Friday, December 19, 2014
Search
  
Submit your own News for
inclusion in our Site.
Click here...
Breaking News
T-Mobile to Pay $90 Million To Settle Case With FCC
New Trojan Targetted Banks Wordlwide
FBI Confirms North Korea Was Behind Sony Hack
Apple Responds To BBC's Allegations Over Working Conditions In Chinese Factory
BlackBerry Returns To Cash Flow
Comparison: Quantum Dot Vs. OLED Displays
Toshiba and SK Hynix Reach Settlement in Lawsuit Ahead Of CES
Google Concerned About MPAA's Actions To Revive SOPA
Active Discussions
Digital Audio Extraction and Plextools
Will there be any trade in scheme for the coming PSP Go?
Hello, Glad to be Aboard!!!
Best optical drive for ripping CD's? My LG 4163B is mediocre.
Hi All!
cdrw trouble
CDR for car Sat Nav
DVD/DL for Optiarc 7191S at 8X
 Home > News > General Computing > XP SP2 ...
Last 7 Days News : SU MO TU WE TH FR SA All News

Thursday, September 16, 2004
XP SP2 Escapes Critical Windows Security Flaw


Just visiting a website could be enough to give you a virus.

Microsoft has published a patch for a major security flaw in its software's handling of the JPEG graphics format and urged customers to use a new tool to locate the many applications that are vulnerable.

The critical flaw has to do with how Microsoft's operating systems and other software process the widely used JPEG image format and could let attackers create an image file that would run a malicious program on a victim's computer as soon as the file is viewed. Because the software giant's Internet Explorer browser is vulnerable, Windows users could fall prey to an attack just by visiting a website that has affected images.

The severity of the flaw had some security experts worried that a virus that exploits the issue may be on the way.

"The potential is very high for an attack," said Craig Schmugar, virus research manager for security software company McAfee. "But that said, we haven't seen any proof-of-concept code yet." Such code illustrates how to abuse flaws and generally appears soon after a software maker publishes a patch for one of its products.

The flaw affects various versions of at least a dozen Microsoft software applications and operating systems, including Windows XP, Windows Server 2003, Office XP, Office 2003, Internet Explorer 6 Service Pack 1, Project, Visio, Picture It and Digital Image Pro. The software giant has a full list of affected applications in the advisory on its website. Windows XP Service Pack 2, which is still being distributed to many customers' computers, is not vulnerable to the flaw.

"The challenge is that [the flawed function] ships with a variety of products," said Stephen Toulouse, security program manager for Microsoft's incident response centre.

Because so many applications are affected, Microsoft had to create a separate tool to help customers update their computers. Users of Windows Update will also be directed to the software giant's Office Update tool and then to the tool that will find and update imaging and development applications. The tools are a preview of what may come from the company in the future, Toulouse said.

"We know one of the most important things that we hear from customers is to make the software update process easier," he said. "A goal of a unified update mechanism is what we are looking at."

Out of necessity, Linux distributions have already developed such unified update software, which not only updates the core operating system but also other applications created by the open-source community. The majority of Windows applications, however, are created by companies other than Microsoft, making such a unified update system more politically difficult to create.

The JPEG processing flaw enables a program hidden in an image file to execute on a victim's system. The flaw is unrelated to another image vulnerability found in early August. That vulnerability, in a common code library designed to support the Portable Network Graphics, or PNG, format, affected applications running on Linux, Windows and Apple's Mac OS X. Both the JPEG, which stands for Joint Photographic Experts Group, and PNG formats are commonly used by websites.

As part of a notification program that has been in place since April 2004, any customer that had signed a nondisclosure agreement with Microsoft received a three-day advance warning about the JPEG flaw.

"Some customers wanted to get more information, for planning purposes," Toulouse said, responding to media reports that premium customers were getting advanced notice of security issues. He directed interested customers to their Microsoft sales representative to get more information on the program. The information given to participants in the program is limited to the number of flaws, the applications affected and the maximum threat level assigned to the flaws.

The JPEG image-processing vulnerability is the latest flaw from Microsoft and the source of the company's 28th advisory this year. Microsoft frequently includes multiple issues in a single advisory; four advisories in April, for example, contained more than 20 vulnerabilities.

A second patch released by Microsoft fixes a flaw in the WordPerfect file converter in Microsoft Office, Publisher, Word and Works. That flaw is rated "important," Microsoft's second-highest threat level, just below "critical." The vulnerability would let an attacker take control of the victim's PC, if that user opened a malicious WordPerfect document.

More information on the second flaw can be found in the advisory on Microsoft's website. The software giant recommends that customers use Office Update to download the fix.

From Silicon.com



Previous
Next
Brazil 'home to 80 per cent of world's hackers'        All News        Fujifilm to rely on OEM production to compete with Kodak
Brazil 'home to 80 per cent of world's hackers'     General Computing News      DivXNetworks partners with Plextor

Source Link Get RSS feed Easy Print E-Mail this Message

Related News
Tech Giants Support Microsoft In Data Fight With U.S.
Cortana Arrives in France, Italy, Germany, and Spain
Microsoft Creates Tools That Unlock the Power of Living Cells
Microsoft Acquires Mobile Email App Provider Acompli
Windows 8.1 Overtakes XP in Terms of Internet Usage
Microsoft Accidentally Anounced Acquisition Of Acompli
Microsoft Offers Massive Music Deals For The Holidays
Microsoft Slashes Prices Of Xbox One, Surface 3 For Black Friday
Samsung Loses Bid Against Microsoft
Microsoft To Offer Digital Services To Real Madrid Soccer Fans
Microsoft Surface Pro 3 Update Fixes Bugs
Microsoft's 3D Soundscape Technology Research Helps Visually Impaired

Most Popular News
 
Home | News | All News | Reviews | Articles | Guides | Download | Expert Area | Forum | Site Info
Site best viewed at 1024x768+ - CDRINFO.COM 1998-2014 - All rights reserved -
Privacy policy - Contact Us .