Security experts have posted a proof of concept exploit for the recently revealed Microsoft JPEG flaw, which hackers can use as a template for creating electronic attacks. For this reason, I recommend that users of Microsoft software download and install the patch that Microsoft released last week.
"A \[proof of concept\] for the Windows XP JPEG \[flaw\] has been published," says a posting to the Full-Disclosure discussion list. "Because of the potential impact, it is anticipated that this exploit will be widely used by worms and other malware within a short period of time." The flaw affects a range of Microsoft software, including Windows XP (but not Service Pack 2--SP2) and various Microsoft Office products.
Microsoft announced the JPEG flaw last week, describing it as a critical flaw that hackers can use to trigger remote code executions on compromised machines. The JPEG flaw is particularly dangerous because JPEG is one of the primary graphics formats used on the Web. Simply visiting a Web page could cause a correctly formatted JPEG image to compromise your computer, at least theoretically.
Microsoft has published various patches for different Microsoft products to fix this problem. For more information about the Microsoft JPEG flaw and for links to download the patches, visit the Microsoft Web site.