Educause Security Discussion mailing list archives
gdiplus.dll and MS04-028 strategy?
From: Mark Wilson <wilsodm () AUBURN EDU>
Date: Tue, 5 Oct 2004 14:40:43 -0500
SANS has recently released a GDI+ scanner that identifies vulnerable gdiplus.dll (and related) files. I am being questioned on how to deal "vulnerable" dlls and problems associated with replacing "bad" ones with "good" ones. Seems there is an infinite number of scenarios and what the best solution is to replace vulnerable dlls. I read ( http://isc.sans.org//diary.php?date=2004-10-02 ) where SANS is "asking software vendors to determine whether or not their software has distributed vulnerable gdiplus.dll libraries, and provide appropriate replacements as soon as possible. Reports from users of Tom Liston's GDIscan (http://isc.sans.org/gdiscan.php ) of finding vulnerable versions in a variety of software applications has continued. This morning, Will Harper wrote in requesting the Handlers expand our notice to these vendors." What are you telling your users about MS04-028, patching (and scanning) systems for vulnerable GDI+ versions and 3rd party applications? Is it a concern on your campus? Are you taking a wait and see attitude? All comments are solicited. Mark Wilson GCIA, CISSP #53153 Network Security Specialist Auburn University (334) 844-9347 ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/groups/.
Attachment:
Mark Wilson.vcf
Description:
Current thread:
- gdiplus.dll and MS04-028 strategy? Mark Wilson (Oct 05)