Close
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Subscribe
Logo
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Subscribe
    Home Cybersecurity
    • Cybersecurity

    Third Parties Tackle JPEG Buffer Issue

    Written by

    Andrew Garcia
    Published October 18, 2004
    Share
    Facebook
    Twitter
    Linkedin

      eWEEK content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

      Dealing with Microsoft Corp.s pernicious GDI+ JPEG buffer overrun condition (Microsoft Security Bulletin MS04-28) can be daunting for enterprise administrators, eWEEK Labs has found. Due to the relative ease with which exploits based on this vulnerability can evade existing security solutions distributed throughout the network, we recommend that administrators waste no time in deploying the necessary fixes.

      /zimages/2/28571.gifClick here to read more about the JPEG flaw.

      Early exploits based on this vulnerability are already circling the Internet. These exploits will cause infected machines to automatically download and install Trojan horse applications or open a command shell accessible to remote hosts.

      Unfortunately, the first generation of tools designed to detect the vulnerable versions of the GDI+ libraries used to render JPEG images are a sorry lot indeed, and the number of vulnerable applications is staggering.

      Microsofts first crack at a GDI+ Detection Tool was designed to be run individually on a system-by-system basis, and it scans only for a static list of Microsoft applications. Scans report definite or possible vulnerabilities and point users to the Windows and Office Updates sites—without actually specifying which applications are vulnerable. The tool does not scan for libraries installed by third-party applications.

      Likewise, Microsofts Systems Management Server and its underlying MBSA (Microsoft Baseline Security Analyzer) Version 1.2.1 detection engine—while offering remote detection capabilities—still offer the bare minimum of information and only for Microsoft applications.

      Other GDI+ detection tools available on the Web, such as those from The SANS Institutes Internet Storm Center, are more robust in detecting and reporting all related GDI+ libraries located on a given drive, with relevant version and vulnerability status. Yet these tools are not scalable across hundreds or thousands of systems.

      The SANS GDI Scan tool is available with a graphical interface or in a command-line version that may be integrated into customized detection scripts, but combing through the resultant plethora of log files is time-consuming when attempting to scan hundreds or thousands of machines.

      On Oct. 12, Microsoft finally released an enterprise-ready detection tool; Microsoft Article ID KB 886988 introduced a command-line-based scanner that can be executed from log-in or startup scripts (support.microsoft.com/kb/886988).

      In preliminary tests, we found that the command-line scanner effectively identified missing patches for Microsoft applications. Administrators gain a bounty of resulting log files, but the tools real power comes from its ability to also deliver necessary patches.

      It took some effort to build a share with the proper folder structure that included all the necessary patches, but once that was done, we found that deployment worked without a hitch for operating system, Internet Explorer and Office patches alike. Unfortunately, this tool still does not address third-party applications.

      Third-party patching solutions such as PatchLink Corp.s PatchLink Update or BigFix Inc.s Enterprise Suite are better still at detecting Microsofts vulnerabilities. However, vulnerable third-party applications are more complicated to detect. Even if third-party applications install their own vulnerable libraries, they may or may not use the libraries to render images. Each application vendor should be contacted directly for relevant data.

      To find possibly vulnerable third-party applications, we recommend starting by using SANS GDI Scan on freshly imaged hosts. This will provide a base-line picture of which potentially vulnerable applications are regularly deployed and which vendors must be consulted for more data.

      Vulnerability scanners such as Qualys Inc.s QualysGuard are also somewhat effective at detecting vulnerable third-party applications deployed on active systems. Vulnerability scanner vendors regularly update detection signatures to reflect the latest known vulnerable third-party applications, so regular scanning with the latest signatures will continue to cull vulnerable implementations.

      /zimages/2/28571.gifClick here to read Labs reviews of three vulnerability assessment tools.

      Agents for various solutions can be effective for detecting GDI+ libraries on certain active systems. The PatchLink Update agent or InfoExpress Inc.s CyberGatekeeper LAN agent are examples of host-based agents that can be configured to seek out GDI+ libraries and report version information back to a central console.

      In addition, anti-virus solutions offer a measure of security against attacks. Anti-virus software vendors quickly generate heuristic rules to find exploited images created with early versions of exploit tool kits found on the Web. However, more-sophisticated future exploits will undoubtedly elude these heuristic detection engines, so these programs should not be used to avoid prompt patching.

      Next page: Pegging the JPEG vulnerability.

      Page Two

      Weve yet to see a scalable solution that detects the JPEG vulnerability for Microsoft and third-party applications alike. Below are suggestions for dealing with this vulnerability using tools that may already be on your network.

      • Use Microsofts new enterprise-ready detection tool (KB886988) to patch Windows operating system, Internet Explorer, .Net and Office implementations
      • Use in-depth GDI+ detection tools such as ISCs GDI Scan on fresh images of desktops and servers to get a base-line picture of third-party libraries installed throughout the network; contact third-party application vendors as needed to determine the extent of the vulnerability
      • Utilize vulnerability scanners to search active systems for vulnerable libraries as new signatures are released
      • Leverage distributed agents where possible Some patch management or security agents have the ability to find specific files and report version information to a central console
      • As always, keep anti-virus signatures up-to-date

      Technical Analyst Andrew Garcia can be reached at [email protected].

      Check out eWEEK.coms Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.

      Be sure to add our eWEEK.com Security news feed to your RSS newsreader or My Yahoo page

      Andrew Garcia
      Andrew Garcia
      Andrew cut his teeth as a systems administrator at the University of California, learning the ins and outs of server migration, Windows desktop management, Unix and Novell administration. After a tour of duty as a team leader for PC Magazine's Labs, Andrew turned to system integration - providing network, server, and desktop consulting services for small businesses throughout the Bay Area. With eWEEK Labs since 2003, Andrew concentrates on wireless networking technologies while moonlighting with Microsoft Windows, mobile devices and management, and unified communications. He produces product reviews, technology analysis and opinion pieces for eWEEK.com, eWEEK magazine, and the Labs' Release Notes blog. Follow Andrew on Twitter at andrewrgarcia, or reach him by email at [email protected].

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      MOST POPULAR ARTICLES

      Artificial Intelligence

      9 Best AI 3D Generators You Need...

      Sam Rinko - June 25, 2024 0
      AI 3D Generators are powerful tools for many different industries. Discover the best AI 3D Generators, and learn which is best for your specific use case.
      Read more
      Cloud

      RingCentral Expands Its Collaboration Platform

      Zeus Kerravala - November 22, 2023 0
      RingCentral adds AI-enabled contact center and hybrid event products to its suite of collaboration services.
      Read more
      Artificial Intelligence

      8 Best AI Data Analytics Software &...

      Aminu Abdullahi - January 18, 2024 0
      Learn the top AI data analytics software to use. Compare AI data analytics solutions & features to make the best choice for your business.
      Read more
      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Video

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2024 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.