Microsoft Patches JPEG Security Flaw

Microsoft has issued a critical security bulletin regarding a buffer overrun vulnerability that exists when Windows processes JPEG image files. The flaw could allow code to be remotely executed and give an attacker full control over an affected system.

Windows XP and Windows Server 2003 are vulnerable, as well as older versions of Windows running any of a long list of Microsoft software titles. Windows XP Service Pack 2 already contains a fix for JPEG processing, but may still be affected if Office is installed.

Microsoft has posted a September 2004 Security Update to correct the issue, and has made available a GDI+ Detection Tool that checks for affected software versions.

All affected Windows users are urged to apply the update immediately.