Monday, September 27, 2004

Over the past few days, you might have seen several news articles about a problem with Microsoft and the way it handles JPG files - namely, that a maliciously-coded JPG could be designed that would infect a computer as soon as it was opened. There is more information on this vulnerability here at the Internet Storm Center and here at Microsoft.

Here is the official Microsoft page to check your system for problems with this vulnerability.

However, the MS tool (above) only goes halfway in finding the problem DLLs - it only checks for a very limited number of applications and does not find all applications that use the outdated DLL file. To locate all of the files, you have to use a separate file. After you find them all, you need to replace them with the new version of the DLL, which Microsoft helpfully hid in the following site : Download details: Platform SDK Redistributable: GDI .

It is important that you apply all of the critical patches from the microsoft update website, as well as all of the Office patches!

After you have done that, run the GDI scanner program from the ISC, and replace the vulnerable dll files with the new one found in that MS distributable pack. Running the EXE from the dist pack will only extract the file you need (gdiplus.dll) into a temp folder - you may want to change the folder it places the files in - put them somewhere you can find them! The default folder is rather hard to find, deep in the file structure of the system. Silly Microsoft.

Oh yeah, before you copy the new file into the folder where the old file is located, rename the old file, just in case.

In other news, Microsoft has said that it will not be updating Microsoft Internet Explorer under Windows 2000 and other systems to have all of the security patches that the version in Windows XP will have. Microsoft denies that it is using the threat of viruses and vulnerabilities in it's older products to spur greater sales of Windows XP.