Solved

September 2004 Security Update for JPEG Processing (GDI+)

Posted on 2004-10-06
15
221 Views
Last Modified: 2013-12-04
It just keeps getting more intense out there in terms of intrusions.  Not sure if this is well known, but wanted to post and get some feedback.  Curious how this type of thing can impact those of us who do imaging and for the many who've gone the Camcorder (digital photography) route and upload to places like PhotoWorks, Snapfish, etc. that are JPEG images.  Very scary.

September 2004 Security Update for JPEG Processing (GDI+)
The GDI+ security update for September 2004 addresses newly discovered issues in JPEG processing technology. This issue affects software that supports this image format, including some versions of Microsoft Windows, Microsoft Office, and Microsoft developer tools. If you have any of the listed software installed on your computer, you should install the related update.

Depending on the software you are using, you may need to install multiple updates from multiple locations.

Source for more here:
http://www.microsoft.com/security/bulletins/200409_jpeg.mspx

Asta
0
Comment
Question by:Asta Cu
  • 9
  • 3
  • 2
  • +1
15 Comments
 
LVL 29

Assisted Solution

by:blue_zee
blue_zee earned 50 total points
ID: 12243058
0
 
LVL 27

Author Comment

by:Asta Cu
ID: 12243123
Yup, bad news.  People should move to PDF until more safeguards are out there.
0
 
LVL 27

Author Comment

by:Asta Cu
ID: 12243164
0
 
LVL 29

Assisted Solution

by:blue_zee
blue_zee earned 50 total points
ID: 12243228

Just wondering...

I'm patched but I receive an e-mail attachment from an unpatched PC... and with the safety/security level of OE...

Damn, that can hurt!
:((

Zee
0
 
LVL 7

Accepted Solution

by:
LimeSMJ earned 225 total points
ID: 12243295
This particular critical update falls into the "buffer overflow -> remote code execution" problem found in unchecked code.  It's a problem with a variety of programs since the pressure to release a new version usually means little or no vulnerability checks (basically, if the program works, then assume there's no problem and release to public).  A bulk of the new security updates fixes from Microsoft address many buffer overflow issues with different components of Windows and their integrated applications (such as Internet Explorer).  There is no single way to check a huge program (such as Windows) for buffer overflows in a timely and accurate fashion... this is why Microsoft probably adopted their new safe/secure programming philosophy - where code is routinely checked during development to make sure that it is free of bugs or holes that can be exploited.

Even so, with so many different kinds of computers and the constant influx of new technologies (both software and hardware), there is only one real way to prevent a possible intrusion on your computer... get off the grid.  Without any type of Internet connection, there is little or no threat to your computer or any of your personal information/files - unless for some reason you (or family members) like to hack yourselves.  :)  In fact, buffer overflow exploits, DDoS attacks, SPAM, hacking, intrusions, etc.  would all be moot to a computer that isn't connected to the Internet...

Of course, in reality, getting off the net would make your computer pretty much useless since the bulk of personal computing today is Internet related.  What should you do if an exploit is found with a program (or file) that you use??  Well... just install the patch and keep on truckin'.   Computers are here to stay in spite of all of the cons related to it... it's a tool that can do great things - both good and bad.  For an IT guy like me, it's what keeps me eating and puts a roof over my head.

...as far as this exploit's impacts to you as a user of JPEG images - the patch is rated at critical so it should be immediately installed.  Huge websites such as the ones you mentioned, usually have counter-measures for known exploits (such as the one mentioned) and ones that haven't been found yet - so I wouldn't be too wary of the integrity of any of the files you use.  If anything, keep backups of your important files and update your computer frequently with any patches that are released.

Here's more of what the GDI+ component actually is in a Windows OS : http://www.bobpowell.net/gdiplus_faq.htm
0
 
LVL 27

Author Comment

by:Asta Cu
ID: 12243300
For real!  I've been filtering all email twice; once at the Yahoo Plus interface service for my DSL ISP provider with all those "safeguards", then again locally.  It's insane!  Talk about being counter-productive.
0
 
LVL 7

Expert Comment

by:LimeSMJ
ID: 12243316
By the way, PDFs aren't immune to exploits: http://www.net-security.org/vuln.php?id=3390
0
Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

 
LVL 27

Author Comment

by:Asta Cu
ID: 12243351
Thanks also, LimeSMJ, excellent points!

Zee, for Hotmail Plus/Premium, etc.  filters exist and I use them all including not allowing any images to be opened without my taking steps to open them.  Getting a bit paranoid used to like the Rich Text Editor and all the bells and whistles, but keep seeing that I need to get out of the cool stuff back into the safety zone.
0
 
LVL 27

Author Comment

by:Asta Cu
ID: 12243383
LimeSMJ --  How did you find this?  I've looked for PDF vulnerabilities for some time, you've given me a link to the first.  Are there others you've found?  Drat drat drat.  This has all the making of a bad day!  Wonder why Adobe has not responded, you'd think they'd be on top of this big time!
0
 
LVL 27

Author Comment

by:Asta Cu
ID: 12243434
I reported that vulnerability to Adobe about Acrobat Pro V. 6.0 here:
http://www.adobe.com/misc/thanksbug.html
0
 
LVL 27

Author Comment

by:Asta Cu
ID: 12243465
Also did a Product Request Feature to Adobe for Acrobat Pro 6.0 to resolve the vulnerabilities.  Hope something comes of it.
0
 
LVL 7

Assisted Solution

by:LimeSMJ
LimeSMJ earned 225 total points
ID: 12243473
astaec,

Do a search in Google Groups for "pdf exploits" and you'll see some interesting issues with PDF files... nothing real big but some (like the one I mentioned before) can easily crash a user's computer.  In addition, we are only discussing the PDF file itself here... there are still many issues with several PDF writers (even Adobe Acrobat) that can be exploited to cause computer instability.  In reality, there is no real way that Adobe could fix that particular problem since the issue has to deal with the PDF reader's autofix ability - I guess the only real way to defeat such an exploit is to disable the autofix feature so that the user's computer just closes any corrupted PDF file without trying to repair it.

There are a lot of bored people out there with computers.  Hacks have always been around - it's only now that computing has reached mainstream that people are starting to see them.  I wouldn't lose sleep over these little exploits... unless of course you were like the CTO/CIO of a major financial institution where an intrusion into the servers would be really bad as opposed to someone's personal computer needing a reboot.  :)
0
 
LVL 27

Author Comment

by:Asta Cu
ID: 12243498
":0)  Whew!  Thanks, feeling better already.  Checked the google query; mind-boggling results.  
0
 
LVL 2

Assisted Solution

by:kitisak
kitisak earned 25 total points
ID: 12245423
You should try to use GDI Scanner to scan your machine. You will know that which software has a problem. You can find more information at  http://www.bleepingcomputer.com/forums/topict3077.html
0
 
LVL 27

Author Comment

by:Asta Cu
ID: 12320350
Thanks everyone.
Asta
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Many people tend to confuse the function of a virus with the one of adware, this misunderstanding of the basic of what each software is and how it operates causes users and organizations to take the wrong security measures that would protect them ag…
Many of us in IT utilize a combination of roaming profiles and folder redirection to ensure user information carries over from one workstation to another; in my environment, it was to enable virtualization without needing a separate desktop for each…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now