Looking Inside

The latest high-visibility security exploit is trouble in the way that some Microsoft products deal with JPG files. The problem revolves around the comment field in a JPG file--Microsoft programmers assumed that the field would always have a length greater than one. If the field is defined in the file as zero- or one-length, the system may crash, but if the right information is included in the proper place, the info can be passed to the system and interpreted as computer instructions.

The bad news is that Microsoft was aware of this exploit for a long time before they fixed it in SP2. The good news is that they did, in fact, fix it in SP2, and the risk should decrease as more people update their systems.

If you want to see exactly what the exploit will do, let me refer you to an excellent security site, K-otik Security. Look at the Exploits tab, and you'll find out precisely how someone can take advantage of this (and many other) weaknesses in software. Reading about the nasties is one thing, but there's no real substitute for looking at code that can harm your system. It's not the most comforting reading on a Friday afternoon, but if it help prevent problems over the weekend, you can relax just a little bit more.