JPEG Processing (GDI+) Security Update

Rockit,
You don't have a "C:\Program\Norton SystemWorks\Web Cleanup\GdiPlus.dll" so there is nothing to worry about in that respect.

I found out that the "C:\Program\Norton SystemWorks\Web Cleanup\GdiPlus.dll" on my system was/is a Microsoft file and I guess that all instances of GdiPlus.dll is a Microsoft file.

Regarding Your MSO.DLL situation, which is the same as mine, it would be interesting to learn in what sequence Your system was installed and updated. As You can see in post #18, I have done it twice with different results.

Have You installed Office XP + SP1 + SP2 + SP3 as in my first case - which worked or have You installed in any other sequence or have You installed Office XP-SP2 slipstreamed as in my second case - which didn't work.

Christer

 

Rockit,

Well, that didn't clear the mud ...... ...... unless it should be interpreted as the whole chain of Office XP and all SP's in sequence being vital for the successful installation of KB832332.

Anyone else ...... ......

I'll go there and have a look but don't hold Your breath ...... ...... I know nothing about PM and Norton can be ..... ...... well, a pain in You-know-what!

Christer

 

Jim,
I'm aware that I'm writing in a (for me) foreign language ...... ...... but I didn't expect it to make no sense at all ...... ...... !

Yes, that's correct.

No, from post #20:

I ran Web Cleanup to verify that it worked with the substituted GdiPlus.dll.

All GdiPlus.dll files are Microsoft. Have nothing to do with Norton. There are several versions distributed with different software but all are Microsoft.

C:\Program\Norton SystemWorks\Web Cleanup\GDIPlus.dll
Version: 5.1.3097.0 <-- Vulnerable version
was the starting point for all this.

The SDK version (5.1.3102.1360) would also have been a good substitute but the README said to not substitute for the original on XP since file protection wouldn't allow it. I now realize, that was applicable if it was in the Windows folder but it would have worked outside the Windows folder (e.g. in the Norton folder).

As I concluded in post #20, the version I already had in "C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_65 95b64144ccf1df_1.0.2600.2180_x-ww_522f9f82\GdiPlus.dll" was more recent, making the same assumption as You do regarding the higher number and the SDK version ended up in the Recycle Bin.

Christer

 

As a matter of fact, through this discussion we are conveying information on a simple fix for the Norton issue. A course of action which would have been more becoming for Symantec ...... ...... rather than being unco-operative and pigheaded.

Christer

 

Jim,
I checked the properties for the two (not counting the original in Norton) instances of GdiPlus.dll:

C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_65 95b64144ccf1df_1.0.0.0_x-ww_8d353f13\GdiPlus.dll
Version: 5.1.3097.0 <-- Possibly vulnerable (Windows Side-By-Side DLL)

File version: 5.1.3097.0 (xpclient.010817-1148)

C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_65 95b64144ccf1df_1.0.2600.2180_x-ww_522f9f82\GdiPlus.dll
Version: 5.1.3102.2180

File version: 5.1.3102.2180 (xpsp_sp2_rtm.040803-2158)

My install CD is an original XP-PRO-RTM with SP2 slipstreamed. The first file must have been on the original CD and the second added from SP2.
This is probably the reason for XP-SP2 itself not being vulnerable but anything prior to SP2 is.

Christer

 

I am now on a computer that went from XP-RTM to SP1a and finally to SP2. In addition to the other two versions it also has:

5.1.3101.0 (xpsp1.020828-1920)

Christer

 

Rockit,

I don't know if this is a question or a finding that puzzles You. As I understand it, the XP file protection system won't let any file in the system folder get replaced by another version, older or newer. They must get installed the "proper" way.

I have, however, gotten away with replacing GdiPlus.dll in the Norton folder and MSO.DLL in the Office folder without receiving the middle finger.

Interesting link on GDI-scan. I don't have that many applications with GdiPlus.dll, only Windows itself and Norton so, for me it was a simple task. I think that XP-SP2 users are better off substituting the more recent one included in SP2 than the one in "Platform SDK Redistributable: GDI+ ".

More on MSO.DLL later.

Christer

 

Regarding the MSO.DLL issue:

I have spent the best part of this evening installing three hotfixes and restoring Ghost Images, over and over again. I was determined to get to the bottom of this and it seems like I did. (successful = correct version of MSO.DLL - unsuccessful = incorrect version of MSO.DLL)

The three hotfixes have been KB833858 (040312), KB832332 (040511) and KB873379 (040828). The dates are yymmdd, the date of the respective digital signature.

1) I went to Office Update and did a web install and they were listed in this order: KB832332, KB833858 and KB873379 but installed as a package - successful.

2) Manual installation of my downloaded files, client versions, in order according to date: KB833858, KB832332 and KB873379 - unsuccessful (no surprize, the same result as in the summary above).

3) Manual installation of my downloaded files, client versions, in any order when KB832332 precedes KB833858 - successful.

4) Manual installation of my downloaded files, fullfile versions, in any order - successful ...... ...... !

5) Simply substituting a good MSO.DLL for a bad MSO.DLL - successful.

My conlusions are:

The previous results, related earlier in this thread, may depend on the fact that I installed the hotfixes more or less randomly.

It depends on the actual installation if it works or not. I have carried out these tests, related in this post, on my specific system (Windows-XP-PRO-RTM with SP2 slipstreamed and Office-XP-PRO-RTM with SP3 slipstreamed) and other people will probably/possibly make different experiences.

Either KB833858 or KB832332 is buggy in the client version since the order of installation is crucial. (I'm too daft to figure out which.)

The same hotfixes are buggy in the fullfile version. I mentioned earlier that these fullfile versions extract a file into a directory, chosen by me and that file has to be double-clicked for the installation to take place. I don't know if that makes sense to a person administrating several computers but that is probably the case. What is strange, though, is that after installing these two hotfixes ...... ...... "Uninstall Norton Internet Security" appears in the list of recently used programs!

Anyway, my final (?) GDI-scan results:

Christer

 

I too, substituted the good GdiPlus.dll for the bad one, I renamed the bad one GdiPlus.org and copied the good one over. Windows File Protection complained about the new file being unknown and could affect stability but it let me do it.
When I deleted the copied file and renamed the original back to GdiPlus.dll, WFP complained again ...... ...... it has got an even shorter memory span than I do ...... ...... !

What is strange is that the file, copied over to the Norton folder ...... ...... inherited the "created date" of the original file. Well, if it makes Norton happy ...... ...... I'm happy.

Christer

 

This Critical Update for Windows XP SP2 appeared today (well, in Sweden at least):

The "Read More ..." refers to Microsoft Security Bulletin MS04-028 and is old information.

There is a connection between my problems installing KB832332 and this update but I don't fully understand "To help protect your computer, we are providing this new update." from the text above.

Does KB885884 substitute KB832332 or does KB885884 require KB832332 to be installed?

The question is, for future clean installations, does KB885884 alone do the job or should KB832332 preceed it or should KB885884 preceed KB832332?

Christer

Edited:

As usual, I'm clear as mud ...... ...... but I hope that You can understand what I mean!

 

Hello Jim ...... ...... I said that I was clear as mud!

I wasn't discussing KB834707 but KB885884 which has a bearing on this thread.

Well the situation on KB885884 is even worse. Information is virtually non-existent!

Regarding KB834707, I installed the version which was offered to me when I was notified through Windows Update. I never do web updates but only get notified. I downloaded from Windows Update Catalog and since I am on SP2, I assume that I don't need any of the previous hotfixes discussed in the article(s).

I didn't find what You refer to but I didn't spend to much time trying. There was an earlier hotfix (KB840374) which required Help and Support to be running in order to install correctly but that fix should be included in my clean installation of XP with SP2 slipstreamed.

All is well!

Thanks,
Christer

 

A new version (v2) of KB832332 has been released, see Office XP Security Update: KB832332

I have downloaded the swedish version of the new files and the client version is different but the fullfile version seems to be the same. This actually fits with me having problems with the client version but not the fullfile version.

I also assume that if v2 is used, there is no need to install KB885884 but I have yet to confirm that. It does, however, seem like KB885884 is a "patch" for v1.

Christer

I forgot to mention that users who have installed v1 are prompted to install v2 as well!