Update: New Tools Help with JPEG GDI+ Updates

Eric Brunsen released a new tool that can help you locate all copies of gdiplus.dll files on your systems to determine which copies might need to be updated to defend against the recently discovered JPEG GDI+ vulnerability (MS04-028).

Brunsen's toolkit, which requires Microsoft .NET Framework 1.1 to operate, can scan systems, both locally and over a network, and produce a report that reveals where the files are located, what the DLL version is, and what the file creation dates were. You can download a copy of the tool which is available for free on the Web, and read more about what Brunsen had to say about the tool in the Patch Management mailing list archives.

But be aware that you might need to replace more files than just the gdiplus.dll in order to completely protect yourselves against intrusion. Be sure to read Microsoft's bulletin for complete details, which explains nuances with products such as Office XP, Visio 2002, Project 2002, and Internet Explorer 6 Service Pack 1 (SP1) that might need to have other files updated too, such as mso.dll.

To help with identifying all affected DLLs (including gdiplus.dll, mso.dll, sxs.dll, and wsxs.dll), Tim Liston wrote a tool, gdiscan.exe, which can locate such files and produced a report that helps you patch the right files. Liston's tool, which is available as a Windows desktop application or command line tool, can colorize its report so that vulnerable DLLs appear in a red font.

Liston's tool is a different from Brunsen's tool in that Liston's tool requires no options. As soon as the tool is run it begins scanning the Windows system drive for vulnerable DLL files. It appears that Liston's tool won't scan over a network, or scan drives other than the drive that contains the Windows system directory. Nevertheless you might find the tool handy, especially since there is a command line version available, which is useful for scripting purposes. You can download a copy of online. There's a Web page describing the tool and links to the download at the Internet Storm Center.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.