As part of its monthly patching cycle, Microsoft on Tuesday rolled out a pair of security bulletins, including one rated "critical" that affects a bewildering array of the company's operating systems . . .
As part of its monthly patching cycle, Microsoft on Tuesday rolled out a pair of security bulletins, including one rated "critical" that affects a bewildering array of the company's operating systems and applications, and puts systems at risk of hacker hijack.

Security Bulletin MS04-028, dubbed "Buffer Overrun in JPEG Processing," affects Windows XP, Windows XP SP1, and Windows Server 2003, as well as a host of Microsoft applications, most notably those in the Office XP and Office 2003 suites.

The vulnerability, which Microsoft ranked as "Critical," the highest threat level in its four-step system, stems from a flaw in the processing of JPEG images, the ubiquitous format used for digital images. Virtually every digital camera, for instance, produces pictures in .jpg format, while the bulk of Web sites use images in that file format.

"Any time a vulnerability affects so many products, and can be used [by attackers] to do almost anything, it's cause for concern," said Craig Schmugar, a research manager at McAfee. "But we've not seen any proof of concept code for this, much less a working exploit."

The link for this article located at Gregg Keizer is no longer available.