Microsoft warns of JPeg danger

Microsoft has warned users of a critical flaw that could enable a hacker to gain control of their computers by using corrupted...

Microsoft has warned users of a critical flaw that could enable a hacker to gain control of their computers by using corrupted JPeg images held on a website.

In security bulletin MS04-028, Microsoft urged users to update their systems.

Most older Microsoft products, including Windows NT 4.0, Internet Explorer 5.5, Windows Me and Windows 98 are unaffected. However, Windows XP, Windows 2003 and Office 2003 are among 24 products and service packs that contain the flaw.

By default, Windows 98, 98 SE, Me, NT 4.0, 2000, and XP Service Pack 2 are not vulnerable to this exploit. However, the vulnerable component could be installed on these operating systems. Microsoft advised users to install the appropriate security update for those applications.

Richard Brain, technical director at security consultancy Procheckup, said, "For such a widely used format, Microsoft should have done something far sooner." He said JPeg exploits have existed since 1994.

Microsoft said a hacker could not force users to visit a malicious website, but would attempt to persuade them to visit the site, typically by getting them to click a link.



Enjoy the benefits of CW+ membership, learn more and join.

Read more on IT risk management

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.




  • Passive Python Network Mapping

    In this excerpt from chapter two of Passive Python Network Mapping, author Chet Hosmer discusses securing your devices against ...

  • Protecting Patient Information

    In this excerpt from chapter two of Protecting Patient Information, author Paul Cerrato discusses the consequences of data ...

  • Mobile Security and Privacy

    In this excerpt from chapter 11 of Mobile Security and Privacy, authors Raymond Choo and Man Ho Au discuss privacy and anonymity ...