MS04-028 Clarification needed

TheMSsForum.com: The Microsoft Software Forum

Hi,
I need a clarification concerning the affected products.

If the following is true:
Affected are all products that use
Gdiplus.dll prior to version 5.1.3102.1355, Mso.dll prior to version
10.0.6714.0 or Vgx.dll prior to version 6.0.2800.1411.

Then IE 5 is affected too, in contradiction to the bulletin. I used my SMS
software inventory and found vgx.dll version 5.00.3014.1003 on the IE 5
systems.

I found a gdiplus.dll version 5.1.3102.1229 in a Microsoft Works folder.
Does that mean Works must be patched, too?

What I'd need is a clear statement as to which dlls are affected in which
versions.

Thank you

Henrik Zawischa
Top

Re: MS04-028 Clarification needed by Torgeir

Torgeir
Thu Sep 16 18:52:17 CDT 2004

Henrik Zawischa wrote:

> Hi,
> I need a clarification concerning the affected products.
>
> If the following is true:
> Affected are all products that use
> Gdiplus.dll prior to version 5.1.3102.1355, Mso.dll prior to version
> 10.0.6714.0 or Vgx.dll prior to version 6.0.2800.1411.
>
> Then IE 5 is affected too, in contradiction to the bulletin. I used my SMS
> software inventory and found vgx.dll version 5.00.3014.1003 on the IE 5
> systems.
>
> I found a gdiplus.dll version 5.1.3102.1229 in a Microsoft Works folder.
> Does that mean Works must be patched, too?
>
> What I'd need is a clear statement as to which dlls are affected in which
> versions.
Hi

Here is my take on it for Windows XP, Windows 2000, Windows Millennium
Edition and Windows NT 4.0:

*After* installing the relevant updates at
http://www.microsoft.com/technet/security/Bulletin/MS04-028.mspx ,

if you still find 5.1.x.x gdiplus.dll files on the hard disk with a
lesser version number than 5.1.3102.1355, you should replace it with
the gdiplus.dll v5.1.3102.1360 file that is available here:

Platform SDK Redistributable: GDI+
http://www.microsoft.com/downloads/details.aspx?FamilyId=6A63AB9C-DF12-4D41-933C-BE590FEAA05A&displaylang=en
(this download link is also found in the MS04-028 bulletin)

One exception for this is any extra gdiplus.dll files in the folder
%windir%\WinSxS\... in Windows XP (and Win2k3 Server). This is system
protected files that you will not be able to replace, and it is not
necessary either, the system will force all applications to use the
latest version anyway (that you have updated with the hotfix for WinXP
in the MS04-028 bulletin).



--
torgeir, Microsoft MVP Scripting and WMI, Porsgrunn Norway
Administration scripting examples and an ONLINE version of
the 1328 page Scripting Guide:
http://www.microsoft.com/technet/scriptcenter/default.mspx
Top

Re: MS04-028 Clarification needed by Torgeir

Torgeir
Thu Sep 16 18:53:23 CDT 2004

Henrik Zawischa wrote:

> In %SYSTEMROOT%\WinSXS the GDIPlus.dll is not replaced. New
> New subfolders are created and the old versions are kept.
> What consequence does that have?
Hi

None. See my other post in this thread.


--
torgeir, Microsoft MVP Scripting and WMI, Porsgrunn Norway
Administration scripting examples and an ONLINE version of
the 1328 page Scripting Guide:
http://www.microsoft.com/technet/scriptcenter/default.mspx
Top

Re: MS04-028 Clarification needed by HenrikZawischa

HenrikZawischa
Fri Sep 17 02:09:08 CDT 2004

If I get you right,you are saying gdiplus.dlls version 5.0.x.x are not
affected. Is this true?

"Torgeir Bakken (MVP)" wrote:

> Henrik Zawischa wrote:
>
> > Hi,
> > I need a clarification concerning the affected products.
> >
> > If the following is true:
> > Affected are all products that use
> > Gdiplus.dll prior to version 5.1.3102.1355, Mso.dll prior to version
> > 10.0.6714.0 or Vgx.dll prior to version 6.0.2800.1411.
> >
> > Then IE 5 is affected too, in contradiction to the bulletin. I used my SMS
> > software inventory and found vgx.dll version 5.00.3014.1003 on the IE 5
> > systems.
> >
> > I found a gdiplus.dll version 5.1.3102.1229 in a Microsoft Works folder.
> > Does that mean Works must be patched, too?
> >
> > What I'd need is a clear statement as to which dlls are affected in which
> > versions.
> Hi
>
> Here is my take on it for Windows XP, Windows 2000, Windows Millennium
> Edition and Windows NT 4.0:
>
> *After* installing the relevant updates at
> http://www.microsoft.com/technet/security/Bulletin/MS04-028.mspx ,
>
> if you still find 5.1.x.x gdiplus.dll files on the hard disk with a
> lesser version number than 5.1.3102.1355, you should replace it with
> the gdiplus.dll v5.1.3102.1360 file that is available here:
>
> Platform SDK Redistributable: GDI+
> http://www.microsoft.com/downloads/details.aspx?FamilyId=6A63AB9C-DF12-4D41-933C-BE590FEAA05A&displaylang=en
> (this download link is also found in the MS04-028 bulletin)
>
> One exception for this is any extra gdiplus.dll files in the folder
> %windir%\WinSxS\... in Windows XP (and Win2k3 Server). This is system
> protected files that you will not be able to replace, and it is not
> necessary either, the system will force all applications to use the
> latest version anyway (that you have updated with the hotfix for WinXP
> in the MS04-028 bulletin).
>
>
>
> --
> torgeir, Microsoft MVP Scripting and WMI, Porsgrunn Norway
> Administration scripting examples and an ONLINE version of
> the 1328 page Scripting Guide:
> http://www.microsoft.com/technet/scriptcenter/default.mspx
>
Top

Re: MS04-028 Clarification needed by Torgeir

Torgeir
Fri Sep 17 04:03:40 CDT 2004

Henrik Zawischa wrote:

> If I get you right,you are saying gdiplus.dlls version 5.0.x.x
> are not affected. Is this true?
Hi

No, that was now what I meant. I have no idea if v5.0.x.x are affected.

Where/what applications have you found a v5.0.x.x?


You could try to replace the v5.0.x.x version(s) with v5.1.3102.1360
and then test that the application(s) still work fine.


--
torgeir, Microsoft MVP Scripting and WMI, Porsgrunn Norway
Administration scripting examples and an ONLINE version of
the 1328 page Scripting Guide:
http://www.microsoft.com/technet/scriptcenter/default.mspx
Top

RE: MS04-028 Clarification needed by HenrikZawischa

HenrikZawischa
Thu Sep 16 08:47:03 CDT 2004

In %SYSTEMROOT%\WinSXS the GDIPlus.dll is not replaced. New subfolders are
created and the old versions are kept. What consequence does that have?

"Henrik Zawischa" wrote:

> Hi,
> I need a clarification concerning the affected products.
>
> If the following is true:
> Affected are all products that use
> Gdiplus.dll prior to version 5.1.3102.1355, Mso.dll prior to version
> 10.0.6714.0 or Vgx.dll prior to version 6.0.2800.1411.
>
> Then IE 5 is affected too, in contradiction to the bulletin. I used my SMS
> software inventory and found vgx.dll version 5.00.3014.1003 on the IE 5
> systems.
>
> I found a gdiplus.dll version 5.1.3102.1229 in a Microsoft Works folder.
> Does that mean Works must be patched, too?
>
> What I'd need is a clear statement as to which dlls are affected in which
> versions.
>
> Thank you
>
> Henrik Zawischa
>
>
Top