Microsoft GDI+ Detection Tool

What exactly is GDI+ and Microsoft GDI+ Detection Tool?

Hi:

Don't know if this is correct, but to share with you.

Minutes ago when I was reading email newsletters as part of daily routine, I
noticed one of them says, JPEG files are no longer safe for viewing and....,
and that MS released a patch for a flaw in the way their products process
JPEG files, and so on and so on.

So I ran Windows Update to see what has been released and have seen this
update, which when I read it is very confusing.

In any case, I ran it and it asked me to also run Office Update, which I did
and I found two new updates for my Office 2003 (but did not seem related to
the JPEG for what I can see). I just completed the installation for this
notebook.

In any case, I guess it has something to do with JPEG files and which is
being processed by various products.

Again, I am not sure if I am right or not, just for your information.


Hope this will help.

--
Business executive who believes technology but don't want to be messed
around.


"Johnny Lingo" wrote in message
news:Sl62d.51959$MQ5.26428@attbi_s52...
What exactly is GDI+ and Microsoft GDI+ Detection Tool?

OP and xfile:
Some notes from various sources:


Windows Update has the tool as a critical update

URL to dnload the tool separately:
http://www.microsoft.com/downloads/d...displaylang=en

MS Security Bulletin:
http://www.microsoft.com/technet/sec.../MS04-028.mspx

NG post:
"Yeah, there are three vulnerable DLLs that are mentioned in the security
bulletin
GDIPLUS.DLL prior to version 5.1.3102.1355
MSO.DLL prior to version 10.0.6714.0
VGX.DLL prior to version 6.0.2800.1411

GDIPLUS.DLL is a general redistributable file that can be installed by many
different applications
MSO.DLL is a Microsoft Office DLL
VGX.DLL is an IE DLL"

NG post:
"Vulnerable items:
(must resolve separately)
Some MS op systems
and Some apps (MS and others)"

From MS sources:
Windows XP, Window XP Service Pack 1, and Windows Server 2003 are the only
operating systems that contain the vulnerable component by default.
Windows XP Service Pack 2 [op system] is not affected by this vulnerability
[must still check apps].
By default, Windows 98, Windows 98 SE, Windows Me, Windows NT 4.0, and
Windows 2000 do not. However, the vulnerable component will be installed by
any of the programs listed in the affected software section of this bulletin
on these operating systems and you should install the appropriate security
update for those programs.
If a user is logged on with administrator privileges, an attacker who
successfully exploited this vulnerability could take complete control of an
affected system, including installing programs; viewing, changing, or
deleting data; or creating new accounts with full privileges. Users whose
accounts are configured to have fewer privileges on the system would be at
less risk than users who operate with administrative privileges.

What does the GDI+ Detection tool do?
The GDI+ Detection tool scans your system for non-operating system products
that are known to contain the vulnerable component. It then directs
consumers to the appropriate locations for downloading an update to address
the vulnerability.
Will the GDI+ Detection tool tell me if my system is at risk from this
vulnerability?
No. The tool is only designed to scan the system and detect for certain
installed products that are known to contain the vulnerable component. The
tool is not able to determine if these products have already been updated to
use a secure version of the affected component.

Non-Affected [MS] Software
. Microsoft Windows NT Server 4.0 Service Pack 6a
. Microsoft Windows NT Server 4.0 Terminal Server Edition Service Pack 6
. Microsoft Windows 2000 Service Pack 3, Microsoft Windows 2000 Service
Pack 4
. Microsoft Windows XP Service Pack 2
. Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and
Microsoft Windows Millennium Edition (Me)
. Microsoft Office 2003 Service Pack 1
. Microsoft Office 2000
. Microsoft Visio 2003 Service Pack 1
. Microsoft Visio 2000
. Microsoft Project 2003 Service Pack 1
. Microsoft Project 2000
. Microsoft Digital Image Suite 10, Microsoft Digital Image Pro 10, Picture
It! Premium 10

Affected [MS] Softwa
.. Microsoft Windows XP and Microsoft Windows XP Service Pack 1 - Download
the update
. Microsoft Windows XP 64-Bit Edition Service Pack 1 - Download the update
. Microsoft Windows XP 64-Bit Edition Version 2003 - Download the update
. Microsoft Windows ServerT 2003 - Download the update
. Microsoft Windows Server 2003 64-Bit Edition - Download the update

.. Microsoft Office XP Service Pack 3 - Download the update
Microsoft Office XP Service Pack 3 Softwa
.. Outlook® 2002
.. Word 2002
.. Excel 2002
.. PowerPoint® 2002
.. FrontPage® 2002
.. Publisher 2002

.. Microsoft Office 2003 - Download the update
Microsoft Office 2003 Softwa
.. Outlook® 2003
.. Word 2003
.. Excel 2003
.. PowerPoint® 2003
.. FrontPage® 2003
.. Publisher 2003
.. InfoPathT 2003
.. OneNoteT 2003

.. Microsoft Project 2002 Service Pack 1 (all versions) - Download the update
. Microsoft Project 2003 (all versions) - Download the update

. Microsoft Visio 2002 Service Pack 2 (all versions) - Download the update
. Microsoft Visio 2003 (all versions) - Download the update
. Microsoft Visual Studio .NET 2002 - Download the update

Microsoft Visual Studio .NET 2002 Softwa
.. Visual Basic .NET Standard 2002
.. Visual C# .NET Standard 2002
. Visual C++ .NET Standard 2002


.. Microsoft Visual Studio .NET 2003 - Download the update
Microsoft Visual Studio .NET 2003 Softwa
.. Visual Basic .NET Standard 2003
.. Visual C# .NET Standard 2003
.. Visual C++ .NET Standard 2003
.. Visual J# .NET Standard 2003


.. The Microsoft .NET Framework version 1.0 SDK Service Pack 2 - Download the
update
. Microsoft Picture It!® 2002 (all versions) - Download the update
. Microsoft Greetings 2002 - Download the update
. Microsoft Picture It! version 7.0 (all versions) - Download the update
. Microsoft Digital Image Pro version 7.0 - Download the update
. Microsoft Picture It! version 9 (all versions, including Picture It!
Library) - Download the update
. Microsoft Digital Image Pro version 9 - Download the update
. Microsoft Digital Image Suite version 9 - Download the update
. Microsoft Producer for Microsoft Office PowerPoint (all versions) -
Download the update
. Microsoft Platform SDK Redistributable: GDI+ - Download the update

It just seems to me to be Microsoft spyware.


"CZ" wrote in message
...
OP and xfile:
Some notes from various sources:


Windows Update has the tool as a critical update

URL to dnload the tool separately:
http://www.microsoft.com/downloads/d...displaylang=en

MS Security Bulletin:
http://www.microsoft.com/technet/sec.../MS04-028.mspx

NG post:
"Yeah, there are three vulnerable DLLs that are mentioned in the security
bulletin
GDIPLUS.DLL prior to version 5.1.3102.1355
MSO.DLL prior to version 10.0.6714.0
VGX.DLL prior to version 6.0.2800.1411

GDIPLUS.DLL is a general redistributable file that can be installed by
many different applications
MSO.DLL is a Microsoft Office DLL
VGX.DLL is an IE DLL"

NG post:
"Vulnerable items:
(must resolve separately)
Some MS op systems
and Some apps (MS and others)"

From MS sources:
Windows XP, Window XP Service Pack 1, and Windows Server 2003 are the only
operating systems that contain the vulnerable component by default.
Windows XP Service Pack 2 [op system] is not affected by this
vulnerability [must still check apps].
By default, Windows 98, Windows 98 SE, Windows Me, Windows NT 4.0, and
Windows 2000 do not. However, the vulnerable component will be installed
by any of the programs listed in the affected software section of this
bulletin on these operating systems and you should install the appropriate
security update for those programs.
If a user is logged on with administrator privileges, an attacker who
successfully exploited this vulnerability could take complete control of
an affected system, including installing programs; viewing, changing, or
deleting data; or creating new accounts with full privileges. Users whose
accounts are configured to have fewer privileges on the system would be at
less risk than users who operate with administrative privileges.

What does the GDI+ Detection tool do?
The GDI+ Detection tool scans your system for non-operating system
products that are known to contain the vulnerable component. It then
directs consumers to the appropriate locations for downloading an update
to address the vulnerability.
Will the GDI+ Detection tool tell me if my system is at risk from this
vulnerability?
No. The tool is only designed to scan the system and detect for certain
installed products that are known to contain the vulnerable component. The
tool is not able to determine if these products have already been updated
to use a secure version of the affected component.

Non-Affected [MS] Software
. Microsoft Windows NT Server 4.0 Service Pack 6a
. Microsoft Windows NT Server 4.0 Terminal Server Edition Service Pack 6
. Microsoft Windows 2000 Service Pack 3, Microsoft Windows 2000 Service
Pack 4
. Microsoft Windows XP Service Pack 2
. Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and
Microsoft Windows Millennium Edition (Me)
. Microsoft Office 2003 Service Pack 1
. Microsoft Office 2000
. Microsoft Visio 2003 Service Pack 1
. Microsoft Visio 2000
. Microsoft Project 2003 Service Pack 1
. Microsoft Project 2000
. Microsoft Digital Image Suite 10, Microsoft Digital Image Pro 10,
Picture It! Premium 10

Affected [MS] Softwa
. Microsoft Windows XP and Microsoft Windows XP Service Pack 1 - Download
the update
. Microsoft Windows XP 64-Bit Edition Service Pack 1 - Download the update
. Microsoft Windows XP 64-Bit Edition Version 2003 - Download the update
. Microsoft Windows ServerT 2003 - Download the update
. Microsoft Windows Server 2003 64-Bit Edition - Download the update

. Microsoft Office XP Service Pack 3 - Download the update
Microsoft Office XP Service Pack 3 Softwa
. Outlook® 2002
. Word 2002
. Excel 2002
. PowerPoint® 2002
. FrontPage® 2002
. Publisher 2002

. Microsoft Office 2003 - Download the update
Microsoft Office 2003 Softwa
. Outlook® 2003
. Word 2003
. Excel 2003
. PowerPoint® 2003
. FrontPage® 2003
. Publisher 2003
. InfoPathT 2003
. OneNoteT 2003

. Microsoft Project 2002 Service Pack 1 (all versions) - Download the
update
. Microsoft Project 2003 (all versions) - Download the update

. Microsoft Visio 2002 Service Pack 2 (all versions) - Download the update
. Microsoft Visio 2003 (all versions) - Download the update
. Microsoft Visual Studio .NET 2002 - Download the update

Microsoft Visual Studio .NET 2002 Softwa
. Visual Basic .NET Standard 2002
. Visual C# .NET Standard 2002
. Visual C++ .NET Standard 2002


. Microsoft Visual Studio .NET 2003 - Download the update
Microsoft Visual Studio .NET 2003 Softwa
. Visual Basic .NET Standard 2003
. Visual C# .NET Standard 2003
. Visual C++ .NET Standard 2003
. Visual J# .NET Standard 2003


. The Microsoft .NET Framework version 1.0 SDK Service Pack 2 - Download
the update
. Microsoft Picture It!® 2002 (all versions) - Download the update
. Microsoft Greetings 2002 - Download the update
. Microsoft Picture It! version 7.0 (all versions) - Download the update
. Microsoft Digital Image Pro version 7.0 - Download the update
. Microsoft Picture It! version 9 (all versions, including Picture It!
Library) - Download the update
. Microsoft Digital Image Pro version 9 - Download the update
. Microsoft Digital Image Suite version 9 - Download the update
. Microsoft Producer for Microsoft Office PowerPoint (all versions) -
Download the update
. Microsoft Platform SDK Redistributable: GDI+ - Download the update