One of the standard security tactics enterprises apply won't work when defending PCs against threats posed by the image processing flaw found last week in Windows and numerous applications, security experts said Tuesday.
The JPEG bug in Windows XP and Windows Server 2003, as well as in a host of both Microsoft and non-Microsoft applications, can't be defended by blocking JPEG images at the gateway, said John Pescatore, vice president of Gartner's Internet security group.
"You can't simply block against this threat by file extension," said Pescatore, "since hackers could simply rename the file type and Windows would still process it as a JPEG. You'd pretty much have to block not only every image, but every file attachment to make this work. And you can't block everything."
The vulnerability's most likely avenue of exploit, experts said last week, is through delivering specially-crafted JPEG image files via e-mail. Users who open the attachments could put their computer at risk of hacker hijack.
Marcus Sachs of the Internet Storm Center seconded the motion. "If you decide to block JPEG attachments in e-mail, then you also need to consider blocking instant messaging, P2P, Web surfing, and 'allowed' attachments that could contain images, such as Microsoft Office applications," he wrote in an online advisory. "While it sounds like a easy quick-fix, blocking JPEG attachments is the wrong way to attack this problem. Save your energy for security battles that are more worthwhile."
