Page Two

By Andrew Garcia  |  Posted 2004-10-18 Print this article Print

Weve yet to see a scalable solution that detects the JPEG vulnerability for Microsoft and third-party applications alike. Below are suggestions for dealing with this vulnerability using tools that may already be on your network.

  • Use Microsofts new enterprise-ready detection tool (KB886988) to patch Windows operating system, Internet Explorer, .Net and Office implementations

  • Use in-depth GDI+ detection tools such as ISCs GDI Scan on fresh images of desktops and servers to get a base-line picture of third-party libraries installed throughout the network; contact third-party application vendors as needed to determine the extent of the vulnerability

  • Utilize vulnerability scanners to search active systems for vulnerable libraries as new signatures are released

  • Leverage distributed agents where possible Some patch management or security agents have the ability to find specific files and report version information to a central console

  • As always, keep anti-virus signatures up-to-date

    Technical Analyst Andrew Garcia can be reached at

    Check out eWEEK.coms Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at Security Center Editor Larry Seltzers Weblog.

    Be sure to add our Security news feed to your RSS newsreader or My Yahoo page

    Andrew cut his teeth as a systems administrator at the University of California, learning the ins and outs of server migration, Windows desktop management, Unix and Novell administration. After a tour of duty as a team leader for PC Magazine's Labs, Andrew turned to system integration - providing network, server, and desktop consulting services for small businesses throughout the Bay Area. With eWEEK Labs since 2003, Andrew concentrates on wireless networking technologies while moonlighting with Microsoft Windows, mobile devices and management, and unified communications. He produces product reviews, technology analysis and opinion pieces for, eWEEK magazine, and the Labs' Release Notes blog. Follow Andrew on Twitter at andrewrgarcia, or reach him by email at

    Submit a Comment

    Loading Comments...
    Manage your Newsletters: Login   Register My Newsletters

    Rocket Fuel