New JPG vulnerability?

Avast Free Antivirus / Premium Security
1

Hi all,

Are we protected against this new, terrible JPG vulnerability with Avast? I know it is not “in the wild” yet, but from what I read the vulnerability is on it’s way to being a full-blown worm.

I found a link to a sample of an infected file if anyone is interested. Bitdefender Free picks it up on demand, but Avast Home does not with defs 0440-01 (unless I am not doing something right).

2

There is already a example of this exploit, and it has be exploited in the wild. A sample had been submitted, but they have yet to update their definitions.

3

gelbaum
Microsoft has posted a free online tool to assess the current vulnerability of your computer.Get it HERE

4

On september 14th, Microsoft has released a security patch for it. Visit Windows Update and install ALL security patches/updates.

5

I check for updates daily. I installed this so-called “patch” (probably one of the worst implementations of a Microsoft fix ever) as soon as it came out.

However multiple third party apps also install dll’s etc. that are prone to this vulnerability. This is why I rely on my AV to be my first line of defense. As opposed to other viruses, safe computing practices are irrelevant for this specific vulnerability.

6

There is nothing that I like better than “knocking m$” however this link might lead you to other programmes that might still be open to attacks after installing M$ updates. Got to give them the credit for fixing this quite quickly :wink:

http://news.bbc.co.uk/1/hi/technology/3684552.stm

7

inthewildteam,
My link leads you to an analysis tool to see what’s voulnerable.

8

BitDefender Free V7 alerts:

C:\temp\virus-jpeg.zip=>possibleVirus.jpg is infected with Exploit.Win32.MS04-028.Gen

I know about the Microsoft patches and fixes but my question was fairly specific: Will Avast also be able to identify it in one of the new defs?

9

It is covered/detected with file version 0440-2, compilation date: 29.09.2004.

10

MS04-028 JPG Exploit

11

Thanks, guys! That was fast.

Keep up the excellent work. This forum is amazing. ;D

12

I believe XP users with SP2 dont have the Exploit. :slight_smile:

13

watchthisspace
You’re right not XP2 but, that doesn’t protect any of the other programs mentioned, There is also a fix for Office if your running that.

14

Yes, they have :cry:
This was correctly after, by a specific MS patch :wink:

15

As soon as I get my computer back im gonna download the office 2003 SP1 and all the patches ive missed out on :-[ :slight_smile:

16

Well done…