JPeG Virus or Worm still expected, please patch ASAP!
I want to get people to patch before it's too late.
Couple of notices on this vulnerability:
- Filtering files with .JPG extension won't protect you much. Bad JPGs can be renamed to .BMP and they still work fine.
- Definitely try to update Word, Excel and other Office tools .. therefore you need to visit officeupdate.microsoft.com , these are the most important programs to update.
- A lot of anti-virus scanners has released generic updates already, however I don't have any idea what the real impact will be if a real attack will be launched.
- However, exploiting Internet Explorer with this vulnerability seems to be particularily hard. Exploiting Windows XP's EXPLORER.EXE while viewing local JPG files is much easier and several toolkits to create JPGs like this exist. This reduces the likelyhood of appereance of a massmailer worm using this vulnerability.
- At least try to update your anti-virus scanner ASAP as this will be the first protection for most of the home users and corporates.
<< Home