Microsoft released a critical update yesterday for an intriguing problem. Microsoft discovered a flaw in the way various Microsoft operating systems and programs process .JPG images – theoretically allowing a bad guy to run a malicious program on your computer simply by viewing an image. Your computer could be attacked just by visiting a web site that has these specially-designed malicious images. (I can’t imagine how that’s done. I would have sworn it was impossible.)
One important point was underplayed in the news reports: if you have installed Windows XP Service Pack 2, you are not at risk. It’s yet another reason to install SP2 right now – and an emphatic reminder that it’s almost impossible to secure systems running older versions of Windows. The architectural changes in SP2 will challenge the bad guys for a while.
As of today, the .JPG flaw is theoretical – there’s no evidence of it being exploited in the real world. That will change. If you’re not running SP2, visit Windows Update and Office Update and install all critical updates.