New JPEG security outbreak

[skywalker66]

Okay, i dont know if a thread about this has been created before, but I'm just curious about a few things:

How are people affected if they have Office installed, but can't apply the patch (because they dont have the CD on them)? If they refrain from opening up suspicious documents with JPEGs should they be okay?

And also this doesnt affect computers with 98 or ME on them, does it?

 

[Bucksnort]

You can order the office sp3 cd from microsoft. It somes with 2 versions, client for those that have a cd and full which is for those without a cd. I tired the full patch file just to see and it never prompted me for my cd. Go to office updates site and you should see the link to order free office sp cd down towards the bottom.
Order free office sp cd's

 

[spyordie007]

And also this doesnt affect computers with 98 or ME on them, does it?

The OS itself is not, however if they contain software that is affected (i.e. Office XP) than the answer is yes.

How are people affected if they have Office installed, but can't apply the patch (because they dont have the CD on them)? If they refrain from opening up suspicious documents with JPEGs should they be okay?

That doesnt save them from recieving an email with an embeded JPEG or opening a word doc that has a JPEG in it.

If you're a home user than you should have the CDs to run the update (not that many home users use Office). If you're a office/corporate worker than you should be following good security practices in the first place, if you are than it will totally mitigate the threat:
1. Dont run with admin privilages. Even if you get a malicious JPEG if you dont have rights to run its code than it cant do much.
2. Have up-to-date virus protection (most AV vendors already protect against "infected" image files).

But yes like Bucksnort said, get the updates.