JPEG Exploit Toolkit In The Wild

Last week Microsoft released Security Bulletin MS04-028 regarding a Critical flaw in the way JPEG graphic images are processed. The vulnerability affects a wide range of Microsoft operating systems and products and unfortunately patching to protect against the flaw being exploited requires separate patching for each affected platform and application. A proof-of-concept exploit had been made public last week which simply caused a denial-of-service and was not considered too serious. Now it is being reported that a toolkit has been made public which makes it trivial even for non-programmers to create an exploit which will open a CMD.exe screen for the attacker and allow them to run any code they choose. It has not been turned into self-propagating malware yet, but users should apply the patch or take other preventive actions to protect their systems before it does. For more news about the exploit and the new exploit toolkit see this article in The Register: JPEG Exploit Toolkit Spotted Online.