Patches for two newly discovered vulnerabilities in Microsoft products go a long way toward fixing the problem, but many users may still have work to do to ensure that their systems are completely safe, experts say.
The flaws, one of them critical, could allow an attacker to launch malicious code, change or delete data, or create accounts with administrative privileges.
Microsoft released the two patches Tuesday. MS04-028 fixes a "critical" buffer overrun vulnerability in the processing of .jpg image formats that could allow remote code execution on an affected system.
MS04-027 is rated "important" and affects various Microsoft Office products. The patch fixes a remote code execution vulnerability in the WordPerfect 5.x converter that is provided as part of the software.
Eric Schultze, chief security architect with Shavlik Technologies LLC, in Roseville, Minn., said he doesn't expect either of the flaws to ultimately cause mass pandemonium. But, he explained, cleaning up the problem with the way certain products read .jpg files could take years.
"There is a flaw in the way that things are displayed such that I can send you an evil picture," Schultze said. "The problem is that the particular flawed component ships in several third-party products."
Joe Burkley, director of patch development with PatchLink Corp. in Scottsdale, Ariz., added that while the automatic updates offered by Microsoft fix the .jpg flaw in its Windows operating system and Office products, several lesser known Microsoft applications may still be affected.
"There are still a number of Microsoft applications which will remain vulnerable, and [Microsoft] recommends doing a manual update [for those]", Burkley said.
WordPerfect converter fix
Experts said the flaw in Microsoft's WordPerfect converter coding is a much more straightforward fix. Patches for the problem cover Microsoft Office 2000, Windows XP and Office 2003.
Schultze pointed out that this is the second fix issued for the WordPerfect converter in recent memory. Last fall, Microsoft released a fix for a similar flaw that could lead to buffer overruns.
Schultze speculated that the latest vulnerability may have been initially exploited by hackers who started looking more closely at the WordPerfect converter after the earlier fix was released.
Regardless of how the vulnerability was discovered, Schultze added, it should serve as an important reminder.
"Don't open attachments or documents from people you don't know," Schulze said. "Secondly, apply the patch. That way if you do happen to open this document, it's not going to hack you."