Secure IT Foundation

Windows Security Image Problem – Updated

Posted on: February 15, 2011

Update 15/02/2011

Microsoft release a patch to fix this issue as part this month’s Patch Tuesday MS 11-006. If you use the Enable FixIt then you must use the Disable FixIt before you can successfully install MS 11-006 patch.

07/01/2011

Microsoft has recently confirmed a new security problem with the way XP and Vista versions of Windows handle image files. An image file can be altered to cause Windows to run code on your computer and allow a virus of trojan to infect your computer. All you need to do is visit a webpage with one of these malicious image files or receive an email containing one, no user interaction is required. There is no way of knowing if an image has been altered to affect Windows either. It is not just a case of a ‘picture containing the image of X person’ causes the problem, any image can be altered to include the malicious code.

Currently there is no patch available or planned for this month’s STOM. There is a simple FixIt made available for free from Microsoft, and we recommend that all XP and Vista Windows users run the Enable file. While the risk of an infection is extremely low to none at the moment, a similar problem discovered a few years ago was exploited for years, mostly in the adult end of the Internet.

Once a full patch is finally released we will update this information, as that is always the better long term solution than a temporary FixIt – See above!

SecurityBrad

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


  • None
  • Coldwind: Couldn't agree more. I downloaded a piece of software just now, disabled the 'toolbar' 'offer' (which fortunately for me has become a reflex); but co
  • ModemJunki: I only discovered this today - I had updated the firmware to the latest out of habit, and I could STILL access my TrendNet cams on the local network w
  • PrentOS – a Simple Secure Computer « Secure IT Foundation: [...] September 2010 we said it was time for a brand new start to computing, well it is starting to take shape… [...]

Categories

%d bloggers like this: