MS calls this trustworthy?
I ran updated MSBA 1.2.1 today (on a few different PCs to see if it was
just me) with no mention that I needed MS04-028.
OK. Fine! I'll check windowsupdate.microsoft.com
Now at least I get a critical update warning, great, I install
"Microsoft GDI+ Detection Tool (KB873374)".
But wait!
They only give you the option of running "Microsoft GDI+ Detection Tool
(KB873374)" to see if you are vulnerable ONCE! I can't find it in the
add-remove programs, program files, where did it go?
SO I ran it, it said I might be vulnerable, and then I expected it to
tell me what program I had that was vulnerable.
Not this program!
Instead it bumps you out to a different web site, telling me to run a
bunch of other update programs to see if I am vulnerable????
SO I think it might be Office2003, but I have Office 2003 SP1 installed,
so I should be OK? (Win2k Sp4, IE 5.5 SP2, all safe according to MS) No
updates needed besides the spam filter update for Outlook. Ok I install
the spam filter update.
SO, how do I re-run it now to check? I can't download it, I can't
uninstall it so Windows Update can detected it again?
Did I miss something here?
-Tom R
-----Original Message-----
From: Russ Cooper [mailto:Russ.Cooper@TRUSECURE.CA]
Sent: Wednesday, September 15, 2004 8:55 PM
To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
Subject: MinorRev: Microsoft Security Bulletin MS04-028 - Buffer Overrun
in JPEG Processing (GDI+) Could Allow Code Execution (833987)
Microsoft Security Bulletin MS04-028:
Buffer Overrun in JPEG Processing (GDI+) Could Allow Code Execution
(833987)
Bulletin URL:
<http://www.microsoft.com/technet/security/bulletin/MS04-028.mspx>
Reason for Revision: Affected and Non-Affected Software Sections
updated. Office XP Service Pack 2 is affected and this has been
clarified. The .NET Framework 1.1 SDK and MS Works (all versions) are
not affected and have been added to the Non Affected Software Section.
FAQ's have also been updated to provide additional information about
this issue.
Version Number: 1.1
Issued Date: Tuesday, September 14, 2004
Revision Date: Wednesday, September 15, 2004
Impact of Vulnerability: Remote Code Execution
Maximum Severity Rating: Critical
Patch(es) Replaced: None
Caveats: If you have installed any of the affected programs or affected
components listed in this bulletin, you should install the required
security update for each of the affected programs or affected
components. This may require the installation of multiple security
updates. See the FAQ section of this bulletin for more information.
Tested Software:
Affected Software:
------------------
* Microsoft Windows XP and Microsoft Windows XP Service Pack 1
<http://tinyurl.com/4hp33>
* Microsoft Windows XP 64-Bit Edition Service Pack 1
<http://tinyurl.com/4zg68>
* Microsoft Windows XP 64-Bit Edition Version 2003
<http://tinyurl.com/6arva>
* Microsoft Windows Server(tm) 2003
<http://tinyurl.com/43too>
* Microsoft Windows Server 2003 64-Bit Edition
<http://tinyurl.com/6arva>
* Microsoft Office XP Service Pack 3
<http://tinyurl.com/64orn>
* Microsoft Office XP Service Pack 2 Microsoft Office XP Software:
- Outlook. 2002
- Word 2002
- Excel 2002
- PowerPoint. 2002
- FrontPage. 2002
- Publisher 2002
<http://tinyurl.com/5t8gq>
* Microsoft Office 2003 Microsoft Office 2003 Software:
- Outlook. 2003
- Word 2003
- Excel 2003
- PowerPoint. 2003
- FrontPage. 2003
- Publisher 2003
- InfoPath(tm) 2003
- OneNote(tm) 2003
<http://tinyurl.com/58zvm>
* Microsoft Project 2002 Service Pack 1 (all versions)
<http://tinyurl.com/7xuno>
* Microsoft Project 2003 (all versions)
<http://tinyurl.com/5ba7j>
* Microsoft Visio 2002 Service Pack 2 (all versions)
<http://tinyurl.com/67g3k>
* Microsoft Visio 2003 (all versions)
<http://tinyurl.com/4xhuy>
* Microsoft Visual Studio .NET 2002 Microsoft Visual Studio .NET 2002
Software:
- Visual Basic .NET Standard 2002
- Visual C# .NET Standard 2002
- Visual C++ .NET Standard 2002
<http://tinyurl.com/5ptm3>
* Microsoft Visual Studio .NET 2003 Microsoft Visual Studio .NET 2003
Software:
- Visual Basic .NET Standard 2003
- Visual C# .NET Standard 2003
- Visual C++ .NET Standard 2003
- Visual J# .NET Standard 2003
<http://tinyurl.com/4tnq2>
* The Microsoft .NET Framework version 1.0 SDK Service Pack 2
<http://tinyurl.com/6sxld>
* Microsoft Picture It!. 2002 (all versions)
<http://tinyurl.com/3q869>
* Microsoft Greetings 2002
<http://tinyurl.com/3q869>
* Microsoft Picture It! version 7.0 (all versions)
<http://tinyurl.com/3q869>
* Microsoft Digital Image Pro version 7.0
<http://tinyurl.com/3q869>
* Microsoft Picture It! version 9 (all versions, including Picture It!
Library)
<http://tinyurl.com/3q869>
* Microsoft Digital Image Pro version 9
<http://tinyurl.com/3q869>
* Microsoft Digital Image Suite version 9
<http://tinyurl.com/3q869>
* Microsoft Producer for Microsoft Office PowerPoint (all versions)
<http://tinyurl.com/lp5p>
* Microsoft Platform SDK Redistributable: GDI+
<http://tinyurl.com/5nn4t>
Affected Components:
--------------------
* Internet Explorer 6 Service Pack 1
<http://tinyurl.com/5zjvb>
* The Microsoft .NET Framework version 1.0 Service Pack 2
<http://tinyurl.com/6sxld>
* The Microsoft .NET Framework version 1.1
<http://tinyurl.com/6qcrt>
Technical Description:
----------------------
* JPEG Vulnerability - CAN-2004-0200: A buffer overrun vulnerability
exists in the processing of JPEG image formats that could allow remote
code execution on an affected system. Any program that processes JPEG
images on the affected systems could be vulnerable to this attack, and
any system that uses the affected programs or components could be
vulnerable to this attack. An attacker who successfully exploited this
vulnerability could take complete control of an affected system.
Revision History:
-----------------
* v1.0 - 9/14/2004: Bulletin published
* v1.1 - 9/15/2004: Affected and Non-Affected Software Sections updated.
Office XP Service Pack 2 is affected and this has been clarified. The
.NET Framework 1.1 SDK and MS Works (all versions) are not affected and
have been added to the Non Affected Software Section. FAQ's have also
been updated to provide additional information about this issue.
This email is sent to NTBugtraq automagically as a service to my
subscribers. (v4.01.1664.40858)
Cheers,
Russ - Senior Scientist - TruSecure Corporation/NTBugtraq Editor
-----
NTBugtraq Editor's Note:
Want to reply to the person who sent this message? This list is
configured such that just hitting reply is going to result in the
message coming to the list, not to the individual who sent the message.
This was done to help reduce the number of Out of Office messages
posters received. So if you want to send a reply just to the poster,
you'll have to copy their email address out of the message and place it
in your TO: field
********************************************************************************
The information contained in this message is confidential, is intended only for
the recipient named above, and may be privileged and protected from disclosure.
If the reader of this message is not the intended recipient or is not
authorized to receive it for the intended recipient, you are hereby notified
that any dissemination, distribution or copying of this communication is
strictly prohibited. If you have received this message in error, please notify
us immediately by replying to the sender and deleting it from your computer
system. This email message has been swept for the presence of computer
viruses. Thank you.
********************************************************************************
-----
NTBugtraq Editor's Note:
Want to reply to the person who sent this message? This list is configured such
that just hitting reply is going to result in the message coming to the list,
not to the individual who sent the message. This was done to help reduce the
number of Out of Office messages posters received. So if you want to send a
reply just to the poster, you'll have to copy their email address out of the
message and place it in your TO: field.
-----
