Nobody,
Are you running XP on the system you're complaining about? If so, then
complain to the software vendors that put extra copies of the gdi+ dll on
your system, and aren't updating it. They should not have put it there in
the first place
From the MS gdi+ redistribution license:
===========
Gdiplus.dll
===========
For Windows XP use the system-supplied gdiplus.dll. Do not install a new
gdiplus.dll over the system-supplied version (it will fail due to Windows
File Protection).
For Windows 2000, Windows Millennium Edition, Windows NT 4.0 and Windows 98,
install gdiplus.dll into the private directory of the application not into
the system directory.
In addition to the rights granted in Section 1 of the Agreement
("Agreement"), with respect to gdiplus.dll for Windows 2000, Windows
Millennium Edition, Windows NT 4.0 and Windows 98, you have the following
non-exclusive, royalty free rights subject to the Distribution Requirements
detailed in Section 1 of the Agreement:
(1) You may distribute gdiplus.dll solely for use with Windows 2000, Windows
Millennium Edition, Windows NT 4.0 and Windows 98.
~~~~~~~~~~~~~~~~~~~~~~~~~~
If you're concerned about the vulnerable copies in Norton or other program
folders, try deleting it and see if there's any ill effect.
As to MS not identifiying and updating the MSO.dll and WinSXS.dll - is that
the name of the utility?
V.M
***************************
Practice safe eating -- always use condiments.
***************************
Dear Mr Frisch,
It sounds like what you're telling me is that Microsoft's
detection tool is restricted to detecting the
vulnerability only in the Microsoft products I have
installed on my computer (if, and only if, they are listed
in the "applies to" list) and couldn't care less about any
other applications I have installed on my computer that
were either a) not produced by Microsoft, or b) produced
by Microsoft, but insufficiently important to be included
in the "applies to" list. That's understandable, because
if they were to detect all occurances of the vulnerable
GDI+ dlls in people's systems, they may be troubled by
people wanting to know who to call to get replacement dlls
for all those non-Microsoft applications. Now the
statement on Internet Storm Center regarding contacting
manufacturers of affected applications makes sense. I
should have realized that before ever posting my inquiry
here. % Thanks for your help.
-----Original Message-----
Description of the Microsoft GDI+ Detection Tool
http://support.microsoft.com/default.aspx?scid=kb; [LN];873374
"The Microsoft GDI+ Detection Tool detects if you have any
one of the Microsoft programs installed on your computer that are
listed in the "Applies To" section. If the tool detects these programs,
you will be redirected to a Web page that contains the latest security
information and security bulletins."
--
Carey Frisch
Microsoft MVP
Windows XP - Shell/User
Be Smart! Protect Your PC!
http://www.microsoft.com/athome/security/protect/default.a spx
----------------------------------------------------------
-------------------------
:
| The Microsoft GDI+ Detection Tool (KB873374) didn't find
| any vulnerable GDI+ dlls, yet the detection tool I got
| from Internet Storm Center (gdiscan.exe) finds 7 out of 8
| occurrences on my system ARE vulnerable. What the heck's
| with that? Thanks.
.