G
Guest
I don't get it - MS said that it provided a fix for the JPEG exploit. But all
I can see is this:
http://www.microsoft.com/downloads/...74-7142-4780-83E5-CE54401DA1D1&displaylang=en
It's the Microsoft GDI+ Detection Tool. So I downloaded it, installed it
and...it did absolutely nothing! Isn't it supposed to scan the harddisk for
all gdi libraries, test them for vulnerability and then display the results?
'Cause in my case it didn't - it just displayed a warning about possible
vulnerabilities being present and then redirected me to:
http://www.microsoft.com/security/bulletins/200409_jpeg_tool.mspx
So what? Great help! This page just redirects me to the office update site
plus offers some gdi detection tools for w2k and win2003.
Plus I have no idea how to re-launch the MS gdi detection tool to rescan the
harddisk. The only way to re-start it is to re-install it! So weird. Where
does it copy itself? I can't find it!
Anyway, it doesn't display WHICH programmes are affected. So it's totally
useless.
I found another scanner - http://isc.sans.org/gdiscan.php , this one indeed
scans the harddisks for vulnerable gdi libraries and displays them all in a
list. This really helps, cause now you can react and either update the
affected programmes or uninstall them if no new versions are available. Why
doesn't MS provide such a tool? Instead they offer their useless tool
I can see is this:
http://www.microsoft.com/downloads/...74-7142-4780-83E5-CE54401DA1D1&displaylang=en
It's the Microsoft GDI+ Detection Tool. So I downloaded it, installed it
and...it did absolutely nothing! Isn't it supposed to scan the harddisk for
all gdi libraries, test them for vulnerability and then display the results?
'Cause in my case it didn't - it just displayed a warning about possible
vulnerabilities being present and then redirected me to:
http://www.microsoft.com/security/bulletins/200409_jpeg_tool.mspx
So what? Great help! This page just redirects me to the office update site
plus offers some gdi detection tools for w2k and win2003.
Plus I have no idea how to re-launch the MS gdi detection tool to rescan the
harddisk. The only way to re-start it is to re-install it! So weird. Where
does it copy itself? I can't find it!
Anyway, it doesn't display WHICH programmes are affected. So it's totally
useless.
I found another scanner - http://isc.sans.org/gdiscan.php , this one indeed
scans the harddisks for vulnerable gdi libraries and displays them all in a
list. This really helps, cause now you can react and either update the
affected programmes or uninstall them if no new versions are available. Why
doesn't MS provide such a tool? Instead they offer their useless tool