You've probably noticed that in the recent past just about every time Microsoft releases new security patches within about 48 hours somebody releases working "proof of concept" code. Very soon thereafter somebody twists the code to serve as an attack mechanism against the unsuspecting public at large. True to that image, at least two code examples that exploit the recently announced JPEG GDI+ vulnerability were released to various security mailing lists, the most recent of which was released last week.
If you haven't patched your systems (MS04-028) then consider doing so as soon as you can. If you aren't sure if your systems are affected then use the DIR command to look for copies of the GDIPLUS.DLL (dir c:\gdiplus.dll /s) and if you find any then your system might be vulnerable.
Oh, and if Microsoft releases new security bulletins in October then expect that on or about October 15 more exploit code might be released to the public, just in time for Halloween and cyberspace tricksters...
