MS04-028 (833987): Microsoft issued on Sept. 14 a set of critical security patches for a flaw in numerous Microsoft products, including several versions of Windows, Office, and various digital-media-related products.
The flaw, identified in Microsoft security bulletin MS04-028, is deemed “critical.” Merely displaying an infected JPEG file (a common image file format on the Web) in Internet Explorer, a Microsoft Office application, or any other application that relies upon Microsoft technology, could silently give control of a PC to an attacker.
In just the few days since Microsoft released information about the flaw, at least one proof-of-concept exploit has been released on security lists on the Web. Security experts are warning that an actual “in the wild” exploit is probably now only a few days away. For this reason, we believe it is essential that all affected Windows users install the patch as soon as possible.
Aside from the severity of the flaw, two issues stand out.
First, the sheer number of affected Microsoft products is daunting. To help you eyeball the list, we’ve compiled an easy-to-read rogues’ gallery (easier to read, anyway, than what Microsoft has in its bulletin, in our opinion). This is shown below, with hyperlinks to information on each different patch that’s required to close the security hole.
Second, if you own more than one of the affected products, you’ll have to install multiple patches. No rest for Windows users.