Astaro Software Protects Networks From New Microsoft .jpg Vulnerability

BURLINGTON, Mass. September 29, 2004 Astaro (, announced that its popular Astaro Security Linux network security software protects against the recently discovered Microsoft .jpg vulnerability.

This .jpg vulerability potentially allows hackers to take control of target computers using .jpg graphics files. This is the first major vulnerability discovered involving graphics files of a type used on millions of web sites and exchanged between millions of users thanks to the common use of digital cameras.

According to Microsoft, “A buffer overrun vulnerability exists in the processing of JPEG image formats that could allow remote code execution on an affected system”[A]n attacker who successfully exploited this vulnerability could take complete control of an affected system, including installing programs; viewing, changing, or deleting data; or creating new accounts with full privileges.”

This “critical” vulnerability affects Microsoft Windows?” operating systems, various versions of Microsoft Office products, including Exchange®, PowerPoint® and FrontPage®, development tools such as Microsoft Visio and Microsoft Visual Basic .NET, and a wide variety of software packages from other software companies.

Microsoft recommends applying updates to all computers with affected software, but notes that these systems may still be vulnerable because of weaknesses in software applications from other vendors.

Astaro Security Linux has been able to block affected .jpg files since September 18, only four days after the first Microsoft Security Bulletin detailing this threat. Astaro”s software stops the affected .jpg files at an organization”s Internet gateway, providing protection long before updates can be installed on all internal servers, desktop PCs, and laptops.

Astaro Security Linux can detect and block viruses in both email messages (SMTP and POP3 traffic) and web pages and file downloads (HTTP and FTP traffic), unlike many anti-virus products on the market that scan email but not web traffic.

Utilizing the global virus detection resources of Kaspersky Labs (, Astaro”s Virus Protection for Email and Virus Protection for Web subscription services update customer defenses within hours of the discovery of outbreaks of new viruses and worms.

For More Information on This Vulnerability

For more information on the Microsoft .jpg Vulnerability, see Microsoft Security Bulletin MS04-028: Buffer Overrun in JPEG Processing (GDI+) Could Allow Code Execution (833987) at

About Astaro
Astaro develops Astaro Security Linux, a gateway security product that provides six critical security applications – firewall, VPN gateway, anti-virus, intrusion protection, spam filtering and content filtering – fully integrated on a single management platform. The company was founded in January 2000 and today is co-headquartered in Burlington, Mass. and Karlsruhe, Germany. Astaro’s software has won numerous industry awards, and is deployed on over 20,000 networks in 60 countries, including such companies as Blue Cross/Blue Shield, Los Alamos National Labs, Stanford University and Watsco, Inc. Astaro Security Linux is distributed by a worldwide network of 350 solutions partners who offer local support and services.

Don't miss