Cathy, I just found it at:
Platform SDK Redistributable: GDI+ http://www.microsoft.com/downloads/details.aspx?FamilyId=6A63AB9C-DF12-4D41- 933C-BE590FEAA05A&displaylang=en MS09-062: Description of the security update for GDI+ for Microsoft Platform SDK Redistributable: October 13, 2009 http://support.microsoft.com/?kbid=975337 Microsoft Security Bulletin MS09-062 - Critical http://www.microsoft.com/technet/security/bulletin/MS09-062.mspx MS09-062: Vulnerabilities in GDI+ could allow remote code execution http://support.microsoft.com/kb/957488 Scanning my dev machine for gdiplus produced an "interesting" assortment of files. - a copy in QuickBooks install folder 1,607kb - a copy in Camtasia install folder 1,607kb - a Copy in windows\system folder 1,607kb - a copy in my dev system root folder 1,607kb - a copy in my build library (for distribution using INNO Setup, which copies it to SYS if it's not installed 1,607kb - 4 copies in folders named c:\windows\win5x5\x75_microsoft.windows.gdiplus_65...... (one of which is the current size 1,708kb, dated 8/13/09, and the others 1,684kb dated 4/14 and 4/15/08 I ran Microsoft Updates to update this computer, to see if it would install the new GDIPLUS.DLL (which is seems to have downloaded among the 4 copies in c:\windows\win5x5...) into Windows\system32, but it didn't (??) For my dev system, build library, QuickBooks and Camtasia, I assume I can just replace GDIPLUS.DLL with the new version and be done with that. But for the Windows\system32 copy, this might be a tricky because I presume it's registered, so the old must be unregistered and the new registered. That wouldn't be a problem if that's all there is to it, BUT I see GDIPLUS.CAT and GDIPLUS.MAN in the folder structure created after unzipping the downloaded "WindowsXP-KB975337-x86-ENU.exe" file. These files and the registry involvement aren't clear at all. I suppose it's in the MS doc somewhere, but it's not jumping out at me. ------------------------------- On the subject of security, I've long been highly resistant to the whole "anti-virus" game, but I have taken some hits (the net is definitely under attack), so after a complete rebuild of this machine I decided to install Microsoft's Security Essentials, which is free and comes from the vendor (MS) in the best position to stop these attacks. So far, so good. Bill I'm confused about the latest security patch from MSFT for GDIPlus. I was under the impression that I need to grab a newly updated version of GDIPlus.DLL .. and make sure that it's put on my system in all the places where I currently have a GDIPlus.DLL file (which could be many) .. and then I'm good to go. My problem is trying to get my hands on this newly updated "GDIPlus.DLL" file. I downloaded the VFP 9 patch and installed it and was expecting to see a newly updated GDIPlus.DLL file with a new date stamp somewhere on my system. I can't seem to find where it put this newly updated file .. or maybe my assumption is all wrong and it didn't put it anywhere!! I'm hoping someone can clarify where I get this new updated file .. where I have to put it .. etc. Cathy Pountney _______________________________________________ Post Messages to: [email protected] Subscription Maintenance: http://leafe.com/mailman/listinfo/profox OT-free version of this list: http://leafe.com/mailman/listinfo/profoxtech Searchable Archive: http://leafe.com/archives/search/profox This message: http://leafe.com/archives/byMID/profox/77d194b883f247d6b533a3f022ae4...@bills ** All postings, unless explicitly stated otherwise, are the opinions of the author, and do not constitute legal or medical advice. This statement is added to the messages for those lawyers who are too stupid to see the obvious.
