- Joined
- Apr 20, 2000
- Messages
- 84,697
This is from one of the anti-virus providers I use, an email alert. Quite a bit to read, but worth it if it helps you prevent problems in the days ahead............
And a similar one from a newsletter I subscribe to.......
Microsoft has recently reported a vulnerability
called Exploit/MS04-028, affecting the process of viewing JPEG files. The
problem affects many of the company's applications including Office XP,
Office 2003 or Windows XP.
When a user opens a JPEG image that has been specially crafted to exploit
the vulnerability, a buffer overflow occurs that could allow malicious
action to be taken on the computer, including downloading and running of
files. For this reason, it was just a matter of time before malicious code
exploiting this flaw appeared.
PandaLabs has now detected the circulation of a kit, called
Constructor/JPGDownloader, for creating JPEG images that exploit
Exploit/MS04-028. This kit lets malicious users specify the web page from
which all kinds of applications could be downloaded simply when the
unsuspecting victim opens the malicious JPEG file.
According to Luis Corrons, head of PandaLabs: "There is no doubt that virus
creators will take advantage of the new vulnerability and will try to launch
all kinds of viruses that exploit it. In particular, given the nature of the
problem, Trojans are a great threat, especially as they can go unnoticed by
users but are frequently used by cyber-crooks for online fraud. The fact
that the files in question are JPEGs is another important factor, as they
are so frequently used in web pages or exchanged via email. The scene is
changing from one where worms used to pass themselves off as images to one
where the image is actually part of the worm".
To avoid viruses that use the Exploit/MS04-028 vulnerability, Panda Software
offers the following advice:
- Find out if your computer is vulnerable and install the patch provided by
Microsoft to correct the problem. To do this, go to:
http://www.microsoft.com/technet/security/bulletin/MS04-028.mspx
- Don't open JPEG files from unreliable sources, no matter how you have
received them (floppy, CD-ROM, email, instant messaging, chats, etc).
- Don't visit dubious web pages such as those dedicated to hacking or
illegal downloads, etc.
In addition, if your system is protected by any Panda Software product, make
sure this protection is up-to-date. The company has made the corresponding
updates available to clients to detect and block the Exploit/MS04-028
vulnerability.
For more information on Exploit/MS04-028, Constructor/JPGDownloader or other
threats, go to Panda Software's Virus Encyclopedia at:
http://www.pandasoftware.com/virus_info/encyclopedia/
And a similar one from a newsletter I subscribe to.......
Just an FYI...........On with the show...
I need to apologize to our Mac users. Today's post focuses solely on
a Microsoft security problem that promises to become a big issue over
the next couple of days. I hope you don't mind.
-------------------------------------
Microsoft Security Update
Audience: All Windows Users [sort of]
-------------------------------------
Last week I mentioned that Microsoft released a series of patches that
[hopefully] closes a rather nasty security hole in how Microsoft
products process JPEG images. Affected Microsoft products include:
- Windows XP and XP SP1 [but not SP2];
- Internet Explorer 6 SP1;
- Microsoft Office XP [Outlook, Word, Excel, PowerPoint,
FrontPage, and/or Publisher]; and/or
- Microsoft Office 2003 [Outlook, Word, Excel, PowerPoint,
FrontPage, Publisher, InfoPath, and/or OneNote]
Even more discouraging is the fact that patching this hole is more
complicated than usual in that it involves updating both Windows *AND*
Microsoft Office, something few people know how to do.
I also mentioned in an earlier post that when Microsoft releases any
new security patch an unintended consequence is that the bulletin
announcing the patch also announces that vulnerability to crackers.
Crackers count on the fact that you won't get the patch--your computer
will continue to be vulnerable.
Well, our friends at news.com.com [.com] announced yesterday that
A sample program hit the Internet on Wednesday, showing by
example how malicious coders could compromise Windows computers
by using a flaw in the handling of a widespread graphics format
by Microsoft's software.
Source: http://tinyurl.com/3n5tg
What does this mean in English? Well, in your fearless bus driver's
humble opinion, Microsoft's JPEG processing vulnerability is moments
away from becoming the next big computer security threat, one from
which your antivirus and firewall may not protect you. Last week's
bulletin is literally this week's exploit.
Hence today's [repeated] post.
Fortunately, despite what the media is going to tell you over the next
few days, there's no need to panic. Closing this hole is a snap. You
just have to follow a few, simple steps.
-------
XP SP2?
-------
If you have already upgraded your computer to Windows XP Service Pack
2 [XP SP2], stop reading. The JPEG processing vulnerability patch is
built into XP SP2. Your computer is already protected.
But, if you haven't yet upgraded, DON'T! Not yet anyway. While XP
SP2 does fix Microsoft's JPEG processing vulnerability, it could
introduce a whole host of other problems to your computer that you
just don't want to deal with today.
Don't get me wrong, you *NEED* XP SP2. Just not today. My
recommendation is to wait until after Halloween. In fact, some time
in early November I'll write a Tourbus post showing you, step-by-step,
how to upgrade to XP SP2 safely and easily.
For now, let's focus our attention back on Microsoft's JPEG processing
vulnerability. When you try to run Windows Update on a computer that
doesn't yet have XP SP2, the only critical update Microsoft shows you
is--you guessed it--XP SP2. You don't even have the option of getting
the patch that closes the JPEG processing vulnerability.
Grrr.
What you need to do is tell Microsoft to hide their XP SP2 upgrade
from your computer for a while. To do that, just point your web
browser to
http://go.microsoft.com/fwlink/?LinkId=33517
and download Microsoft's free "XP SP2 Blocker Tools." These free tools
temporarily keep Windows Update from automatically installing XP
SP2 onto your computer until April 13, 2005. [I'll show you how to
unblock this in an upcoming Tourbus post.]
Before you can download the XP SP2 Blocker Tools, Microsoft asks you
to voluntarily validate that you are running a licensed, non-stolen
copy of Windows. Click on the continue link in the yellow bar and you
are taken to a page where you are asked to give Microsoft permission
to check your license of Windows. Even if you say no, you'll still be
able to download the XP SP2 Blocker Tools.
Once you're past the validation page,
1. Click on the Download link on the right side of the page.
2. When asked if you would like to open or save
[XPSP2BlockerTools.EXE] to your computer click on the Open
button.
3. Click on the Yes button to agree to the [five page, two
thousand word] end user license agreement.
4. When asked to type the location where you want to place the
extracted files, click on the Browse button.
5. Scroll to the top of the list, choose your Desktop, and click
on the OK button.
6. Click on the OK button again to extract the files.
7. Close your web browser and any other open program.
8. On your desktop you will see five new icons. Double-click on
XPSP2Blocker. A window will open telling you that the Action
[was] successfully completed, and the window will
automatically close after 5 seconds.
9. Feel free to delete those five new icons from your desktop.
You won't need them again.
That's it. Windows Update won't try to install XP SP2 onto your
computer until mid-April. And, better still, you can now see the
critical updates that Microsoft has been hiding from you.
-----------------
Getting the patch
-----------------
To get the JPEG processing vulnerability patch:
1. Run Windows Update by going to Tools > Windows Update in
Internet Explorer. Click on "Scan for updates." Then just
install ALL of the critical updates available for your
computer by clicking "Review and install critical updates."
You may need to restart after you install the critical updates,
and remember to always rerun Windows Update until it tells you
to go away.
Most people will stop here, thinking they have successfully
protected their computers from this new JPEG processing
vulnerability. And most people will be wrong. You still have
two more steps to go.
2. Run Office Update by going to
http://officeupdate.microsoft.com/ and clicking on "Check for
updates." Since the JPEG processing vulnerability is in both
Windows *and* Office, and since the older version of Windows
Update doesn't automatically scan Office for updates, the only
way--well, actually, the *easiest* way--to get the latest
critical updates for Microsoft Office is to manually go to
officeupdate.microsoft.com.
Have your Office installation CD-ROM nearby. Microsoft may
want to "sniff" your disk to make sure you actually own a
licensed copy of Office. But what if you can't find your
Office installation disk? Unfortunately, you're hosed. You
are going to have to borrow a disc from a friend. No disc, no
Office update. And this JPEG processing vulnerability is so
nasty that you NEED to update Office as soon as possible.
3. The third and final step is to, in Internet Explorer, go to
http://www.microsoft.com/security/bulletins/200409_jpeg.mspx
and click on "Check for Affected Imaging Software." This
scans older versions of Windows to make sure that you don't
have any Microsoft imaging software hiding on your computer
that is also vulnerable to this JPEG processing vulnerability.
Remember, running Windows Update is only one-third of the patch
process, and you may need to hide XP SP2 before you can even do that.
Once you have the patch, you also need to run Office Update and [if
you are running an older version of Windows] have Microsoft scan your
imaging programs.
Then sit back, grab a bag of popcorn, and watch the show as the JPEG
processing vulnerability takes down everyone's computer but yours.
