Microsoft Graphics Bug Threatens Systems

Thanks for the info, Ronjor, I haven't d/l 'd SP2 yet, waiting for my cd(3 weeks?). Now not sure if I should wait? Anybody know?
I am always looking for pics and gifs, when I try to update, it says it has problems, so no joy there.


Thanks!
Marja

 

Hi ronjor,

The scanning tool was on Win Update as of sometime yesterday afternoon or evening. I was suprised to see it listed as a critical upgrade for my XP-Home (SP2 is already installed) even though someone over at avast said it wasn't necessary for SP2 users.

It auto-ran after installing, and simply reported that I had no vulnerable MS products onboard (I don't use Office etc.).

 

This one security bulletin contains lots of patches for lots of windows versions and applications. We need to apply a dozen of patches for this one vulnerability alone.
Strange behaviour. How do these MS programmers build their objects?
I can imagine different patches for Win en Win64bit, but why is this one function built in in every MS application and why is it not a shared component. This patching is costing us lots and lots of money (collecting the patches, testing the patches, packaging patches).

And what bothers me too: Trustworthy Computing... no more buffer overflows in MS products. When will this project start?

Glad I'm not using lots of Windows at home

 

As far as GDI+ is concerned, this technology is part of Windows XP and 2003 so a single patch addresses this problem for all applications using GDI+ on these platforms.

For older versions of Windows a redistributable exists which needs to be deployed with every application using GDI+, to avoid version problems Microsoft's recommends to place gidiplus.dll into the application directory when needed (and was in fact shipping updated versions of gdiplus.dll with different products where the file available for third-party developers remained unchanged). This is where this multi-product-patch-nightmare originates from, by following their own recommendations every product used it's own copy of gdiplus.dll so every products needs to be patched now. T

he side-by-side installation capabilities of XP and 2003 add additional confusion here - patching the OS version of gdiplus.dll should be enough and should cover all products using it, however applications may still use their own version of this file or may request a specific version of it, so product specific patches may still be needed. This may be the end of problems due to file version conflicts but actually such situation is difficult to handle when it comes to problems like this.