| ||
Wed 2024-11-20
Tue 2024-11-19
Mon 2024-11-18
Sun 2024-11-17
Love, Acceptance, and Screeching Modems Sat 2024-11-16
Fri 2024-11-15
Search
Archives
2023
12 11 10 09 08 07 06 05 04 03 02 01
2022
2021
2020
2019
2018
2017
2016
2015
2014
2013
2012
2011
2010
2009
2008
2007
2006
2005
2004
2003
One good site
MDN
Nelson Minar
Blog licensed under a Creative Commons License
|
This
new JPEG vulnerability in Windows has me scared. I'm generally
pretty virus-immune: I don't read email on Windows, I've got Norton
AntiVirus on my Windows box, and I don't generally run unknown
programs. But I do look at a lot of JPEGs. And now there's at least
one JPEG virus in the
wild.
Windows Update is one of the great unheralded Microsoft technologies. It really works. Well, mostly. I downloaded the various JPEG fixes from them and thought I was safe until I ran GDI Scan, a deep scan tool that tries to find vulnerable versions of the DLL. And it found a vulnerable version, C:\WINDOWS\system32\gdiplus.dll. Now what do I do? I don't know where to get an update. Do I have to install Service Pack 2? Does that even fix the problem? I'm a software professional and I'm confused. What does the other 99% of the world do? At least Norton Antivirus blocks it. I downloaded a virus sample and Norton AntiVirus dedicted it as Roxe and wouldn't let me copy it to my Windows box.
Update 2004-10-01. The Washington Post has
a
story on this. And thanks to
Jon
Udell I learned about
this
forum post with instructions on how to run GDI Scan and how to
manually patch the broken DLL.
|
|
