gdiplus.dll and MS04-028 strategy?

[Mark Wilson <wilsodm () AUBURN EDU>]

SANS has recently released a GDI+ scanner that identifies vulnerable
gdiplus.dll (and related) files.  I am being questioned on how to deal
"vulnerable" dlls and problems associated with replacing "bad" ones with
"good" ones.  Seems there is an infinite number of scenarios and what
the best solution is to replace vulnerable dlls.

I read ( http://isc.sans.org//diary.php?date=2004-10-02 ) where SANS is
"asking software vendors to determine whether or not their software has
distributed vulnerable gdiplus.dll libraries, and provide appropriate
replacements as soon as possible. Reports from users of Tom Liston's
GDIscan (http://isc.sans.org/gdiscan.php ) of finding vulnerable
versions in a variety of software applications has continued. This
morning, Will Harper wrote in requesting the Handlers expand our notice
to these vendors."

What are you telling your users about MS04-028, patching (and scanning)
systems for vulnerable GDI+ versions and 3rd party applications?  Is it
a concern on your campus?   Are you taking a wait and see attitude?

All comments are solicited.

Mark Wilson
GCIA, CISSP #53153
Network Security Specialist
Auburn University
(334) 844-9347

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/groups/.

Attachment: Mark Wilson.vcf
Description: