Scanner Tool Released To Thwart JPEG Attack

March 8, 2008 – 3:39 PM

With security experts predicting a large-scale worm attack is only a matter of days away, Microsoft has released a scanning tool to help users identify vulnerable versions of the GDI libraries that handle JPEG processing.

The Microsoft GDI+ Detection Tool (available for download here) helps detect the presence of non-Windows Microsoft products that contain the GDI+ component and determines whether a security fix should be applied.

The scanning tool was released along with the MS04-028 patch, which plugs a “critical” flaw in the way JPEG image files are processed.

The Internet Storm Center (ISC) has also issued a scanner (download here) for non-Windows users.

“Several non-Microsoft programs include versions of GDI libraries, which are vulnerable to exploitation. Using this tool, you can identify programs which may be vulnerable, and attempt to obtain updates from the software developer,” the center said.

The ISC said it is continuing to detect several exploits taking advantage of the JPEG GDI vulnerability and warned that a “rapid development of additional exploits” could be expected over the next few days.

The proof-of-concept exploits started circulating a mere eight days after Microsoft released a patch, confirming fears that malicious hackers are constantly reducing the time it takes to exploit known security holes.

Microsoft said it was aware of the circulating exploit code and was investigating the situation. A representative reiterated that customers should apply the MS04-028 patch as a matter of priority.

The exploit code detected by the ISC is capable of opening a command prompt on vulnerable machines, meaning that illegal hackers can potentially hijack an unpatched system and use it as a drone machine for a large-scale attack.

“If we are seeing exploits opening command prompts, something worse is on its way,” the center warned.

Anti-virus firm Trend Micro rates the risk as “high” and warned that a successful attack could allow a hacker to install or run programs and view or edit data with full privileges.

Microsoft Outlook and Outlook Express users, particularly in enterprise settings, are urged to use plain text for reading e-mail messages that could contain a malformed JPEG image.

You must be logged in to post a comment.