http://www.microsoft.com/security/bulletins/200409_jpeg.mspx
Microsoft has found two new security flaws in its software, including a critical hole that could spread viruses using Jpeg graphics.
Buffer overflow problems when processing the graphics files means Microsoft Windows, Office and developer tools could all be affected, including specific applications such as Internet Explorer, Outlook and Word.
The company has released an urgent security patch to prevent the flaw spreading in the wild, but says to date it has seen no attacks resulting from it.
Mikko Hyppönen, director of antivirus research at F-Secure, told Computing that the flaw is one of the biggest risks he has seen in previous months and advised users to patch immediately.
'All you need to do is access a web site using a vulnerable router or open an email containing a JPEG and you could be compromised,' said Hyppönen.
'But when it does appear it's unlikely to spread in minutes, like the Sasser or Blaster worms, because it involves human interaction,' he says.
'It will fall between network and email worms in terms of severity.'
Microsoft has also issued a patch for its WordPerfect Converter, which is present in certain Microsoft Office programmes.
[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
