Scanner Tool Released To Thwart JPEG Attack

With security experts predicting a large-scale worm attack is only a matter
of days away, Microsoft has released a scanning tool
to help users identify vulnerable versions of the GDI libraries that
handle JPEG processing.

The Microsoft GDI+ Detection Tool (available
for download here
) helps detect the presence of non-Windows
Microsoft products that contain the GDI+ component and determines
whether a security fix should be applied.

The scanning tool was released along with the MS04-028 patch,
which plugs a “critical” flaw in the way JPEG image files are
processed.

The Internet Storm Center (ISC) has also issued a scanner (download here) for
non-Windows users.

“Several non-Microsoft programs include versions of
GDI libraries, which are vulnerable to exploitation. Using this tool, you
can identify programs which may be vulnerable, and attempt to obtain
updates from the software developer,” the center said.

The ISC said it is continuing to detect several exploits taking
advantage of the JPEG GDI vulnerability and warned that a “rapid
development of additional exploits” could be expected over the next few
days.

The proof-of-concept exploits started circulating a mere eight days
after Microsoft released a patch,
confirming fears that malicious hackers are constantly
reducing the time it takes to exploit known security holes.

Microsoft said it was aware of the circulating exploit code and was
investigating the situation. A representative reiterated that
customers should apply the MS04-028 patch as a matter of priority.

The exploit code detected by the ISC is capable of opening a command
prompt on vulnerable machines, meaning that illegal hackers can
potentially hijack an unpatched system and use it as a drone machine for
a large-scale attack.

“If we are seeing exploits opening command prompts, something worse
is on its way,” the center warned.

Anti-virus firm Trend Micro rates the risk as “high” and warned that
a successful attack could allow a hacker to install or run programs and
view or edit data with full privileges.

Microsoft Outlook and Outlook Express users, particularly in
enterprise settings, are urged to use plain text for reading e-mail
messages that could contain a malformed JPEG image.

Get the Free Newsletter!

Subscribe to our newsletter.

Subscribe to Daily Tech Insider for top news, trends & analysis

News Around the Web