how to re-scan for GDI+ (jpeg) vulnerability?

I used windows update to download the GDI+ (jpeg) vulnerability scanner. It
said no vulnerable software was found.

So if I install a bunch of software (e.g. office), how do I re-run the
scanner?

peter wrote:

> I used windows update to download the GDI+ (jpeg) vulnerability
> scanner. It said no vulnerable software was found.
>
> So if I install a bunch of software (e.g. office), how do I
> re-run the scanner?
Hi

You can download and run the tool yourself if you want to. More here:

Description of the Microsoft GDI+ Detection Tool
http://support.microsoft.com/default...b;en-us;873374

Microsoft GDI+ Detection Tool
http://www.microsoft.com/downloads/d...displaylang=en


For available GDI+ updates, take a look here:

Microsoft Security Bulletin MS04-028
Buffer Overrun in JPEG Processing (GDI+) Could Allow Code Execution (833987)
http://www.microsoft.com/technet/sec.../MS04-028.mspx


--
torgeir, Microsoft MVP Scripting and WMI, Porsgrunn Norway
Administration scripting examples and an ONLINE version of
the 1328 page Scripting Guide:
http://www.microsoft.com/technet/scr...r/default.mspx

I downloaded the gdi detection tool as suggested. It merely tells me I have
vulnerable components and forwarded me to this web page:
http://www.microsoft.com/security/bu...jpeg_tool.mspx

Once there,
I tried: windows update -- didn't do anything because I already have the
update.
Then tried office update: nothing to update.
Then clicked on the button "check for affected imaging software" and was
told the tool is for win2k or earlier, and that I'm supposed to go to
windows update.
Seems like I'm stuck in an infinite loop.

The only solution that's obvious to me is to to download the patches one by
one. Isn't there an easier way??

-peter

"Torgeir Bakken (MVP)" <Torgeir.Bakken-> wrote in message
news:...
> Description of the Microsoft GDI+ Detection Tool
> http://support.microsoft.com/default...b;en-us;873374
>
> Microsoft GDI+ Detection Tool
>
http://www.microsoft.com/downloads/d...displaylang=en
>
>
> For available GDI+ updates, take a look here:
>
> Microsoft Security Bulletin MS04-028
> Buffer Overrun in JPEG Processing (GDI+) Could Allow Code Execution
(833987)
> http://www.microsoft.com/technet/sec.../MS04-028.mspx

peter wrote:

> I downloaded the gdi detection tool as suggested. It merely tells me I have
> vulnerable components and forwarded me to this web page:
> http://www.microsoft.com/security/bu...jpeg_tool.mspx
>
> Once there,
> I tried: windows update -- didn't do anything because I already have the
> update.
> Then tried office update: nothing to update.
> Then clicked on the button "check for affected imaging software" and was
> told the tool is for win2k or earlier, and that I'm supposed to go to
> windows update.
> Seems like I'm stuck in an infinite loop.
>
> The only solution that's obvious to me is to to download the patches one by
> one. Isn't there an easier way??
Hi

I'm afraid not.


--
torgeir, Microsoft MVP Scripting and WMI, Porsgrunn Norway
Administration scripting examples and an ONLINE version of
the 1328 page Scripting Guide:
http://www.microsoft.com/technet/scr...r/default.mspx