Black Tuesday - September

September 14, 2004


Microsoft Security Bulletin MS04-028: Buffer Overrun in JPEG Processing (GDI+) Could Allow Code Execution (833987) - Critical

This looks pretty bad.. there are a ton of applications that are affected. The attack vector is limited (somewhat); this can't be exploited remotely (like blaster), but the exploitation potential via email or webpage is great.

(edit: 9/22) There is proof of concept and exploit code circulating already, so be on the lookout for the next major virus.