JPEG Exploit:
On September 14th, Microsoft announced that most of their operating systems and any of their applications that handle JPEG images are vulnerable to a dangerous exploit in which malicious code could be executed on a user's machine by simply viewing what appears to be an ordinary image file. Users are at risk simply by checking email or viewing web pages. Microsoft has rated the severity of this vulnerability as "critical."

Within one week of the announcement, a virus using this exploit is already loose on the Internet. In addition, an application has already been designed that helps hackers create malicious JPEG images.

Due to how Microsoft's user policy is designed for their operating systems, hackers using this exploit can not only run malicious code, but they can run the code as the administrator for the PC. This means that the hacker has virtually no limits to the damage they can cause.

Information on this new exploit can be found on Microsoft's web site.

More Than the Operating System:
The vulnerability from this JPEG exploit is not solely a problem with the operating system. The exploit actually uses a Dynamic Link Library (DLL), known as GDI+. With the latest updates from Microsoft, applications are directed to use the new, safer, DLL. However not all applications can be fixed this way because they are coded to use a specific, and potentially vulnerable, DLL. It is also possible that third-party applications could contain a renamed JPEG handler that is vulnerable, which would not be recognized during the updates.

Anti-Virus Software:
In a recent article on the JPEG exploit, CNET explains that anti-virus software could be ill-prepared to protect corporate networks from the JPEG exploit. According to Mikko Hypponen, director of anti-virus research for F-Secure, anti-virus software will strain to find JPEG malware, because by default, it only searches for executable files.

"Normal anti-virus software, by default, will not detect JPEGs," Hypponen said. "You can set your anti-virus scanner to look for JPEG, but the trouble is that you can change the file extension on a JPEG to so many things."

There are about 11 file name extensions to which JPEGs can be changed, including .icon or .jpg2. This would make finding malicious JPEGs even more difficult. Searching could take up a significant amount of valuable processor power.

Furthermore, Internet Explorer processes JPEGs before it caches them. That means the computer has the potential to become infected before anti-virus software ever has a chance to work.

"This means that it is not enough to scan at the desktop," Hypponen said. "You have to scan at the gateway."

The Internet Security Manager does just that. The ISM searches for malicious JPEG images in email and on web pages before the site is served to the end user, stopping viruses at the gateway.

Am I Vulnerable?
If you are running Microsoft Windows, and have Internet Explorer or Microsoft Office installed on your PC, it is very likely that you are vulnerable to this attack. Even if you have XP Service Pack 2, third party software may leave you open for attack. To find out exactly how vulnerable you are, SANS Institute has released a GDI Scan tool that will check your computer for vulnerable DLL files. This free download is available from the SANS Institute's web site.

Will Norton or McAfee Stop This?
While Symantec and McAfee remain unclear on their ability to stop this type of attack, UIA remains committed to the fact that our email scanner will prevent the JPEG from ever reaching your email client.

Can My Firewall Prevent This?
Firewalls currently are unable to prevent the JPEG from being displayed and causing damage to your computer. At best, the firewall can prevent your computer from causing further damage to the connected network.

Getting Help:
One of the first steps to protecting yourself is to make sure you update your software. offers a list of available updates for affected Microsoft applications, as well as information on patching vulnerable DLLs.

To help you determine how vulnerable you really are, SANS Institute offers a free GDI Scanner available on their web site that scans your hard drive for potentially vulnerable DLL files. This is the only tool available currently that scans the entire drive for vulnerable DLL files. Microsoft offers a similar DLL scanner, but it only searches through the Windows directory.

Although SANS Institute's DLL scanner quickly finds vulnerabilities, it does not provide information on how to patch these files, or which files are actually currently being used by the system.

The ULTIMATE Solution:
ULTIMATE Internet Access is already scanning and removing email with malicious code. In fact we have already prevented this exploit from reaching multiple customers. No other ISP is offering this yet. And as early as October 6th, UIA's Internet Security Manager will be blocking malicious JPEGs at the gateway, the most effective way to prevent an attack.

Contacting ULTIMATE Internet Access:
If you are concerned about your vulnerability to the JPEG exploit, we encourage you to call us toll free to speak to a live Internet specialist.