Techtree News Staff
September 15, 2004

Microsoft, the software giant has issued a patch so that users can view pictures in the JPEG format without the risk of getting their computers infected.

Image files were considered to be the safest file to execute, but Microsoft said that any application that processes JPEGs could be vulnerable, in its Security Bulletin MS04-028.

The security hole is a buffer overflow that allows an attacker to craft a special JPEG file that would take control of the victim's machine.

Microsoft rates the flaw as important for many of its products, but critical for Outlook versions 2002 and 2003, Internet Explorer 6 with Service Pack 1, Windows XP and Windows XP with Service Pack 1, Windows Server 2003, and the .Net Framework 1.0 with Service Pack 2 and .Net Framework 1.1, according to the Security Bulletin.

Because so many applications are affected, Microsoft had to create a separate tool to help customers update their computers. Users of Windows Update will also be directed to the software giant's Office Update tool and then to the tool that will find and update imaging and development applications.

The software maker's tool scans a PC for certain installed products that are known to contain the vulnerable JPEG image processing engine.

The JPEG flaw was reported privately to Microsoft and it was not disclosed prior to the Tuesday release of the warning and patches, the software maker said. There have been no reports of the issue being exploited, Microsoft said.

The company has also issued a patch for its WordPerfect Converter, which is present in certain Microsoft Office programmes. �