| Security News / Warnings / Updates Discussion about current Security and Privacy News from around the World including the latest threats and solutions. |
September 15th, 2004, 04:08 PM
|
 |
Site Moderator
|
|
Join Date: Apr 2000
Location: Friern Barnet, London, England (51°37'01"N, 0°9'53"W)
Posts: 38,846
|
|
|
Security vulnerability in Jpegs
__________________
|
September 15th, 2004, 08:51 PM
|
|
Site Moderator
|
|
Join Date: Apr 2000
Location: Elma,Wa.
Posts: 41,784
|
|
|
I have sp2 installed and got the update. Even though those links I read said it was not needed.
__________________
SMILE
and post back. Let us know if it worked.
[ Book mark this post to find it again]
|
September 15th, 2004, 09:07 PM
|
 |
Aka: Nix*, NNiixx, Nix23
|
|
Join Date: May 2001
Location: Sydney, Australia
Posts: 8,255
|
|
|
|
September 15th, 2004, 09:08 PM
|
|
Site Moderator
|
|
Join Date: Apr 2000
Location: Friern Barnet, London, England (51°37'01"N, 0°9'53"W)
Posts: 38,846
|
|
The Windows Hotfix for this does not take the usual form, it is in two parts. The second part takes you to a webpage that downloads an ActiveX control that checks other vulnerable apps. I discovered that if you download the .NET Framework SP1 update at the same time, which requires a reboot, then if you click yes to the reboot you'll lose the webpage part of the update. And it doesn't go into the browser history either for some reason.
Here is the URL, in case anyone needs it:
GDI+ Security Update
Only use the link if you need it, as far as I'm aware you need the first part of the update to be installed first before you can use that ActiveX control.
And I, like Train, also found that despite what those articles say, Windows Update still offers the patch after Service Pack 2 is installed.
__________________
|
September 15th, 2004, 09:13 PM
|
|
Site Moderator
|
|
Join Date: Apr 2000
Location: Elma,Wa.
Posts: 41,784
|
|
|
Definately do this update by its self.
__________________
SMILE
and post back. Let us know if it worked.
[ Book mark this post to find it again]
|
September 15th, 2004, 09:18 PM
|
 |
Virtual PC Specialist!!!
|
|
Join Date: Jun 2001
Location: Albuquerque, NM USA
Posts: 12,390
|
|
Went to Windows Update and surprisingly was told the update was available to me, even though the MSKB article says WinXP SP2 without Office does not need it.
"(Important Windows XP Service Pack 2 (SP2) is not affected by this issue. Windows XP SP2 users only need to update Office (if installed). )" I do not have Office.
So, being a good MS customer I downloaded it, anyway. More concerning I got message saying (best as I can remember) that I had some graphics on my PC that could pose a problem. So I followed the instructions and seeing nothing more specific, clicked the button on http://www.microsoft.com/security/bu...jpeg_tool.mspx to scan for "Click for affected Imaging Software". After agreeing to a hold harmless paragraph, nothing happened, except that that link changed into a notice that
"This tool is designed for computers running Windows 2000 and earlier. Windows XP, Windows XP SP1, and Windows Server 2003 users may update their computers by visiting the Windows Update Web site."
Pretty circuitous.
Oh, Well. 
__________________
Jim
WIN XP Pro SP3, IE7, NTFS,
cable, Norton AV, Zone Alarm firewall
|
September 15th, 2004, 09:24 PM
|
|
Aka: Nix*, NNiixx, Nix23
|
|
Join Date: May 2001
Location: Sydney, Australia
Posts: 8,255
|
|
I followed WelshJim's link on a WinNT machine and clicked the [Check for Affected Imaging Software] followed by agreeing to the agreement.
Thw window changed to say
Quote:
|
No affected imaging software was found on this computer
|
|
September 15th, 2004, 09:37 PM
|
|
Virtual PC Specialist!!!
|
|
Join Date: Jun 2001
Location: Albuquerque, NM USA
Posts: 12,390
|
|
Maybe I spoke too soon. There is another link (#4) below #3 which leads you to a list of software affected.
http://www.microsoft.com/technet/sec.../MS04-028.mspx
Since I have none of those I wonder why Windows Update offered the patch to me. (Actually I had seen that list earlier, and so did nothing to get the patch until Windows Update offered it.)
__________________
Jim
WIN XP Pro SP3, IE7, NTFS,
cable, Norton AV, Zone Alarm firewall
|
September 15th, 2004, 09:58 PM
|
 |
Virtual PC Specialist!!!
|
|
Join Date: Mar 2002
Location: sc,united states
Posts: 3,475
|
|
|
got this reply also
--------------------------------------------------------------------------------
No affected imaging software was found on this computer
__________________
If I Ain't Crappie Fishin', I'm Thinkin' About It
|
September 15th, 2004, 10:02 PM
|
|
Site Moderator
|
|
Join Date: Apr 2000
Location: Friern Barnet, London, England (51°37'01"N, 0°9'53"W)
Posts: 38,846
|
|
|
That ActiveX control to check affected imaging software is for versions of Windows other than WinXP or Server 2003 BTW. It doesn't work at all on XP, I tried it.
__________________
|
September 15th, 2004, 10:18 PM
|
|
Aka: Nix*, NNiixx, Nix23
|
|
Join Date: May 2001
Location: Sydney, Australia
Posts: 8,255
|
|
|
Hmm from the list I can see that my hanging back with WinMe and Office2000 is now paying off. LOL
|
September 15th, 2004, 10:36 PM
|
|
Site Moderator
|
|
Join Date: Apr 2000
Location: Elma,Wa.
Posts: 41,784
|
|
|
And the funny part is , a completely unpatched Office 2000 gets a clear OK. While the folks that have the Office updates get told to patch it. WIERD is right.
__________________
SMILE
and post back. Let us know if it worked.
[ Book mark this post to find it again]
|
September 15th, 2004, 10:44 PM
|
|
Aka: Nix*, NNiixx, Nix23
|
|
Join Date: May 2001
Location: Sydney, Australia
Posts: 8,255
|
|
That's me 
Probably less that 10 Windows Updates installed and zero Office 2000 updates installed.
No firewall, just up to date NAV 2002 and Ad-Aware.
Seems the more secure you try to be the more at risk you seem to be ?
It's more challenging to break into Fort Knox than some small country bank in the back of beyond.
|
September 17th, 2004, 04:22 PM
|
|
Site Moderator
|
|
Join Date: Apr 2000
Location: Friern Barnet, London, England (51°37'01"N, 0°9'53"W)
Posts: 38,846
|
|
__________________
|
September 17th, 2004, 04:38 PM
|
|
Site Moderator
|
|
Join Date: Apr 2000
Location: Friern Barnet, London, England (51°37'01"N, 0°9'53"W)
Posts: 38,846
|
|
And if this is anything to go by, it won't be long to wait before this one is exploited:
http://www.theinquirer.net/?article=18510
Make sure that you are patched against this vulnerability, people.
__________________
|
|
Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
|
|
|
| Thread Tools |
Search this Thread |
|
|
|
| Display Modes |
 Linear Mode
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
|
|
|
All times are GMT -4. The time now is 11:51 PM.
|
|
| |
Events
