Patching the Windows JPEG vulnerability.

The windows operating system from Windows 95 through Windows XP contains a critical flaw in the code responsibile for viewing JPEG images (the most prevelant image format on the web). Malicious parties can create JPEG files that execute arbitrary code embedded in the image file. As a result, it is possbile to become infected with viruses simply by viewing a web page or opening an e-mail with an attached image — practices formerly regarded as safe.

So far, the actual threat from this vulnerability is small, but the potential threat is huge, and so it is important for people to patch their systems.

Microsoft has started to address this problem through the automatic update process, but so far, their approach is totally half assed. Automatic update will only patch the vulnerability in the operating system and internet explorer. It will also install a scanning utility which will help you identify other software containing the flaw, but only if that software was produced by Microsoft, and even then, you must take additional meausres to actually patch the Microsoft software.

The problem is that there is a lot of non-microsoft software out there which might also contain the vulnerability. Fortunately, a 3rd party has created GDI Scan which will help identify other software containing the flaw.

This article explains how to use the utility to find problems, and the steps you can take to fix them.