ITS: Information Technology Services

• Site Navigation
• ITS Home
• News & Information
• Known Issues
• FAQs
• Systems
  • Student E-mail
  • Faculty/Staff E-mail
  • MC Connect
  • Wireless Network
  • Phone System
  • Cable TV
  • Help Desk
• Residents
  • ResNet Requirements
  • P2P Alternatives
  • Phone System
  • Cable TV
• Labs
• Policies
  • Acceptable Use
  • Copyright
  • Peer-to-peer
  • Privacy
• Threats
• Downloads
• Technology Deals
  • Dell
  • CDW-g
  • Microsoft (e-Academy)
  • Apple
  • rBak Offsite Backup
• Meet the ITS Team

Threats>>GDI+ Vulnerability

GDI+ Vulnerability

This is a very serious issue that will become problematic soon. Unfortunately, there's no magic update or hot fix to resolve this threat.

Basically, the GDI+ vulnerability exposes the computer to malicious code if an infected JPEG file (any graphics image with a file extension like .JPG, such as a photo) is viewed. Once the image file is viewed, the malicious code is executed and any number of very bad scenarios can play out.

Unfortunately, there is an exploit to this vulnerability "in the wild," meaning that a hacker can use that exploit to write a virus or worm to do malicious things. It's only a matter of time before a GDI+-related worm or virus is spreading through the Internet. There are also concerns whether any anti-virus scanner will be able to effectively prevent the spread of this virus.

It is very important that everyone work to eliminate this threat. ITS, of course, will provide whatever assistance is necessary. Just please keep in mind the numbers of computers on campus and the number of ITS staff members; resolving individual issues will not be instantaneous. We ask for your patience.

The first, best course of action is to determine your computer's vulnerability. Microsoft has made a tool available for just this purpose, but a better one can be found by clicking here (Actually click on the word "here".). About halfway down the page that opens after clicking here, on the left and between two horizontal lines, is a link called "download GUI version". Click on this link and download the software. We recommend that you save the program someplace obvious, like your Desktop.

Once the download has completed, navigate to the location of the program and double-click on it. For Windows XP SP2 users, the following screen will appear:

Simply press the Run button to continue.

All versions of Windows should see the next screen:

This is a bug in the program but won't affect its effectiveness. Just press the Continue button.

This screen appears. Press the Scan button and allow the program to do it's work. When it's done, the screen will look something like this:

Please note the "Scan Complete." at the bottom of the text window. That indicates that the scan is finished.

Looking at the screen shot directly above, you will notice that this PC supposedly has two vulnerabilities in red. Red vulnerabilities are potentially very bad. In the example above, the first red vulnerability is for Dreamweaver MX 2004 (C:\Program Files\Macromedia\Dreamweaver MX 2004\gdiplus.dll). What we did next was research this particular vulnerability. After checking with Macromedia, the software's manufacturer, we found that this really is not a vulnerability so we can ignore it. The other is for an NT uninstall library (C:\WINDOWS\$NtServicePackUninstall$\sxs.dll). When researching this vulnerability, we discovered that Microsoft has indicated that this particular vulnerability can also be ignored.

That leaves several "Possibly vulnerabile" issues. In this case, because of where the vulnerabilities are located (having researched them), we determined that these are not an issue either.

If you find a vulnerability, DO NOT COPY ONE GOOD FILE OVER A VULNERABLE ONE!

To fix most of the problems, please make sure that your computer is completely patched for Windows (http://www.windowsupdate.com) and Office (http://www.officeupdate.com). Also, please consult Microsoft's GDI+ Vulnerability Web site at http://support.microsoft.com/default.aspx?scid=kb;en-us;833987.

For example, Internet Explorer v6.0 SP1 has its own patch, as do various flavors of Office, Windows, etc. Third-party applications, like the aforementioned Dreamweaver, could also be vulnerable.

ITS remains committed to providing support with this issue. However, it will take some time to work through all of the requests for support. For now, submit all of your support questions regarding this issue directly to Case, Michael. To report concerns, please press the Clipboard button on the screen above and then do a paste into the e-mail that you send me. Before sending any question, please be sure to check this Web page first.

 

To report problems with this site, including accessibility issues, please contact the ITS Webmaster.

This site is best viewed with a standards-compliant browser, although Internet Explorer works, too.

© 2008 Manchester College. All rights reserved.