Bethel University
Microsoft Jpeg Vulnerability Security Alert
In mid September
Microsoft announced the release of a patch to fix a critical security
flaw that would allow malicious code embedded within a jpeg image
file to potentially be used to take over a computer. With the
jpeg processing flaw, a vulnerable computer could potentially
be infected just by visiting a website or inserting an image in
Word with an infected jpeg image. This is a dramatic change in
how viruses infections are viewed. Previously, most infections
required a user to open an email attachment to launch the virus
The vulnerability
is found in multiple Microsoft products. Any Microsoft product
that handles jpeg files are vulnerable. The most commom products
infected are Windows XP, Internet Explorer 6, Office, and Visio.
Not only do users need to update Windows XP, but the other vulerable
products as well. Microsoft has a detection tool to find out which
which Microsoft products needs to be updated as part of the Window
update.
ITS recommends
that those with personal home computers visit Microsoft's site
to learn more and then install the updates. Microsoft
has provided a webpage page with a complete list of vulnerable
products and steps to take to install the updates at:
http://www.microsoft.com/security/bulletins/200409_jpeg.mspx