JPEG Vulnerability

aps,

Found this over at WindowsITpro ( http://www.winnetmag.com/ )concening JPEG vulnerability..

"MS04-028, which Microsoft deems critical, addresses problems with JPEG Graphics Development Interface Plus (GDI+). If after reading the bulletin, you're uncertain whether any of your systems have an application that uses GDI+, you can download a GDI Detection Tool from Microsoft that will help you determine which of your systems might be affected. Read more about the tool in the Microsoft article "Description of the Microsoft GDI+ Detection Tool: September 14, 2004" [http://support.microsoft.com/?kbid=873374]."

It's confusing to me too, but I think if you have SP2 installed you're ok...a section of the bulletin seems to indicate this, but it is confusing....

WildOne 

Message Edited by WildOne46 on 09-28-2004 10:22 AM

Still do not understand whether I need these updates and I just re-read all the information. So if anyone has studied this JPEG Vulnerabilty please join this discussion.

Hi aps

I was curious after reading your post so i went to control panel/security center, and had it check for updates and it brought up 2, one for .net framework 1.1 and one for the JPEG Vulnerability toghther they were 10.4mb and i am running SP 2. Just food for thought.

You don't need the fix if you have SP2. http://msn.com.com/2100-1009_22-5385995.html?part=msn&subj=ns_2543&tag=mymsn

MaryG, Thanks for your answer and the site to confirm this question.

"Windows' Graphic Device Interface Plus (GDI+) software contains a JPEG-processing vulnerability that affects dozens of Microsoft products, including the Office suite. Windows XP and Windows Server versions are vulnerable unless a Microsoft patch has been installed in the last few weeks or, in the case of XP, if the systems have been upgraded to Service Pack 2."

The JPEG Vulnerability did show on the windows update site last week and I did install it but if it did anything I cannot tell.After several days of searching you have been the first to give a definite answer. I have SP2 so therefore I will cross this off my list of things to research.  Thanks.

This may provide some additonal information.

I have SP2 and I also found this update listed as critical after installing SP2.

I was also confused so I downloaded it. I was given the chance to run the detector immediately which I did but nothing was found.

I now can't find the detector to run it again!

I then assumed that it was part of SP2 and therefore somehow irrelevant and not available anymore.

Unfortunately, the MS tool only looks at MS products for vulnerable versions of gdiplus.dll. This MS file is bundled with quite a few third party programs. To check these there is another tool available, called gdiscan that you can download from:

http://isc.sans.org/gdiscan.php

Advice on use and what to do from:

http://www.bleepingcomputer.com/forums/topict3077.html

I found vulnerable versions in HP print screen utility (came bundled with my HP deskjet printer) and in Sonic MyDVD v 5. In both cases I replaced the versions of gdiplus.dll in those app folders by one from SP2: v 5.1.3102.2180 that I found in a folder

C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82

 that got put there during install of SP2 (using the full SP2 update file

WindowsXP-KB835935-SP2-ENU.exe)

Both apps function normally with this updated version as far as I've tested them.

The SP2 update file is a self extracting zipped file, if you open it with Winzip or similar, that version of gdiplus is in that package and you can extract it from there.

Also a discussion of the threat in

http://forums.net-integration.net/index.php?s=ef88fc55ae22451b2f9cf6819ad53d4b&showtopic=22839

 

 

Message Edited by JRosenfeld on 09-29-2004 07:16 PM

JR...

I was going to manually exchange the Gdiplus.dll files of some HP printer software like you did, but changed my mind after reading this part of the JPEG bulletin. Thought I would just bring it to your attention.

Microsoft Security Bulletin MS04-028

http://www.microsoft.com/technet/security/Bulletin/MS04-028.mspx

scroll down to...

"Frequently asked questions (FAQ) related to this security update"

then look under...

"If I use third-party applications that distribute the gdiplus.dll file, could I still be vulnerable even after I have installed all required Microsoft security updates?"

then scroll down to this paragraph...

"It is also important to note that you should install any available security updates instead of manually updating the affected component, if possible. Manually updating the affected component could create application compatibility issues and is not supported. Also, applications that feature ‘Detect and Repair’ functionality will not receive the necessary information required to prevent these features from potentially introducing the vulnerability upon execution if the affected component is manually updated."

Chast,

Yes, thank you, I was aware of that. However neither the HP printscreen utility and Sonic MyDVD v 4.5 had updates to cover this vulnerability (nor are they likely to). Neither app has a detect and repair function.

So I first copied their (vulnerable) versions of gdiplus to a temp folder, updated the gdiplus in each app and tested the app. They both worked OK with the updated gdiplus.

I hardly ever use either program anyway.

Yes, you have to update any Microsoft software that has the jpg flaw. It is not enough to just patch Win XP. If you use other Microsoft products such as Picture It or Office XP, then you have to get different patches for each product. From Windows Update there is a tool you can run to see if you have vulnerable software on your computer and if so, it will tell you how to patch them.