SP2 Users Insulated From JPEG Flaw

by CXOtoday Staff    Sep 15, 2004

Microsoft’s monthly security bulletin has uncovered a ’critical’ buffer overrun vulnerability that exists in the processing of JPEG image formats. The flaw could allow hackers to remotely execute malicious code, thereby placing affected machines under high risk.

However, Microsoft’s highly secure nutshell, i.e. Windows XP Service Pack 2 (XP SP2), has successfully managed to mitigate the risk.

The MS04-028 update resolves the newly discovered, privately reported vulnerability.

If a user is logged on with administrator privileges, an attacker who successfully exploited this vulnerability could take complete control of an affected system, including installing programs; viewing, changing, or deleting data; or creating new accounts with full privileges. Users whose accounts are configured to have fewer privileges on the system would be at less risk than users who operate with administrative privileges.

Windows XP, Window XP Service Pack 1, and Windows Server 2003 are the only operating systems that contain the vulnerable component by default. By default, Windows 98, Windows 98 SE, Windows Me, Windows NT 4.0, and Windows 2000 are not vulnerable. However, the vulnerable component will be installed by any of the programs listed in the affected software section. Affected systems should be vaccinated immediately, recommends Microsoft.