Microsoft Critical GDI+ Vulnerability Information

The GDI+ vulnerability has the potential to cause significant damage in Microsoft Windows XP computers based on two ways of access: viewing HTML email in a preview window with images not blocked and viewing JPEG attachments. These could result malicious code execution and there are known exploits in the wild. CNS recommends the following:

Install the XP operating system patch immediately.

Single patch is available here.

Important:

• You can also go to the Windows Update site - be mindful that the Express option will direct you to install XP Service Pack 2. Service Pack 2 is a recommended upgrade but contact your IT support staff before installing Service Pack 2. You must navigate through the Custom option to select the operating system patch.
  
  
• The installation of this patch is of critical importance and will remove the vulnerability from Internet Explorer and Outlook Express. You must also run Microsoft Office Update to eliminate the vulnerability in Outlook and the other applications - see below for further instructions.

Further Details

Microsoft recently released a security bulletin for a critical vulnerability in the code that is used to process JPEG images. This vulnerable code is present in:

• Microsoft operating systems
• Microsoft applications including Office
• third party applications that involve the use of graphics

Microsoft has released updates for its products and the installation of these updates is described here. The following FAQ provides more information not included in the Microsoft GDI tool page.

1. Do I just need to go to Windows Update to get fixed?

No, you should also go to the Office Update site where your system will be checked for necessary updates. Note that to apply these updates, you may be asked to provide the application CD. For example, the Visio update install may prompt you for the Visio CD.

2. What's the GDI+ tool for?

   Microsoft has provided a utility which will search your computer for Microsoft applications which are listed as being vulnerable. The tool will simply inform you that your computer does or does not have one of those applications and direct you to go to Windows Update and Office Update - it provides no information as to the status of the vulnerability of any application. Use the tool described below to provide better information.

3. What about non-Microsoft applications?

You will need to check the support websites of the vendor of the application for update information.

4. Does anti virus detect affected JPEG images?

Yes. Anti virus is very effective in quarantining these images. Ensure that you anti virus is up to date.

SANS GDI Scan Tool

SANS has made available a convenient tool to scan your computer (Windows 2000 and up) for vulnerable GDI code. See here for more information. You can run it below.

Run GDI scan tool.

Notes:

• The tool will highlight all vulnerable versions present on the drive that contains the Windows 'System' directory. Ignore files in directories like Windows\$NtUniinstallKBxxxxx\. These are old versions left behind for uninstall purposes. If you find a vulnerable file for a Microsoft product, you should be able to find an update for it here.
  
• If the tool reports a vulnerable file in a non-Microsoft application, check the support site for that application to see what the manufacturer recommends. The list below provides links to application/vendor documentation on this issue. (Please feel free to email more application links for this list)