A new Critical Update is available

There are several threads about this jpeg exploit over at the security forum at dslreports. Apparently there is even a "test" version of the exploit available to run against your AV to see if it catches it. (Most AVs are stating they offer protection.) I haven't tried testing it. Call me chicken! Apparently one of the concerns is that the exploit can install remote administration!

One thing that has seriously bugged me with this MS problem is that MS has made the detection and steps to correct the problem about as confusing as I've ever seen from them. I can usually figure out what is kinda going on but this time...sheeeesh!

In my best run-on, confused sounding voice..."If you are running XP, the detection tool will only load from Windows Update. And when ran from there, it will only run once. XP SP2 is apparently safe but even if the MS tool says you're safe, there is another non-MS testing tool that can find other potential jpeg exploit problems. Some have ran that tool and found problems only to discover there are no patches for some of those programs. So you can't patch everything anyway!!!"

I guess that in the end, I'm kinda praying that my AV here at home and at work will catch this junk. ..

Now this Baffles Me.....I got my SP1 intergrated with XP Pro...Updates Done.
Over past few weeks Microsoft been trying to get me to Install SP2...I WONT Do That....(that's my Perogative)
Micro also said i was uptoDate with all my Updates.(except the ones I chose not to Install) Since going to the Link here today, micro told me to go into my Services n Redo my Auto Updates, BITS & Event Log, or it cant update...Funny that because it could before!!....So then Micro trys to Force SP2 onto me! then I get a FistFull of SP1 Criticall Updates.(so many I'm baffled)...All I needed or thought I needed was that JPG un!! KB833987

So Folks, any ideas as to why Micro has discovered that I need another TruckFull of SP1 Criticall Updates!! When i thought ALL SP1s had stoped..

Well!!!, I have been 100% Hoodwinked by Micro....(I reckon) I just did those Criticall updates (sp1) BUT...Once installed I discovered they be SP2....have I got the wrong end of the stick here!! are my faculties correct! or have I flipped my lid!!!!:rolleyes:
Micros Update Site did/does say SP1 Criticall Updates/Urgent, 24 in all but i cancelled WMP cause i dont use it, so 22 SP1s was installed....But Belarc says SP2...Who's correct....

The JPG un (KB833987) was not needed after all...

I want my PC to do what I choose, I want it to Work for ME, I do NOT Want Micro or anyone dictateing what i should or should not do, I get enough of that in my Life as it is!....SP2 is my Choice to Install or Not...I Choose NOT!!!

I am NOT Moaning/Whining/Whinging, Just stateing my Preferences ok...THANKS ALL.....You do a Great job here, Well Done..

Right-click 'My Computer' > Properties > (tab) General

You will be able to see what version you have here (Belarc is sometimes wrong).

SP1 is the one...But the Critical updates are now SP2....Not SP1 as Micro are saying.....
I probably needed the Acumalative update anyway.(which should be sp1 but turned out to be sp2)....Cheers.
I'm a bit of a Hater of All these Updates (SP1/SP2) because once I had a 5Gbt hard disk that was enough, then it was an 80Gbt HD that was enough, now with all these ruddy updates we need a 200Gbt hard disk.....lol.....Be Happy, Be Good..Be Carefull..

Here is the best help I've found yet for the GDI+ issue. I haven't had time to run through all of it yet but at least it's in English...(unlike MS's explanation!)

http://www.bleepingcomputer.com/forums/topict3077.html

I ran the GDI scan from that tutorial this morning. I came up with a file at C:\WINDOWS\SYSTEM32\gdiplus.dll that I don't know what to do with. The tutorial says "that I need to visit the web site of this application and see if there is any update available." I don't know where at Microsoft I'm supposed to find an update for it (or what application it applies to).

Duane: As I'm sure you can gather, I am no authority but wouldn't that file part of the Windows family?

Here is the link to the new GDI+ files from MS. I kinda gathered from the tutorial that we replace the old gdiplus.dll with new gdiplus.dll from the MS download. (And keep the old one in a separate folder as a backup in case we need it.)

But I can't honestly say for sure. Thus my point above on how badly MS is handling this situation. There has to be a clearer way to clean up the GDI+ mess...

Yes, it's a System32 dll (not an app) - thus, my uncertainty.

I'll check out the Platform SDK Redistributable GDI+.

Thanks, HAN.

Indeed, this seems rather mechanical way to solve the problem, and MS is offering little publicity or help.
I found five "vulnerable" versions of gdiplus.dll, two of which in Microsoft files.
C:\I386\ASMS\1000\MSFT\WINDOWS\GDIPLUS\GDIPLUS.DLL
Version: 5.1.3097.0 <-- Vulnerable version
C:\I386\gdiplus.dll
Version: 5.1.3097.0 <-- Vulnerable version

The new version from the SDK download is 5.1.3102.1360

Waiting to hear results from others who switch out the old with the new before I do it! :)
Also concerned what to do about the other three vulnerable versions. The advice is "that I need to visit the web site of this application and see if there is any update available", but I find nothing at the sites of the application about new versions of gdiplus.dll.

DuaneB--curious that you have your MS "vulnerable" version in a different folder than mine.

Well, I did it and now have two gdiplus.dll files in my System32 folder - gdiplus(old).dll (1,667KB) and gdiplus.dll (1,607KB). I don't smell any smoke. :D

Am I supposed to reboot to get this new protection?

I don't know why my System dlls are where they are.

I know I'm beating a dead horse here... But to say I am frustrated with all of this is an understatement of montrous proportions. Thought you all might like to read someone else's take... (albeit stated much more eloquently than I ever could have.)

Letter to MS.

Duane: Yeah, I'd reboot and then re-test.

I switched two out.. Ewido security suite (free a/v program) and Ipswitch WS_ftp pro9 .. no problems noticed.

I still have one other vulnerable file (red) ...

E:\WINDOWS\ServicePackFiles\i386\sxs.dll
Version: 5.1.2600.1106 <-- Vulnerable version

Not sure what to do about that yet.

I did do the MS critical patch before all of this BTW.

That was painful. When I rebooted my Video Display Adapter was knocked out and I couldn't replace it. I had to do a System Restore. I don't think i want to do that again.

fink, the tutorial says to ignore sxs.dlls.