Action for Devs around MS04-028
Today we released two new security bulletins. MS04-028 is marked critical and there's specific action that Visual Studio users need to take with regards to this bulletin. Developers should read over the bulletin carefully and download and install the patches specific to Visual Studio .NET and the .NET Framework. Microsoft Security Bulletin Summary for September, 2004
Buffer Overrun in JPEG Processing (GDI+) Could Allow Code Execution (833987)
A remote code execution vulnerability exists in the processing of JPEG image formats that could allow remote code execution on an affected system.
Note This vulnerability might require the installation of several security updates. Review the entire column in the Affected Software and Download Locations summary table for the MS04-028 bulletin identifier to verify the updates that you have to install, based on the programs or components that you have installed on your system.
Comments
- Anonymous
September 14, 2004
We really need some better way to update stuff for security reasons. Its almost certain that one program is not updated as it should when one is forced to follow this table.... - it really needs a more complete 'windows update' that takes care of that.
just my 2 cents... - Anonymous
September 14, 2004
I second that, and add: we even need one way to update stuff, because the security bulletin points to non-existent supposed downloads. - Anonymous
September 14, 2004
I second it again, with the further addition: even when broken links get fixed so they now point to actual downloads, it's still pretty confusing to figure out which downloads are actually needed. - Anonymous
September 16, 2004
The comment has been removed - Anonymous
September 18, 2004
They provided a package that contained the updated GDIPLUS.DLL for the SDK. Are there issues with just a brute force replacement of any DLL that is found? - Anonymous
September 20, 2004
The patch for IE 6.0 makes the proxy auto configuration script I'm using stop working!