Windows Secrets

Subscribers: Sign in

Enter your e-mail address to get a free subscription.
We guarantee your privacy
Skip to content
  • Home
  • Newsletter Archives
    • Current
    • LangaList Plus
    • Patch Watch
    • Wacky Web Week
    • Security Baseline
  • E-Books
  • Lounge
  • About us
    • Refunds
    • Privacy Policy
    • Advertise
  • Contact
  • Your Account
    • Upgrade
    • Preferences
    • Bonus Download
    • Unsubscribe
Home>Patch Watch>Windows GDI+ update prevents Web-image attacks

Windows GDI+ update prevents Web-image attacks
Tweet

Susan bradley By Susan Bradley

All versions of Windows XP and Vista have been found to be susceptible to infected image files in software and on Web sites, Microsoft announced on Patch Tuesday.

The fix Microsoft released this week for XP and Vista is also needed by the .NET Framework, MS Office versions from XP to 2007, Works 8.5, and Forefront Client Security.

MS09-062 (957488)
GDI+ glitch is a plus-sized headache

Microsoft released on Patch Tuesday more patches than ever before in a single week. I’ll let you decide whether that’s the good news or the bad news.

This week’s 13 separate security updates address 34 different vulnerabilities. Many of the security flaws affect all versions of Windows XP and Vista — and, in a couple of instances, Windows 7 as well. Topping the list of critical patches is MS09-062 (957488), which plugs a hole in Windows’ GDI+ graphics-rendering engine.

Without the patch, your system could become infected simply by opening an infected image in a software program or on a Web site. Microsoft Knowledge Base article 957488 lists the many products affected by this vulnerability:

  • The update for Windows XP, Vista, and Server 2003 and 2008 is described in KB article 958869.

  • .NET is covered in KB 971108, 971110, and 971111.

    This article is part of our paid content. Subscribe.

    Already a paid subscriber? Click here to login.

    Related posts:

    1. New Web-based attacks target Windows Media holes
    2. Stealth Windows update prevents XP repair
    3. One quick trick prevents AutoRun attacks
    4. Expect attacks via latest Windows security hole
    5. Heavy patch week to block Web-based attacks
= Paid content

All Windows Secrets articles posted on 2009-10-15:

  • Introduction Public deprived of WS site for two boring days
  • Top Story Press delete: the risk of outsourcing your data
  • Known Issues Tips for avoiding bogus ads in search results
  • Wacky Web Week Finally! An effective way to reduce traffic
  • LangaList Plus Remove a persistent Trojan once and for all
  • Best Software How to find out whether a file is infected
  • Patch Watch Windows GDI+ update prevents Web-image attacks
  •  Show all articles on a single page
Susan Bradley

About Susan Bradley

Susan Bradley is a Small Business Server and Security MVP, a title awarded by Microsoft to independent experts who do not work for the company. She's also a partner in a California CPA firm.
View all posts by Susan Bradley →
E-books

We’ve pored through years of back issues, picking the best tips, to create these ebooks:

E-book series
  • PC Maintenance Guide
  • PC Security Guide
  • Windows 7 Guide Vol 1
  • Windows 7 Guide Vol 2
  • Win XP Survival Guide
See the e-book series
Top-scoring articles in the past 12 months
  • Leaving long cookie trails throughout the Web 5.00
  • Windows-like security for Android devices 5.00
  • Win7′s no-reformat, nondestructive reinstall 4.53
  • The sorry tale of the (un)Secure Sockets Layer 4.42
  • RPV: Win7′s least-known data-protection system 4.33
  • Recovery: the last step in total data security 4.30
  • Time for a .NET update we can’t ignore 4.30
  • Getting the most from Windows Search — Part 1 4.25
  • Revising printing habits saves money and trees 4.25
  • Upgrades end in erratic, partial hangs 4.25
  • Pros and cons of a ‘keyfile’ password 4.21
  • Beating back Duku and a plethora of other threats 4.20
  • Office 2007 gets its final service pack 4.19
  • Putting Registry-/system-cleanup apps to the test 4.19
  • One year and 99 security bulletins later 4.18
  • 1.8TB external drive goes down hard 4.17
  • Don’t pay for software you don’t need — Part 3 4.16
  • Internet Explorer gets another round of patches 4.15
  • Is your free AV tool a ‘resource pig?’ 4.15
  • Vacation’s over; it’s a big round of patches 4.15
  • Remote access leads to remote attacks 4.15
  • Keeping you up to date: say no to .NET — again 4.14
  • Take control of Google’s privacy policy settings 4.14
  • Office File Validation patch leads to problems 4.14
  • The advanced system-recover toolkit 4.13
  • New “419″ scam involves PayPal and Western Union 4.12
  • Readers’ best personal-privacy tips 4.11
  • Getting the most from Windows Search — Part 2 4.11
  • Re-examining Dropbox and its alternatives 4.10
  • Easily edit Windows’ right-click context menus 4.09
Connect with us Follow us on Twitter Connect with us on Facebook View our RSS Feeds
  • Home|
  • Newsletter|
  • About Windows Secrets|
  • Advertise with us|
  • Unsubscribe|
  • Sitemap|
  • Affiliates|
Trademarks: Microsoft and Windows are registered trademarks of Microsoft Corporation. The Windows Secrets series of books is published by Wiley Publishing Inc. The Windows Secrets Newsletter, WindowsSecrets.com, WinFind, Windows Gizmos, Security Baseline, Patch Watch, Perimeter Scan, Wacky Web Week, the Logo Design (W, S or road, and Star), and the slogan Everything Microsoft Forgot to Mention all are trademarks and service marks of iNET Interactive. All other marks are the trademarks or service marks of their respective owners.
iNET Interactive Copyright © 2011 iNET Interactive.
All rights reserved.
Terms of Use  |  Privacy Policy
Internet Services
  • Web Hosting Talk
  • HostingCon
  • Hosting Catalog
  • Host Voice
Web Development
  • Hot Scripts
  • DB Forums
Digital Marketing
  • ABestWeb
  • Search Marketing Standard
  • PayPerClickUniverse
  • SEMCompare
Consumer Tech
  • Windows Secrets
  • Overclockers
  • Mac Forums

Learn more about
advertising opportunities across the iNET Interactive Network.

LiquidWeb