category: Security

Comments

No comments yet

Add Comments

:

:
:

:




Required for non-registered users




Navigation



Instant Messengers


Categories


Search by Keyword

Search by Date

« November 2008 »
SunMonTueWedThuFriSat
      1
2345678
9101112131415
16171819202122
23242526272829
30      


Contact Publisher

Publisher's Home Site