Major graphics flaw threatens Windows PCs

[LostInSpace]

Microsoft published on Tuesday a patch for a major security flaw in its software's handling of the JPEG graphics format and urged customers to use a new tool to locate the many applications that are vulnerable.

The critical flaw has to do with how Microsoft's operating systems and other software process the widely used JPEG image format and could let attackers create an image file that would run a malicious program on a victim's computer as soon as the file is viewed. Because the software giant's Internet Explorer browser is vulnerable, Windows users could fall prey to an attack just by visiting a Web site that has affected images.

[Guest]

Thanks LIS, I didn't know about this, but after using thier little tool, it turns out that I don't have any graphics programs that can be used for this. I killed the microsoft Image program as soon as I built this machine. LOL

[LostInSpace]

quote:

---

Originally posted by Jaguar:

Thanks LIS, I didn't know about this, but after using thier little tool, it turns out that I don't have any graphics programs that can be used for this. I killed the microsoft Image program as soon as I built this machine. LOL

---

. I downloaded the update just to be on the safe side myself.

[LostInSpace]

Update on the Jpeg exploit: Antivirus software could be ill-prepared to protect corporate networks from the latest Windows vulnerability--innocent-looking JPEG files that contain security attacks.

According to Mikko Hypponen, director of antivirus research for F-Secure, antivirus software will strain to find JPEG malware, because by default, it only searches for .exe files.

"Normal antivirus software, by default, will not detect JPEGs," Hypponen said. "You can set your antivirus scanner to look for JPEG, but the trouble is that you can change the file extension on a JPEG to so many things."

There are about 11 file name extensions to which JPEGs can be changed, including .icon or .jpg2. Hypponen said this would make finding malicious JPEGs even more difficult; searching could take up a significant amount of valuable processor power.

Internet Explorer processes JPEGs before it caches them. That could also mean that desktops may become infected before antivirus software has a chance to work.

"This means that it is not enough to scan at the desktop," Hypponen said. "You have to scan at the gateway, but this will put a huge load on your bandwidth."