Digital Edition

SYS-CON.TV
Finjan Exposes New JPEG Vulnerability in Windows
Finjan Exposes New JPEG Vulnerability in Windows

While the security vulnerability in Microsoft Windows, involving JPEG files, has been making news for the past few weeks; it has not been documented through any proof-of-concept examples that a user's computer can automatically become infected just by browsing Web sites containing such malicious JPEG files. That is until now. Finjan Software, a leading provider of secure content management solutions, has identified a method that allows for such a scenario to take place.

The company's Malicious Code Research Center (MCRC) posted on Bugtrap, a site for Windows that posts news security threats, now tells of a more sophisticated scheme than the original JPEG vulnerability Microsoft has itself acknowledged and published. Finjan's security team discovered a means whereby a user's PC can be taken over; simply by navigating with Internet Explorer into a Web site that contains the deviant image file.

The more benign version could only contaminate a PC by e-mail, or some other means that would enable it to be downloaded onto a local disk. This latest variant does not need any engagement by a PC user in order to infect a system. This new transmission mode can affect anyone who stumbles onto a Web site, or is directed to such a site where the dangerous JPEG resides.

This new security threat, says Shlomo Touboul, founder and CEO of Finjan Software, could be as lethal as the Blaster and Sasser worms. "Finjan believes that the potential damage caused by this threat could be devastating in its global harm and outreach. It would be equivalent to the most malicious internet Worm ever seen so far, comparable in magnitude and destructive potential to the Blaster and Sasser worms, which caused billions of dollars worth of damage to companies in recent years", he said.

Finjan came across the vulnerability while it was investigating the original JPEG security weakness. The company has devised an effective countermeasure that it is sharing with its customers, and providing to home users and businesses alike, free of charge -for the next 30 days. The protection to shore up this threat can be downloaded from the company's Web site, http://www.finjan.com

About Security News Desk
SYS-CON's Security News desk trawls the world of security for news of software, hardware, products, and services that seems likely to be of interest to infosec professionals and summarizes them for easy assimilation by busy IT managers and staff.

In order to post a comment you need to be registered and logged in.

Register | Sign-in

Reader Feedback: Page 1 of 1



ADS BY GOOGLE
Subscribe to the World's Most Powerful Newsletters

ADS BY GOOGLE

ChatOps is an emerging topic that has led to the wide availability of integrations between group cha...
As DevOps methodologies expand their reach across the enterprise, organizations face the daunting ch...
As Marc Andreessen says software is eating the world. Everything is rapidly moving toward being soft...
You know you need the cloud, but you’re hesitant to simply dump everything at Amazon since you know ...
Is advanced scheduling in Kubernetes achievable?Yes, however, how do you properly accommodate every ...
The cloud era has reached the stage where it is no longer a question of whether a company should mig...
The need for greater agility and scalability necessitated the digital transformation in the form of ...
In his keynote at 18th Cloud Expo, Andrew Keys, Co-Founder of ConsenSys Enterprise, provided an over...
Coca-Cola’s Google powered digital signage system lays the groundwork for a more valuable connection...
In his session at 21st Cloud Expo, Raju Shreewastava, founder of Big Data Trunk, provided a fun and ...
While some developers care passionately about how data centers and clouds are architected, for most,...
"Since we launched LinuxONE we learned a lot from our customers. More than anything what they respon...
DevOps is under attack because developers don’t want to mess with infrastructure. They will happily ...
"As we've gone out into the public cloud we've seen that over time we may have lost a few things - w...
In his session at 21st Cloud Expo, Michael Burley, a Senior Business Development Executive in IT Ser...
Sanjeev Sharma Joins June 5-7, 2018 @DevOpsSummit at @Cloud Expo New York Faculty. Sanjeev Sharma is...
We are given a desktop platform with Java 8 or Java 9 installed and seek to find a way to deploy hig...
"I focus on what we are calling CAST Highlight, which is our SaaS application portfolio analysis too...
"Cloud4U builds software services that help people build DevOps platforms for cloud-based software a...
The question before companies today is not whether to become intelligent, it’s a question of how and...