September 24, 2004 — (WEB HOST INDUSTRY REVIEW) — According to a report by Internet research and reporting firm Netcraft (netcraft.com), exploits continue to emerge for the JPEG vulnerability identified in Microsoft software last week, prompting the security community to prepare for a virus or worm attack based on the vulnerability.
r
r
The security flaw enables an attacker to gain control of a computer by inserting code into a JPEG image. The first exploit code was published last week, and more sophisticated code has followed quickly.
r
r
According to Netcraft, an exploit published Thursday morning on the Full Disclosure mailing list is apparently able to create an administrator-level account on a Windows machine. Another exploit would allow code to be executed on the remote machine.
r
r
Security firms are working to stay on top of the exploits, and Symantec, Trend Micro, Kaspersky and McAfee products are reportedly already able to detect the malicious jpegs. Microsoft issued a patch for the flaw on September 14, when it first revealed the flaw.
