GDI exploit still on after WU

I have a Windows 2003 server with all current patches from WU (office is not
intalled)

Wu comes up cleanly and says all patches installed and is current.

However when I do a GDi scan using the Sans tool it reports my 1.1 SP1 .Net
framework gdiplus.dll is vulnerable.

Does WU not check on vulnerable security files.

thanks
rr

search ms knowledge base for GDI patch and reinstall it and it will help you
with this
MikeD
"rr" <> wrote in message
news:%23$...
>I have a Windows 2003 server with all current patches from WU (office is
>not
> intalled)
>
> Wu comes up cleanly and says all patches installed and is current.
>
> However when I do a GDi scan using the Sans tool it reports my 1.1 SP1
> .Net
> framework gdiplus.dll is vulnerable.
>
> Does WU not check on vulnerable security files.
>
> thanks
> rr
>
>

rr wrote:

> I have a Windows 2003 server with all current patches from WU
> (office is not intalled)
>
> Wu comes up cleanly and says all patches installed and is current.
>
> However when I do a GDi scan using the Sans tool it reports my
> 1.1 SP1 .Net framework gdiplus.dll is vulnerable.
>
> Does WU not check on vulnerable security files.
Hi

1)
Where exactly is the file placed, and what version number does it have?


2)
What is the version number on this file:

%windir%\Microsoft.NET\Framework\v1.1.4322\mscorli b.dll

(%windir% is typically C:\Windows)



--
torgeir, Microsoft MVP Scripting and WMI, Porsgrunn Norway
Administration scripting examples and an ONLINE version of
the 1328 page Scripting Guide:
http://www.microsoft.com/technet/scr...r/default.mspx

Thanks for the replies.

The vulnerable file is
C:WINNT\Microsoft.NET\Framework\v1.1.4322\gdiplus. dll it is version
5.1.3101.0.

Mscorlib.dll is version 1.1.4322.2032

I did a reinstall and its still there.

I am thinking of just replacing the gdiplus with the redistributable
version.
However this would only fix this machine and I have a few others that show
this as well.
Besides I'd like to find out why WU is missing this and if its a problem to
get it fixed.

thanks
rr


"Torgeir Bakken (MVP)" <Torgeir.Bakken-> wrote in message
news:...
> rr wrote:
>
> > I have a Windows 2003 server with all current patches from WU
> > (office is not intalled)
> >
> > Wu comes up cleanly and says all patches installed and is current.
> >
> > However when I do a GDi scan using the Sans tool it reports my
> > 1.1 SP1 .Net framework gdiplus.dll is vulnerable.
> >
> > Does WU not check on vulnerable security files.
> Hi
>
> 1)
> Where exactly is the file placed, and what version number does it have?
>
>
> 2)
> What is the version number on this file:
>
> %windir%\Microsoft.NET\Framework\v1.1.4322\mscorli b.dll
>
> (%windir% is typically C:\Windows)
>
>
>
> --
> torgeir, Microsoft MVP Scripting and WMI, Porsgrunn Norway
> Administration scripting examples and an ONLINE version of
> the 1328 page Scripting Guide:
> http://www.microsoft.com/technet/scr...r/default.mspx

rr wrote:

> Thanks for the replies.
>
> The vulnerable file is
> C:WINNT\Microsoft.NET\Framework\v1.1.4322\gdiplus. dll it is version
> 5.1.3101.0.

My Win2k3 Server installation does not have a gdiplus.dll file in that
folder. I suspect some other application have put that file there, and
that is why it is not updated by Windows Updates.


> Mscorlib.dll is version 1.1.4322.2032

That means that you have SP1 of .Net Framework 1.1 installed (latest
version currently available).


> I did a reinstall and its still there.
>
> I am thinking of just replacing the gdiplus with the redistributable
> version.

Yes, that is what I would have done as well...


> However this would only fix this machine and I have a few others that show
> this as well.
> Besides I'd like to find out why WU is missing this and if its a problem to
> get it fixed.

See my earlier reasoning in this post.



--
torgeir, Microsoft MVP Scripting and WMI, Porsgrunn Norway
Administration scripting examples and an ONLINE version of
the 1328 page Scripting Guide:
http://www.microsoft.com/technet/scr...r/default.mspx

Thanks Torgeir for verifying this. If other apps put vulnerable gdi files
in there it will make it tougher to find. I'll just update the dll on the
servers and rerun the gdiscan tool.

thanks for your help
rr



"Torgeir Bakken (MVP)" <Torgeir.Bakken-> wrote in message
news:%...
> rr wrote:
>
> > Thanks for the replies.
> >
> > The vulnerable file is
> > C:WINNT\Microsoft.NET\Framework\v1.1.4322\gdiplus. dll it is version
> > 5.1.3101.0.
>
> My Win2k3 Server installation does not have a gdiplus.dll file in that
> folder. I suspect some other application have put that file there, and
> that is why it is not updated by Windows Updates.
>
>
> > Mscorlib.dll is version 1.1.4322.2032
>
> That means that you have SP1 of .Net Framework 1.1 installed (latest
> version currently available).
>
>
> > I did a reinstall and its still there.
> >
> > I am thinking of just replacing the gdiplus with the redistributable
> > version.
>
> Yes, that is what I would have done as well...
>
>
> > However this would only fix this machine and I have a few others that
show
> > this as well.
> > Besides I'd like to find out why WU is missing this and if its a problem
to
> > get it fixed.
>
> See my earlier reasoning in this post.
>
>
>
> --
> torgeir, Microsoft MVP Scripting and WMI, Porsgrunn Norway
> Administration scripting examples and an ONLINE version of
> the 1328 page Scripting Guide:
> http://www.microsoft.com/technet/scr...r/default.mspx