Defusing the FUD

Microsoft Monitor is a weblog by Juniper research group. Today’s article attacks the FUD surrounding the JPEG vulnerability.
Good article all in all. The author praises Microsoft for limiting vulnerability by blocking the automatic display of images in Outlook 2003. This is good, but I do believe images included in the message itself (rather than just links to a website image) are displayed. Of course they have the chance to be scanned by SMTP antivirus.
Another important point of the article is to double check your antivirus. You really should be scanning all files. If you’re scanning program files only, you need to add jpg and jpeg to that file extension list. There have also been reports that tiff uses the same interpreter. You’re really better off scanning all files. I think most companies have caught on to that.