Security vendors are racing to stay a step ahead of hackers, who are also seeing the published code. “The first PoC (proof-of-concept) released some days ago is already detected by some AV vendors,” said the Internet Storm Center, which said software from Symantec, Trend Micro, Kaspersky and McAfee already detects the malformed jpeg headers. The ISC has also released software that will scan systems for the vulnerability, which could be lurking in non-Microsoft programs as well.

The challenge is not only updating software to defend against the JPEG flaw, but getting those updates onto vulnerable machines. Since the security hole affects the Microsoft Office suite and most versions of the Internet Explorer browser, an enormous number of computers will need to receive multiple updates from Microsoft and antivirus vendors.

The JPEG standard (short for Joint Photographic Experts Group) is one of the primary graphic formats used in web sites, along with GIF and PNG.