more bugs in Microsoft operating systems and applications

Software bug raises spectre of 'JPEG of death'

Flawed software code used by numerous Microsoft applications to render images mean that a specially constructed image file could hijack a computer or spread a virus.

Ten years ago the idea of an image infecting a computer was the subject of a hoax email. But what was once a myth is now a genuine threat after Microsoft disclosed a flaw in the image processing code used in a range of its software programs on Tuesday.

Some experts blame the new threat on shoddy programming. "In a properly coded world, a graphic should not be able to infect your computer," says Graham Cluley, senior researcher with the UK-based anti-virus firm Sophos. "It should be impossible."


Crafty programmer

A number of Microsoft operating systems and applications contain the relevant bug, including Windows XP, Windows Server 2003 and Office XP, as well as many smaller applications. Microsoft has released downloadable fixes for affected software, available from the Microsoft TechNet site here.

The affected code has a so-called "buffer overrun" flaw. The buffer is a protected part of the computer memory, but flaws can mean that excessive input data can overrun into unprotected parts of a memory. A crafty programmer can use such a flaw to execute unauthorised code on a computer, potentially providing themselves with a point of entry in order to take complete control.

http://www.microsoft.com/technet/security/bulletin/MS04-028.mspx

put off installing Service Pack 2

put off installing Service Pack 2 to make sure any big problems with SP2 come to light first.

SP2 Fights Worms, Has Bugs

washingtonpost.com

At Microsoft's Web site, the company lists about 40 software programs that may be hampered when Service Pack 2 is installed and 50 that don't seem to be compatible at all