Re: Microsoft's GDI Detetection Tool faults
In-Reply-To: <20040924141725.13699.qmail@xxxxxxxxxxxxxxxxxxxxx>
>Received: (qmail 18580 invoked from network); 25 Sep 2004 02:57:58 -0000
>Received: from outgoing.securityfocus.com (HELO outgoing2.securityfocus.com)
>(205.206.231.26)
> by mail.securityfocus.com with SMTP; 25 Sep 2004 02:57:58 -0000
>Received: from lists2.securityfocus.com (lists2.securityfocus.com
>[205.206.231.20])
> by outgoing2.securityfocus.com (Postfix) with QMQP
> id 43EBF1464F4; Fri, 24 Sep 2004 10:24:36 -0600 (MDT)
>Mailing-List: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
>Precedence: bulk
>List-Id: <bugtraq.list-id.securityfocus.com>
>List-Post: <mailto:bugtraq@xxxxxxxxxxxxxxxxx>
>List-Help: <mailto:bugtraq-help@xxxxxxxxxxxxxxxxx>
>List-Unsubscribe: <mailto:bugtraq-unsubscribe@xxxxxxxxxxxxxxxxx>
>List-Subscribe: <mailto:bugtraq-subscribe@xxxxxxxxxxxxxxxxx>
>Delivered-To: mailing list bugtraq@xxxxxxxxxxxxxxxxx
>Delivered-To: moderator for bugtraq@xxxxxxxxxxxxxxxxx
>Received: (qmail 13030 invoked from network); 24 Sep 2004 08:08:27 -0000
>Date: 24 Sep 2004 14:17:25 -0000
>Message-ID: <20040924141725.13699.qmail@xxxxxxxxxxxxxxxxxxxxx>
>Content-Type: text/plain
>Content-Disposition: inline
>Content-Transfer-Encoding: binary
>MIME-Version: 1.0
>X-Mailer: MIME-tools 5.411 (Entity 5.404)
>From: <albatross@xxxxxx>
>To: bugtraq@xxxxxxxxxxxxxxxxx
>Subject: Microsoft's GDI Detetection Tool faults
>
>
>
>Today I downloaded the a gdi+ vulnerability (MS04-028) detection tool
>published by The SANS. In contraddiction as the report provided by MS
>gdidettool.exe it found two version of vulnerable dlls.
>
>Be warned don't trust only MS's detection tool! Do all steps to patch your
>machines.
>
>albatross
>
>P.S. I think this will be another nightmare for many people.... any news about
>SUS 2.0/WUS?
>
MicroSoft's detection tool is is almost worthless. I used that after finding
out about the new GDI+ security hole and it reported very vague dumb
information. Like "You may have a problem" then I installed the lame patch they
oringally provided on the first day they reported the issue and I ran the
detection tool again and it said the same thing! I haven't tried the SANS
detection tool yet but I bet it is much much better then what I used with the
MS detection tool. I can't believe how long it took MS to patch this issue
(about a year!!!) and they still were not ready when they went public with how
to fix the issue.
I predict there is going to be a major worm just around the corner exploiting
the new GDI+ JPEG vulnerability... Now that a bunch of example exploits with
"insert your shellcode here" have been posted it's only a matter of time before
someone has the guts/ego to try to pull off a major worm taking advantage of
this issue...
To all the people out there who found out about this security problem as soon
as MS posted about it (which I'm sure is a lot of people since the media
covered the issue all over). Then I hope you guy's check Windows Update again
for any patchs regarding the GDI+ JPEG issue because I learned about it right
about when MS released the original patch and visited there site to download
the patch which didn't really fix the problem.. Then about two weeks later I
went back to Windows Update to see if there was anything new and they did
actually post a good patch to really fix the problem..
So I'm betting there are people like me who thought they were patched after
installing the patch provided on MS's website but didn't know there was
anything new patchs regarding the GDI+ JPEG vulnerablity issue on Windows
Update. Everyone better start getting the good patch soon before the new Sasser
worm begins to spread! It's only a matter of time...
--HighT1mes