Public Exploit For Windows JPEG Bug
Khoo writes "A sample program hit the Internet on Wednesday, showing by example how malicious coders could compromise Windows computers by using a flaw in the handling of a widespread graphics format by Microsoft's software. Security professionals expect the release of the program to herald a new round of attacks by viruses and Trojan horses incorporating the code to circumvent security on Windows computers that have not been updated. The flaw, in the way Microsoft's software processes JPEG graphics, could allow a program to take control of a victim's computer when the user opens a JPEG file." We mentioned this earlier.
It was no surprise, we saw it coming only now it is in the wild and again, our corporate infrastructure has to worry about stuff we didn't hire them to worry about. All of this is going to end up figuring in the total cost of operation of any windows based infrastructure. We simply can no longer deny it and the time is coming when people will have to make hard choices. Me, I am a (home) linux user since years so I fear not change. My colleagues and coworkers however see things differently and now, in this day and age of worms, viri, malware and Jpeg of death, their fears grow..
-if at first you don't succeed, stay the heck away from paragliding.
I said that this was dumb ownership, not dumb usership. There's a difference, you know?
A NYC lawyer blogs. http://www.chuangblog.com/
The patch for this one is already out. ... and is available :)
OK mods, now give me a +5 Informative for my hard work!
I'm a minister!
I heard it opens a backdoor for attackers.
do not read this line twice.
Too lazy to RTFA, is there anyway this is possibly true now or a rehash of the April Fool's joke?
To me, an image file spreading a virus makes about as much sense as a football bat.
But with IE, its hard to tell what's the truth and what's BS anymore.
--
What would Bill Clinton do?
A lot of posts around here are running around acting as if each individual Microsoft program has a problem specific to that program which is entirely false. Just like with the libPNG exploit, this exploits a graphics library: GDI+. It's the library's fault why this affects so many programs: they used the library in all of them.