News

Security Firm Finds Program to Create JPEGs Exploiting Microsoft Flaw

Panda Software reported finding a tool on black hat hacker sites that can be used to create files in the JPEG image format that exploit the vulnerability in Microsoft's JPEG processing component.

Microsoft patched the flaw on Sept. 14 in security bulletin MS04-028, but because the flaw affects so many products and the patch must be applied to each of the applications on every system, it is a difficult patch to apply.

Officials with Panda Software said the attacker tool, called JPGTrojan.C, allows a user to create several payloads that can be included in the malicious image file. They include payloads to add a new user to the infected computer and grant that user administrative rights, specify a port to be opened to allow remote access to the computer, specify a remote IP address and a port and establish a connection or download an executable file and run it.

The Microsoft bulletin is available here.

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.

Featured

  • Microsoft Previews Windows Autopilot for HoloLens 2

    Microsoft on Friday announced a public preview of Windows Autopilot for HoloLens 2, its mixed-reality headset.

  • Microsoft Flirts with Charging for API Software Connections

    Microsoft may have started something new by attempting to charge its customers for software that uses its application programming interfaces (APIs).

  • Overcoming Spacesuit Anxiety During Astronaut Training

    Spacesuits are heavy, claustrophobic and hot -- an uncomfortable combination for many would-be astronauts. Here's how Brien came around to the idea of wearing one.

  • Microsoft Announces Azure Kubernetes Service Enhancements

    Microsoft this week announced a few Azure Kubernetes Service (AKS) product milestones as part of the KubeCon event.

comments powered by Disqus