Microsoft JPEG exploit might result into a worm soon

This flaw has been in news for sometime and Microsoft has already released the required patches and updates. But the vast number of machines running Windows platform and the other affected applications means that securing of all the machines would require no less than a miracle. The flaw resides in the way Microsoft software processes JPEG files and empowers the image file to run malicious program over user’s machine. The user just has to load the image in the infected programs to trigger the code!

The signs of this exploitation are already appearing in the wild. The first implementation of this exploit has been posted on several newsgroups. But this first instances does not have means to spread by itself, thus it has not termed a worm or a virus. Computer security experts believe that this is just the beginning of something, which could result in something much bigger.

Unfortunately, there is already a tool (codenamed JPEG of Death creation kit) released by a group of hackers, which can be upgraded to generate instances of these exploiting images. Some of the softwares that are affected by this bug are Windows XP, Windows Server 2003, Office XP, Office 2003, Internet Explorer 6 Service Pack 1, Project, Visio, Picture It and Digital Image Pro. Fortunately, Windows XP SP2 contained the patch for the operating system. However, users still have to get the patches for the other applications installed on their system. The patch is available on the Microsoft Website here.

Popularity: 2%