Digital Edition

SYS-CON.TV
Finjan Exposes New JPEG Vulnerability in Windows
Finjan Exposes New JPEG Vulnerability in Windows

While the security vulnerability in Microsoft Windows, involving JPEG files, has been making news for the past few weeks; it has not been documented through any proof-of-concept examples that a user's computer can automatically become infected just by browsing Web sites containing such malicious JPEG files. That is until now. Finjan Software, a leading provider of secure content management solutions, has identified a method that allows for such a scenario to take place.

The company's Malicious Code Research Center (MCRC) posted on Bugtrap, a site for Windows that posts news security threats, now tells of a more sophisticated scheme than the original JPEG vulnerability Microsoft has itself acknowledged and published. Finjan's security team discovered a means whereby a user's PC can be taken over; simply by navigating with Internet Explorer into a Web site that contains the deviant image file.

The more benign version could only contaminate a PC by e-mail, or some other means that would enable it to be downloaded onto a local disk. This latest variant does not need any engagement by a PC user in order to infect a system. This new transmission mode can affect anyone who stumbles onto a Web site, or is directed to such a site where the dangerous JPEG resides.

This new security threat, says Shlomo Touboul, founder and CEO of Finjan Software, could be as lethal as the Blaster and Sasser worms. "Finjan believes that the potential damage caused by this threat could be devastating in its global harm and outreach. It would be equivalent to the most malicious internet Worm ever seen so far, comparable in magnitude and destructive potential to the Blaster and Sasser worms, which caused billions of dollars worth of damage to companies in recent years", he said.

Finjan came across the vulnerability while it was investigating the original JPEG security weakness. The company has devised an effective countermeasure that it is sharing with its customers, and providing to home users and businesses alike, free of charge -for the next 30 days. The protection to shore up this threat can be downloaded from the company's Web site, http://www.finjan.com

About Security News Desk
SYS-CON's Security News desk trawls the world of security for news of software, hardware, products, and services that seems likely to be of interest to infosec professionals and summarizes them for easy assimilation by busy IT managers and staff.

In order to post a comment you need to be registered and logged in.

Register | Sign-in

Reader Feedback: Page 1 of 1



ADS BY GOOGLE
Subscribe to the World's Most Powerful Newsletters

ADS BY GOOGLE

CI/CD is conceptually straightforward, yet often technically intricate to implement since it require...
The explosion of new web/cloud/IoT-based applications and the data they generate are transforming ou...
Containers and Kubernetes allow for code portability across on-premise VMs, bare metal, or multiple ...
Enterprises are striving to become digital businesses for differentiated innovation and customer-cen...
Digital Transformation: Preparing Cloud & IoT Security for the Age of Artificial Intelligence. As au...
DevOps is often described as a combination of technology and culture. Without both, DevOps isn't com...
DXWorldEXPO LLC announced today that All in Mobile, a mobile app development company from Poland, wi...
The now mainstream platform changes stemming from the first Internet boom brought many changes but d...
DXWorldEXPO LLC announced today that Ed Featherston has been named the "Tech Chair" of "FinTechEXPO ...
Chris Matthieu is the President & CEO of Computes, inc. He brings 30 years of experience in developm...
Bill Schmarzo, author of "Big Data: Understanding How Data Powers Big Business" and "Big Data MBA: D...
Andi Mann, Chief Technology Advocate at Splunk, is an accomplished digital business executive with e...
In this presentation, you will learn first hand what works and what doesn't while architecting and d...
The Internet of Things is clearly many things: data collection and analytics, wearables, Smart Grids...
To Really Work for Enterprises, MultiCloud Adoption Requires Far Better and Inclusive Cloud Monitori...
We are seeing a major migration of enterprises applications to the cloud. As cloud and business use ...
If your cloud deployment is on AWS with predictable workloads, Reserved Instances (RIs) can provide ...
Disruption, Innovation, Artificial Intelligence and Machine Learning, Leadership and Management hear...
We build IoT infrastructure products - when you have to integrate different devices, different syste...
Consumer-driven contracts are an essential part of a mature microservice testing portfolio enabling ...