RE: Detecting new Windows .jpeg exploit

["Kenton Smith" <ksmith () chartwelltechnology com>]

Unfortunately it isn't even that good. I've run MBSA on a number of machines
here and for every one it tells me that it can't confirm whether MS04-28 is
installed or not. So I thought, OK, that'll change once it is actually
installed... No dice, it can't tell whether it is installed or not even if
it's installed.

Kenton

-----Original Message-----
From: Roger A. Grimes [mailto:roger () banneretcs com] 
Sent: Thursday, September 16, 2004 3:17 PM
To: H Carvey; security-basics () securityfocus com
Subject: RE: Detecting new Windows .jpeg exploit

The problem is slightly more complex than that.   MBSA certainly won't
tell the whole truth.  It will tell whether you have the patch applied,
but not whether the vulnerability is closed...because many people are
reporting multiple vulnerable copies of the GDI executable.  The patch
only updates the Windows system version, not every version existing on a
computer.  If an application is installed that looks for and uses an
older version, then you can still be vulnerable.  



---------------------------------------------------------------------------
Computer Forensics Training at the InfoSec Institute. All of our class sizes
are guaranteed to be 12 students or less to facilitate one-on-one
interaction with one of our expert instructors. Gain the in-demand skills of
a certified computer examiner, learn to recover trace data left behind by
fraud, theft, and cybercrime perpetrators. Discover the source of computer
crime and abuse so that it never happens again.

http://www.infosecinstitute.com/courses/computer_forensics_training.html
----------------------------------------------------------------------------