|
The first trojan-laden jpeg images designed to exploit the Microsoft GDI+JPEG vulnerability were seen propagating via Usenet newsgroup posts today. Although not itself a significant risk the existence of these trojan horse infected images indicate that it will not be much longer before a self-propagating worm/virus designed to exploit this vulnerability begins to spread via email.
How to protect yourself The Windows Update and Office Update tools patch only Microsoft versions of the vulnerable files and do not fully protect your computer. Many third-party applications install their own copies of the vulnerable files and even if you have applied the Microsoft patch you may still be vulnerable.GDIScan The SANS Internet Storm Center has released an excellent scanning tool which can find the vulnerable files third-party applications may have installed. Download and run gdiscan and follow the instructions provided by SANS.Further Information An excellent FAQ regarding the GDI+ vulnerablity, and specifically the GDIScan tool, can be found at http://www.bleepingcomputer.com/forums/topict3077.html.
|
|
|
