Microsoft warns of new round of virus threats

16 Sep 2004

Microsoft has warned of new flaws in two of its products that, if unpatched by users, could open the door to security threats.

The first vulnerability is in a section of computer code known as the JPEG image processor, which is included in Windows XP, Windows Server 2003, as well as in Office 2002 and 2003 products.

Microsoft said in a security bulletin: “A specially crafted JPEG image may trigger this vulnerability and result in the execution of arbitrary attacker-supplied code. In other words, an attacker could send you a malicious JPEG image file (possibly by email) and if you simply opened the file for viewing, whatever program the attacker had concealed inside it would execute, giving the attacker the ability to gain control complete control of your system.”

The second flaw is similar to the first one, with this one affecting the section of Microsoft Office 2000, XP (2002), and 2003. It allows them to open files in WordPerfect 5.x file format.

Users do not need to have WordPerfect on their computer to be vulnerable – an attacker could simply send users a file in Wordperfect format (which they might give a .DOC or other file extension such as .WPD or .WP5). When a user tries to open it, Microsoft Office would see that it was in Wordperfect format, and would open it using the flawed ‘converter’ code, which could cause whatever malicious code the attacker had hidden in the file to be executed.

Microsoft warned: “This type of ‘remote code execution’ attack is particularly dangerous when the user has administrative privileges on the computer, as the malicious code hidden in the file could perform a wider range of unwanted actions [and take complete control of their system].”

The software maker added that it expected the vast majority of windows-based PCs in the vast majority of our customer sites to be at risk from one or both vulnerabilities. For that reason, it recommended that organisations immediately block JPG files at mail gateways, as “a fast-spreading worm exploit of these vulnerabilities is very likely to emerge in the near future”.

According to computer security firm Systemhouse, users should patch their systems without delay. In a statement to its users, the firm said: “There is currently no known security threat (such as a virus or internet worm) that exploits these vulnerabilities to attack systems – but such threats and attacks will inevitably emerge. Whether this will be days or weeks from now is impossible to know, but deploying as soon as possible the security patches which are available from Microsoft is recommended to ensure your systems are secure.”

By Brian Skelly