Slashdot Mirror


Public Exploit For Windows JPEG Bug

Khoo writes "A sample program hit the Internet on Wednesday, showing by example how malicious coders could compromise Windows computers by using a flaw in the handling of a widespread graphics format by Microsoft's software. Security professionals expect the release of the program to herald a new round of attacks by viruses and Trojan horses incorporating the code to circumvent security on Windows computers that have not been updated. The flaw, in the way Microsoft's software processes JPEG graphics, could allow a program to take control of a victim's computer when the user opens a JPEG file." We mentioned this earlier.

6 of 509 comments (clear)

  1. Just looking at it is dangerous... by DenDave · · Score: -1, Redundant

    It was no surprise, we saw it coming only now it is in the wild and again, our corporate infrastructure has to worry about stuff we didn't hire them to worry about. All of this is going to end up figuring in the total cost of operation of any windows based infrastructure. We simply can no longer deny it and the time is coming when people will have to make hard choices. Me, I am a (home) linux user since years so I fear not change. My colleagues and coworkers however see things differently and now, in this day and age of worms, viri, malware and Jpeg of death, their fears grow..

    --
    -if at first you don't succeed, stay the heck away from paragliding.
  2. Re:Patch is Already Out by darkmeridian · · Score: -1, Redundant

    This is dumb ownership, if this bug becomes prevalent.

    Sort of like it was dumb ownership to leave your SQL machine open to the Internet, allowing port 1334 open?

    Or it was dumb to open any of the attachments claiming to be from your administrator sending a passworded zipped file with some "clean-up tool" attached?

    We have proven that users aren't the one's responsible enough not to do something dumb. And, SP2 is still undergoing testing in many office environments.


    I said that this was dumb ownership, not dumb usership. There's a difference, you know?
    --
    A NYC lawyer blogs. http://www.chuangblog.com/
  3. Re:Patch is Already Out by Jeffv323 · · Score: 0, Redundant

    The patch for this one is already out. ... and is available :)

    OK mods, now give me a +5 Informative for my hard work!

    --
    I'm a minister!
  4. Re:Knew it by liquidsin · · Score: -1, Redundant

    I heard it opens a backdoor for attackers.

    --
    do not read this line twice.
  5. For the love of God by NineteenSixtyNine · · Score: -1, Redundant

    Too lazy to RTFA, is there anyway this is possibly true now or a rehash of the April Fool's joke?
    To me, an image file spreading a virus makes about as much sense as a football bat.
    But with IE, its hard to tell what's the truth and what's BS anymore.

    --

    --
    What would Bill Clinton do?
  6. The problem is within a graphics library by BinaryOpty · · Score: 0, Redundant

    A lot of posts around here are running around acting as if each individual Microsoft program has a problem specific to that program which is entirely false. Just like with the libPNG exploit, this exploits a graphics library: GDI+. It's the library's fault why this affects so many programs: they used the library in all of them.