You can read the below...or just go to:

http://listserv.aol.com/cgi-bin/wa?A...T=0&F=&S=&P=66

And it should explain just about everything you want to know about the most alarming JPEG vulnerability in microsoft (and others?) products.
You need to know about this, and fix any holes you may have.

============================================


I've been on valuemd for a while now, so I hope that the moderators will allow me some leeway in what I am posting now.

my authority:
I've been on the 'net for a loooooonnnnnnng time. I had one of the first public email addresses back in the mid-1980s. I actually worked for a company (Tymnet) that is listed in the Hobbes' history of the internet--Tymnet preceded the internet by quite a bit by being a "public" network (if you had the money)-- to connect terminals (at the time) to company host computers.

I don't recall ever having sent out a "spam" virus alert. However, there is a most urgent Microsoft vulnerability that you ALL must be made aware of. It affects Windows, Microsoft Office, Microsoft imaging programs. The code to manipulate this vulnerability has recently been published publicly on the internet within the last 24-48 hours. When vulnerabilities have been published before, and "proof of concept" published on the web, viral infections followed shortly thereafter.

THIS VULNERABILITY, WHEN EXPLOITED, WILL ALLOW CRIMINALS TO TAKE CONTROL OF YOUR MACHINE UNLESS YOU PLUG THIS HOLE.

This is not the sort of vulnerability that "safe computing" will fix. Not downloading attachments won't keep you safe. This is not the sort of vulnerability that just keeping your virus software up-to-date will fix--nor will firewalls keep you safe. This is because the vulnerability is in a very common "format" for internet pictures--some of you may be familiar with it, it's called JPEG. A simple picture in your email, or on a website you visit, could cause you to be infected with whatever the exploiter wants to infect you with. IN OTHER WORDS: when the vulnerability is exploited, it is as if the exploiter has a key to your computer; a "carte blanche" if you will, to do whatever they want with your computer.

WHAT TO DO:

Go to this site:

http://www.microsoft.com/security/bu...0409_jpeg.mspx

(if you are concerned about this being a "bogus" email address, please feel free to type the address into your address bar in your browser.)

Follow the instructions therein; MSFT has code which will determine what security updates you need to install in order to protect you from this security hole.

(To those of you who have XP, SP2 fixes the problem, but you may not want to install SP2 yet. I'm trying to find the link from the tourbus folks (http://www.tourbus.com -- who, for some reason, do not have the latest issue on their site, that I can see) -- where they discuss your options for fixing this problem WITHOUT installing SP2. I will try to find a link.)

Added: I haven't found the link to their latest tourbus, but this is a link to the story on CNET concerning this problem:

http://news.com.com/Code+to+exploit+...l?tag=nefd.top

Good luck to you all, and please...do not hesitate to install the fixes for this problem!


heart