As I understand it, the Microsoft JPEG vulnerability is exploited by a simple and detectable malforming of a JPEG file. The two bytes that specify the length of the comment field, must be value 2 (which is the size of the field when only these bytes are present) or more (depending on the size of the comment). If set to the illegal values of 0 or 1, then Microsoft JPEG processing malfunctions in a way that can give a hacker control of the computer. Microsoft's fix is to replace its flawed processing files with corrected versions. But this is not foolproof since the old versions may get reinstalled later, perhaps by some program the user installs. Some Microsoft programs make the situation worse with the 'feature' of ignoring extensions and processing misnamed JPEGS, offering hackers a way to hide the exploit. These image files are dangerous. It would be best to detect and exclude them. It seems simple to examine the value of the comment field variable in JPEGS. If the value is 0 or 1 then the JPEG is suspect. If 2 or more, fine. Further, all graphic files should be checked to see if they are really misnamed JPEGs. These corrupt image files are dangerous to have in a computer, even if it is currently patched. If the old JPEG software gets reinstalled, then the dormant files could act. This isn't a virus problem, true. But it is a unique and serious security issue. Does NOD32 detect malfomed JPEGs? If so, great! If not, why not?