Microsoft hole causes security concerns

Affected JPEGS could allow PCs to be hijacked through various programs such as Word

A couple of weeks were enough for virus writers to exploit the latest, dangerous vulnerability in Windows XP. The hole, considered among the most severe of the last few years, can be used to gain control of somebody else's computer.
This dangerous exploit has surfaced after Microsoft, two weeks ago, disclosed a hole in a key component of its OS. This vulnerability was immediately classified as critical, because a specially designed image file could allow an aggressor to hijack a victim's PC. This spread alarm among security experts and antivirus producers, who recommend updating one's software and acting with caution. At present, experts say that the infected JPEGs cannot be called viruses or worms, because they lack the ability to reproduce on their own, but this could change some time in the near future.
The situation appears under control, but fear is just around the corner. When the infected image file is opened, its malicious code gets executed; it connects to the Internet, downloads about 2 MB of data, and installs a programme that enables one's PC to be remotely controlled. The malignant JPEG file needs only be visualized in one of the many vulnerable programmes, including Internet Explorer, MS Word, and MS Excel. Millions of surfers are at risk.
Vulnerable applications include Windows XP, Windows Server 2003, Office XP, Office 2003, Internet Explorer 6 Service Pack 1, Project, Visio, Picture It, and Digital Image Pro. For each of them Microsoft released an ad hoc patch. Security experts underscore that, although older versions of Windows (98 and 2000) are not at risk, some applications installed under these OSs might well be.
The most exposed users are those who surf with Internet Explorer; they could be victimized simply by visiting a website or opening an HTML email containing a 'bad' JPEG file. Internet Explorer, in fact, processes JPEGs before it caches them. That could also mean that desktops may become infected before antivirus software has a chance to work.
The discovery of this hole fanned the flames of controversy surrounding the most widely used OS. Recently, Gartner Vice President Victor Wheatman called Windows "the history's greatest beta test", i.e. the least stable and secure OS in history. Wheatman went so far as saying that Windows should be considered an experimental software where the testing was left to end users.
"Microsoft will try to fix this situation, and there will be some improvement in Longhorn, but despite what the world's richest man (Bill Gates) says, they won't be able to solve every problem," declared Wheatman. Microsoft, in a statement, replied to critics over its handling of the vulnerability saying that "it does not consider this a high risk to customers, given the amount of user action required to execute the attack, and is not currently aware of any significant customer impact."
Anyway, Windows alternatives such as Mac OS X and Linux look definitely more secure and stable, and in many cases can turn out to be more convenient as well.

Publication Date: 2004-10-10
Story Location: http://tandemnews.com/viewstory.php?storyid=4478