07 October 2004

New JPEG Trojan/Worm via Fred Langa 

GDI+ Security Flaw

This is an example of a totally avoidable problem: Already, some users' systems are being compromised by a trojan/worm--- and some security experts are claiming that this will be the "next big worm" we'll have to face--- even though a fix was available before any instances of the worm/trojan appeared in the wild. No one's system need be vulnerable to this worm, but if history is a guide, millions of users will ignore the fix, and we'll all suffer the consequences as system and servers bog down with totally unnecessary worm traffic. Sigh.

A buffer overrun vulnerability exists in the processing of JPEG image formats that could allow remote code execution on an affected system. Any program that processes JPEG images on the affected systems could be vulnerable to this attack, and any system that uses the affected programs or components could be vulnerable to this attack. An attacker who successfully exploited this vulnerability could take complete control of an affected system.

This issue affects software that supports this image format....

JPEG/JPG is a ubiquitous image format, so this means that essentially *all* version of Windows and all versions of Office can be affected. But the fix is tiny, fast, and free: http://www.microsoft.com/security/bulletins/200409_jpeg.mspx

In fact, if you've been keeping up with your patches, or have allowed your system to patch itself as needed, you probably already have this fix. If so, please make sure your friends and family have their systems patched. Again, this is a wholly- preventable problem, as no instances of this worm appeared on the web until *after* the patch was released. This is a worm that should go nowhere--- but probably will find a ton of unpatched systems to infect.

More info:
Buffer Overrun in JPEG Processing (GDI+) Could Allow Code Execution

Comments: Post a Comment

This page is powered by Blogger. Isn't yours?