BURLINGTON, Mass. â September 29, 2004 â Astaro (www.astaro.com), announced that its popular Astaro Security Linux network security software protects against the recently discovered Microsoft.jpg vulnerability.
This.jpg vulerability potentially allows hackers to take control of target computers using.jpg graphics files. This is the first major vulnerability discovered involving graphics files of a type used on millions of web sites and exchanged between millions of users thanks to the common use of digital cameras.
According to Microsoft, âA buffer overrun vulnerability exists in the processing of JPEG image formats that could allow remote code execution on an affected systemâ¦[A]n attacker who successfully exploited this vulnerability could take complete control of an affected system, including installing programs; viewing, changing, or deleting data; or creating new accounts with full privileges.â
This âcriticalâ vulnerability affects Microsoft WindowsÃ operating systems, various versions of Microsoft Office products, including ExchangeÂ®, PowerPointÂ® and FrontPageÂ®, development tools such as Microsoft Visio and Microsoft Visual Basic.NET, and a wide variety of software packages from other software companies.
Microsoft recommends applying updates to all computers with affected software, but notes that these systems may still be vulnerable because of weaknesses in software applications from other vendors.
Astaro Security Linux has been able to block affected.jpg files since September 18, only four days after the first Microsoft Security Bulletin detailing this threat. Astaroâs software stops the affected.jpg files at an organizationâs Internet gateway, providing protection long before updates can be installed on all internal servers, desktop PCs, and laptops.
Astaro Security Linux can detect and block viruses in both email messages (SMTP and POP3 traffic) and web pages and file downloads (HTTP and FTP traffic), unlike many anti-virus products on the market that scan email but not web traffic.
Utilizing the global virus detection resources of Kaspersky Labs (www.kaspersky.com), Astaroâs Virus Protection for Email and Virus Protection for Web subscription services update customer defenses within hours of the discovery of outbreaks of new viruses and worms.
For More Information on This Vulnerability
For more information on the Microsoft.jpg Vulnerability, see Microsoft Security Bulletin MS04-028: Buffer Overrun in JPEG Processing (GDI+) Could Allow Code Execution (833987) at http://www.microsoft.com/technet/security/bulletin /MS04-028.mspx
Astaro develops Astaro Security Linux, a gateway security product that provides six critical security applications - firewall, VPN gateway, anti-virus, intrusion protection, spam filtering and content filtering - fully integrated on a single management platform. The company was founded in January 2000 and today is co-headquartered in Burlington, Mass. and Karlsruhe, Germany. Astaro's software has won numerous industry awards, and is deployed on over 20,000 networks in 60 countries, including such companies as Blue Cross/Blue Shield, Los Alamos National Labs, Stanford University and Watsco, Inc. Astaro Security Linux is distributed by a worldwide network of 350 solutions partners who offer local support and services. http://www.astaro.com
# # #
All trademarks are owned by their respective companies.
U.S. Press Contacts:
Victor Cruz, Astaro
+1 508 785 1590