September 22, 2004 4:17 PM PDT

Code to exploit Windows graphics flaw now public

Related Stories

Major graphics flaw threatens Windows PCs

September 14, 2004

Worm warning intensifies

April 30, 2004

Windows worm starts its spread

August 11, 2003
A sample program hit the Internet on Wednesday, showing by example how malicious coders could compromise Windows computers by using a flaw in the handling of a widespread graphics format by Microsoft's software.

Security professionals expect the release of the program to herald a new round of attacks by viruses and Trojan horses incorporating the code to circumvent security on Windows computers that have not been updated. The flaw, in the way Microsoft's software processes JPEG graphics, could allow a program to take control of a victim's computer when the user opens a JPEG file.

"Within days, you'll likely see (attacks) using this code as a basis," said Vincent Weafer, senior director of security response for antivirus-software company Symantec. "This is dangerous in a sense that everyone processes JPEG files to some degree."

The program is the latest example of "exploit code," a sample that shows others how to create attack programs that can take advantage of a particular flaw. Such code preceded the Sasser worm by two days and the MSBlast worm by nine days.

The critical flaw the program exploits has to do with how Microsoft's operating systems and other software process the widely used JPEG image format. Because the software giant's Internet Explorer browser is vulnerable, Windows users could fall prey to an attack just by visiting a Web site that has JPEG images.

The flaw affects various versions of at least a dozen Microsoft software applications and operating systems, including Windows XP, Windows Server 2003, Office XP, Office 2003, Internet Explorer 6 Service Pack 1, Project, Visio, Picture It and Digital Image Pro. The software giant has a full list of the applications in the advisory on its Web site. Windows XP Service Pack 2, which is still being distributed to many customers' computers, is not vulnerable to the flaw.

Users can download the patches from Microsoft's Windows Update and Office Update servers. In addition, the software giant has made available online programs that scan for vulnerable software and patch it.

Symantec and other antivirus companies have released updates for their software to detect graphics being used in attempts to exploit the flaw.

5 comments

Join the conversation!
Add your comment
To The Point
To save time for all, this is clearly another reason for Windows users to get rid of ther current OS and replace it with Max OS X / Linux / RISC OS / Workbench. Surely it must be Microsofts fault, as always. Just like it was Concordes fault that the runway had a sharp piece of metal on it. It is never the fault of others.

Andrew J Glina
Posted by Andrew J Glina (1673 comments )
Reply Link Flag
The operative word is...
INCOMING!!!!!

Give it two days, tops, before the next worm comes out.

Within a month, you'll see compromised servers dishing up JPG viruses!
Posted by Tex Murphy PI (165 comments )
Reply Link Flag
Be safe, stay away from Microsoft
As with nearly every Internet virus / worm / other attacks, the single most effective thing you can do to protect yourself is to never use Microsoft software. Even while most of you still have to stick it out with the Windows platform, for every Microsoft application such as Office there are better and safer to use alternatives. Try Open Office at openoffice.org to replace MS Office. Only MS Office has macro virus problems, and now the picture problem.
Posted by InsertBulletsHere (38 comments )
Reply Link Flag
Security Vulnerability in Linux Qt Toolkit Fixed
<a class="jive-link-external" href="http://linuxinsider.com/story/36069.html" target="_newWindow">http://linuxinsider.com/story/36069.html</a>

But lets ignore that link because it would show that Linux isnt perfect either. Even though its far more perfect then Windows in some ways.
Posted by Jonathan (832 comments )
Link Flag
Oh and as for Office
The latest versions of Office (XP and 2003) set macro security settings to high by default. (And this can be done in Office 2000 and I think '97 as well.) So again it becomes a moot point. Try again.
Posted by Jonathan (832 comments )
Link Flag
 

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot

Discussions

Shared

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.