Thanks for all the info!! Cathy
> -----Original Message----- > From: [email protected] [mailto:[email protected]] On > Behalf Of Bill Arnold > Sent: Monday, November 23, 2009 3:20 PM > To: [email protected] > Subject: RE: GDIPlus.dll > > Cathy, > > I just found it at: > > Platform SDK Redistributable: GDI+ > http://www.microsoft.com/downloads/details.aspx?FamilyId=6A63AB9C-DF12- > 4D41- > 933C-BE590FEAA05A&displaylang=en > > MS09-062: Description of the security update for GDI+ for Microsoft > Platform > SDK Redistributable: October 13, 2009 > http://support.microsoft.com/?kbid=975337 > > Microsoft Security Bulletin MS09-062 - Critical > http://www.microsoft.com/technet/security/bulletin/MS09-062.mspx > > MS09-062: Vulnerabilities in GDI+ could allow remote code execution > http://support.microsoft.com/kb/957488 > > > Scanning my dev machine for gdiplus produced an "interesting" assortment of > files. > > - a copy in QuickBooks install folder 1,607kb > - a copy in Camtasia install folder 1,607kb > - a Copy in windows\system folder 1,607kb > - a copy in my dev system root folder 1,607kb > - a copy in my build library (for distribution using INNO Setup, which > copies it to SYS if it's not installed 1,607kb > - 4 copies in folders named > c:\windows\win5x5\x75_microsoft.windows.gdiplus_65...... (one of which is > the current size 1,708kb, dated 8/13/09, and the others 1,684kb dated 4/14 > and 4/15/08 > > I ran Microsoft Updates to update this computer, to see if it would install > the new GDIPLUS.DLL (which is seems to have downloaded among the 4 copies > in > c:\windows\win5x5...) into Windows\system32, but it didn't (??) > > For my dev system, build library, QuickBooks and Camtasia, I assume I can > just replace GDIPLUS.DLL with the new version and be done with that. > > But for the Windows\system32 copy, this might be a tricky because I presume > it's registered, so the old must be unregistered and the new registered. > That wouldn't be a problem if that's all there is to it, BUT I see > GDIPLUS.CAT and GDIPLUS.MAN in the folder structure created after unzipping > the downloaded "WindowsXP-KB975337-x86-ENU.exe" file. These files and the > registry involvement aren't clear at all. I suppose it's in the MS doc > somewhere, but it's not jumping out at me. > > ------------------------------- > > On the subject of security, I've long been highly resistant to the whole > "anti-virus" game, but I have taken some hits (the net is definitely under > attack), so after a complete rebuild of this machine I decided to install > Microsoft's Security Essentials, which is free and comes from the vendor > (MS) in the best position to stop these attacks. So far, so good. > > > > Bill > > > I'm confused about the latest security patch from MSFT for GDIPlus. I was > under the impression that I need to grab a newly updated version of > GDIPlus.DLL .. and make sure that it's put on my system in all the places > where I currently have a GDIPlus.DLL file (which could be many) .. and then > I'm good to go. My problem is trying to get my hands on this newly updated > "GDIPlus.DLL" file. I downloaded the VFP 9 patch and installed it and was > expecting to see a newly updated GDIPlus.DLL file with a new date stamp > somewhere on my system. I can't seem to find where it put this newly > updated > file .. or maybe my assumption is all wrong and it didn't put it anywhere!! > > > > I'm hoping someone can clarify where I get this new updated file .. where I > have to put it .. etc. > > > > Cathy Pountney > > [excessive quoting removed by server] _______________________________________________ Post Messages to: [email protected] Subscription Maintenance: http://leafe.com/mailman/listinfo/profox OT-free version of this list: http://leafe.com/mailman/listinfo/profoxtech Searchable Archive: http://leafe.com/archives/search/profox This message: http://leafe.com/archives/byMID/profox/000301ca6c84$701b7150$505253...@com ** All postings, unless explicitly stated otherwise, are the opinions of the author, and do not constitute legal or medical advice. This statement is added to the messages for those lawyers who are too stupid to see the obvious.
