Security Firm Finds Program to Create JPEGs Exploiting Microsoft Flaw -- Redmond Channel Partner

Security Firm Finds Program to Create JPEGs Exploiting Microsoft Flaw

By Scott Bekker
October 06, 2004

Panda Software reported finding a tool on black hat hacker sites that can be used to create files in the JPEG image format that exploit the vulnerability in Microsoft's JPEG processing component.

Microsoft patched the flaw on Sept. 14 in security bulletin MS04-028, but because the flaw affects so many products and the patch must be applied to each of the applications on every system, it is a difficult patch to apply.

Officials with Panda Software said the attacker tool, called JPGTrojan.C, allows a user to create several payloads that can be included in the malicious image file. They include payloads to add a new user to the infected computer and grant that user administrative rights, specify a port to be opened to allow remote access to the computer, specify a remote IP address and a port and establish a connection or download an executable file and run it.

The Microsoft bulletin is available here.

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.

Free Webcast! Learn about Password Management Best Practices

Featured

The 2021 Microsoft Product Roadmap

From Windows 10X to the next generation of Microsoft's application server products, here are the product milestones coming down the pipeline in 2021.
After High-Profile Attacks, Biden Calls for Better Software Security

Recent high-profile security attacks have prompted the Biden administration to issue an executive order aiming to tighten software security practices across the board.
With Hybrid Networks on Rise, Microsoft Touts Zero Trust Security

Hybrid networks, which combine use of cloud services with on-premises software, require a "zero trust" security approach, Microsoft said this week.
Feds Advise Orgs on How To Block Ransomware Amid Colonial Pipeline Attack

A recent ransomware attack on a U.S. fuel pipeline company has put a spotlight on how "critical infrastructure" organizations can prevent similar attacks.

RCP Update

Email Address*Country*

Please type the letters/numbers you see above.

Security Firm Finds Program to Create JPEGs Exploiting Microsoft Flaw

Featured

The 2021 Microsoft Product Roadmap

After High-Profile Attacks, Biden Calls for Better Software Security

With Hybrid Networks on Rise, Microsoft Touts Zero Trust Security

Feds Advise Orgs on How To Block Ransomware Amid Colonial Pipeline Attack

The 2021 Microsoft Product Roadmap

With Hybrid Networks on Rise, Microsoft Touts Zero Trust Security

After High-Profile Attacks, Biden Calls for Better Software Security

Feds Advise Orgs on How To Block Ransomware Amid Colonial Pipeline Attack

2021 Microsoft Conference Calendar: For Partners, IT Pros and Developers

The 2021 Microsoft Product Roadmap

With Hybrid Networks on Rise, Microsoft Touts Zero Trust Security

After High-Profile Attacks, Biden Calls for Better Software Security

Feds Advise Orgs on How To Block Ransomware Amid Colonial Pipeline Attack

2021 Microsoft Conference Calendar: For Partners, IT Pros and Developers

Partner Guides

Partner's Guide to the Windows Server 2008 Deadline

Partner's Guide to UCaaS

Partner's Guide to Starter Workloads in Azure

Partner's Guide to Microsoft's Fiscal Year 2019

Partner's Guide to Making the Most of Dynamics 365 IUR

FREE WEBCASTS FROM OUR SPONSORS

Tap into the true Microsoft 365 earning potential

Protect Your Customers Against Email Threats with MDR and Microsoft Defender for Office 365

Boost Your Dynamics 365 Business with the Power of the Indirect Model and Tech Data

Webroot’s 2021 Threat Report

FREE WHITE PAPERS FROM OUR SPONSORS

Partner Profile - How eSentire MDR Expands Microsoft 365's Security Capabilities

2021 Webroot BrightCloud Threat Report

eBook: Hacker Personas

Carbonite Data Protection & Cyber Resilience