[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <20040925042556.9021.qmail@www.securityfocus.com>
Date: 25 Sep 2004 04:25:56 -0000
From: John Bissell <monkey321_1@...mail.com>
To: bugtraq@...urityfocus.com
Subject: Re: Microsoft's GDI Detetection Tool faults
In-Reply-To: <20040924141725.13699.qmail@....securityfocus.com>
>Received: (qmail 18580 invoked from network); 25 Sep 2004 02:57:58 -0000
>Received: from outgoing.securityfocus.com (HELO outgoing2.securityfocus.com) (205.206.231.26)
> by mail.securityfocus.com with SMTP; 25 Sep 2004 02:57:58 -0000
>Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20])
> by outgoing2.securityfocus.com (Postfix) with QMQP
> id 43EBF1464F4; Fri, 24 Sep 2004 10:24:36 -0600 (MDT)
>Mailing-List: contact bugtraq-help@...urityfocus.com; run by ezmlm
>Precedence: bulk
>List-Id: <bugtraq.list-id.securityfocus.com>
>List-Post: <mailto:bugtraq@...urityfocus.com>
>List-Help: <mailto:bugtraq-help@...urityfocus.com>
>List-Unsubscribe: <mailto:bugtraq-unsubscribe@...urityfocus.com>
>List-Subscribe: <mailto:bugtraq-subscribe@...urityfocus.com>
>Delivered-To: mailing list bugtraq@...urityfocus.com
>Delivered-To: moderator for bugtraq@...urityfocus.com
>Received: (qmail 13030 invoked from network); 24 Sep 2004 08:08:27 -0000
>Date: 24 Sep 2004 14:17:25 -0000
>Message-ID: <20040924141725.13699.qmail@....securityfocus.com>
>Content-Type: text/plain
>Content-Disposition: inline
>Content-Transfer-Encoding: binary
>MIME-Version: 1.0
>X-Mailer: MIME-tools 5.411 (Entity 5.404)
>From: <albatross@....it>
>To: bugtraq@...urityfocus.com
>Subject: Microsoft's GDI Detetection Tool faults
>
>
>
>Today I downloaded the a gdi+ vulnerability (MS04-028) detection tool published by The SANS. In contraddiction as the report provided by MS gdidettool.exe it found two version of vulnerable dlls.
>
>Be warned don't trust only MS's detection tool! Do all steps to patch your machines.
>
>albatross
>
>P.S. I think this will be another nightmare for many people.... any news about SUS 2.0/WUS?
>
MicroSoft's detection tool is is almost worthless. I used that after finding out about the new GDI+ security hole and it reported very vague dumb information. Like "You may have a problem" then I installed the lame patch they oringally provided on the first day they reported the issue and I ran the detection tool again and it said the same thing! I haven't tried the SANS detection tool yet but I bet it is much much better then what I used with the MS detection tool. I can't believe how long it took MS to patch this issue (about a year!!!) and they still were not ready when they went public with how to fix the issue.
I predict there is going to be a major worm just around the corner exploiting the new GDI+ JPEG vulnerability... Now that a bunch of example exploits with "insert your shellcode here" have been posted it's only a matter of time before someone has the guts/ego to try to pull off a major worm taking advantage of this issue...
To all the people out there who found out about this security problem as soon as MS posted about it (which I'm sure is a lot of people since the media covered the issue all over). Then I hope you guy's check Windows Update again for any patchs regarding the GDI+ JPEG issue because I learned about it right about when MS released the original patch and visited there site to download the patch which didn't really fix the problem.. Then about two weeks later I went back to Windows Update to see if there was anything new and they did actually post a good patch to really fix the problem..
So I'm betting there are people like me who thought they were patched after installing the patch provided on MS's website but didn't know there was anything new patchs regarding the GDI+ JPEG vulnerablity issue on Windows Update. Everyone better start getting the good patch soon before the new Sasser worm begins to spread! It's only a matter of time...
--HighT1mes
Powered by blists - more mailing lists