Guest denmarfl Posted August 26, 2008 Posted August 26, 2008 My Virus Scan reports a Microsoft High Risks Vulnerability and reports it as MS04-028. I have done a seach at Microsoft.com for MS04-028...and to be honest, I have not determined what it is I must do to resolve this risks. I don't see a Security download, etc. What must I do to resolve this Risks?
Guest Gary S. Terhune Posted August 26, 2008 Posted August 26, 2008 Re: MS04-028 Running WindowsXP SP3 Here? http://www.microsoft.com/technet/security/Bulletin/MS04-028.mspx There are a TON of download links in that article. The article also has a TON of information about possible problems you may encounter, another KB article to tell you how to deal with those, etc. But different versions apply to different OSes and OS versions. First read the article ENTIRELY!! Check out the referenced KB833937 http://support.microsoft.com/default.aspx?scid=kb;en-us;833987 Go through the list that's provided very carefully and for each item that is listed that you have, install the associated version of the patch. And do it very carefully. What Virus Scan are you using and does it report which application it is that requires the update? I presume you're up to date at Windows Update, or at least running SP2, which means it isn't Windows itself, so it must be some other app. -- Gary S. Terhune MS-MVP Shell/User http://grystmill.com "denmarfl" <denmarfl@discussions.microsoft.com> wrote in message news:FA24F314-3C22-42B5-A198-B06E15B1A4D5@microsoft.com... > My Virus Scan reports a Microsoft High Risks Vulnerability and reports it > as > MS04-028. I have done a seach at Microsoft.com for MS04-028...and to be > honest, I have not determined what it is I must do to resolve this risks. > I > don't see a Security download, etc. > > What must I do to resolve this Risks?
Guest PA Bear [MS MVP] Posted August 26, 2008 Posted August 26, 2008 Re: MS04-028 Running WindowsXP SP3 Does Windows Update offer the machine MS04-028 (KB833987)? If not, you don't need to install it. Check with your AV app's tech support. -- ~Robear Dyer (PA Bear) MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002 AumHa VSOP & Admin http://aumha.net DTS-L http://dts-l.net/ denmarfl wrote: > My Virus Scan reports a Microsoft High Risks Vulnerability and reports it > as > MS04-028. I have done a seach at Microsoft.com for MS04-028...and to be > honest, I have not determined what it is I must do to resolve this risks. > I > don't see a Security download, etc. > > What must I do to resolve this Risks?
Guest Gary S. Terhune Posted August 26, 2008 Posted August 26, 2008 Re: MS04-028 Running WindowsXP SP3 Doh! Isn't this what the often repeated Update "Microsoft GDI+ Detection Tool" is all about? http://support.microsoft.com/kb/873374 WU offers it to you every so often, though I don't know the logic behind its timing. But if you have any other MS apps than Windows, it's a good idea to upgrade WU to Microsoft Update. Sorry, "denmarfl", I gave you the long way. Probably much simpler to run the above Detection Tool. -- Gary S. Terhune MS-MVP Shell/User http://grystmill.com "PA Bear [MS MVP]" <PABearMVP@gmail.com> wrote in message news:OVKDewzBJHA.2712@TK2MSFTNGP06.phx.gbl... > Does Windows Update offer the machine MS04-028 (KB833987)? If not, you > don't need to install it. Check with your AV app's tech support. > -- > ~Robear Dyer (PA Bear) > MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002 > AumHa VSOP & Admin http://aumha.net > DTS-L http://dts-l.net/ > > denmarfl wrote: >> My Virus Scan reports a Microsoft High Risks Vulnerability and reports it >> as >> MS04-028. I have done a seach at Microsoft.com for MS04-028...and to be >> honest, I have not determined what it is I must do to resolve this risks. >> I >> don't see a Security download, etc. >> >> What must I do to resolve this Risks? >
Guest Anteaus Posted August 26, 2008 Posted August 26, 2008 RE: MS04-028 Running WindowsXP SP3 Might also add that virus scanner wouldn't normally report a vulnerability in the OS, its job is to find malware. This might be the case with 'security suite' apps I guess. "denmarfl" wrote: > My Virus Scan reports a Microsoft High Risks Vulnerability and reports it as > MS04-028. I have done a seach at Microsoft.com for MS04-028...and to be > honest, I have not determined what it is I must do to resolve this risks. I > don't see a Security download, etc. > > What must I do to resolve this Risks?
Guest denmarfl Posted August 26, 2008 Posted August 26, 2008 Re: MS04-028 Running WindowsXP SP3 AV is PcCllin. I contacted them they advised Microsoft provides the information regarding Vulnerability criteria....and they referred me to Microsoft. The information available for MS04-028 is massive and quite honestly intimidating as you try to review it. Surely there must be an easy way to get to the bottom of this alert and resolve the issue(s). Is there? "PA Bear [MS MVP]" wrote: > Does Windows Update offer the machine MS04-028 (KB833987)? If not, you > don't need to install it. Check with your AV app's tech support. > -- > ~Robear Dyer (PA Bear) > MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002 > AumHa VSOP & Admin http://aumha.net > DTS-L http://dts-l.net/ > > denmarfl wrote: > > My Virus Scan reports a Microsoft High Risks Vulnerability and reports it > > as > > MS04-028. I have done a seach at Microsoft.com for MS04-028...and to be > > honest, I have not determined what it is I must do to resolve this risks. > > I > > don't see a Security download, etc. > > > > What must I do to resolve this Risks? > >
Guest PA Bear [MS MVP] Posted August 26, 2008 Posted August 26, 2008 Re: MS04-028 Running WindowsXP SP3 Please state your full Windows version (e.g., WinXP SP3). Repost: >> Does Windows Update offer the machine MS04-028 (KB833987)? See GAry's reply. denmarfl wrote: > AV is PcCllin. I contacted them they advised Microsoft provides the > information regarding Vulnerability criteria....and they referred me to > Microsoft. The information available for MS04-028 is massive and quite > honestly intimidating as you try to review it. Surely there must be an > easy > way to get to the bottom of this alert and resolve the issue(s). Is > there? > > "PA Bear [MS MVP]" wrote: >> Does Windows Update offer the machine MS04-028 (KB833987)? If not, you >> don't need to install it. Check with your AV app's tech support. >> -- >> ~Robear Dyer (PA Bear) >> MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002 >> AumHa VSOP & Admin http://aumha.net >> DTS-L http://dts-l.net/ >> >> denmarfl wrote: >>> My Virus Scan reports a Microsoft High Risks Vulnerability and reports >>> it >>> as >>> MS04-028. I have done a seach at Microsoft.com for MS04-028...and to be >>> honest, I have not determined what it is I must do to resolve this >>> risks. >>> I don't see a Security download, etc. >>> >>> What must I do to resolve this Risks?
Guest denmarfl Posted August 26, 2008 Posted August 26, 2008 Re: MS04-028 Running WindowsXP SP3 Looking at "System Properities": Microsoft WindowsXP Home Edition Version 2002 Service Pack 3 When I run Windows Update it shows Current. I ran Express and Custom, Custom showed a few Windows Updates, none were KB833987 I Printed out all 24 pages of Windows Update History, and I did not see KB833987 "PA Bear [MS MVP]" wrote: > Please state your full Windows version (e.g., WinXP SP3). > > Repost: > >> Does Windows Update offer the machine MS04-028 (KB833987)? > > See GAry's reply. > > denmarfl wrote: > > AV is PcCllin. I contacted them they advised Microsoft provides the > > information regarding Vulnerability criteria....and they referred me to > > Microsoft. The information available for MS04-028 is massive and quite > > honestly intimidating as you try to review it. Surely there must be an > > easy > > way to get to the bottom of this alert and resolve the issue(s). Is > > there? > > > > "PA Bear [MS MVP]" wrote: > >> Does Windows Update offer the machine MS04-028 (KB833987)? If not, you > >> don't need to install it. Check with your AV app's tech support. > >> -- > >> ~Robear Dyer (PA Bear) > >> MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002 > >> AumHa VSOP & Admin http://aumha.net > >> DTS-L http://dts-l.net/ > >> > >> denmarfl wrote: > >>> My Virus Scan reports a Microsoft High Risks Vulnerability and reports > >>> it > >>> as > >>> MS04-028. I have done a seach at Microsoft.com for MS04-028...and to be > >>> honest, I have not determined what it is I must do to resolve this > >>> risks. > >>> I don't see a Security download, etc. > >>> > >>> What must I do to resolve this Risks? > >
Guest Gary S. Terhune Posted August 26, 2008 Posted August 26, 2008 Re: MS04-028 Running WindowsXP SP3 As PA, suggested, see second post (in reply to PA), for links to the tool that Windows Update offers up when it thinks you need it. That tool can be downloaded separately from: http://www.microsoft.com/downloads/details.aspx?FamilyId=71CD9E74-7142-4780-83E5-CE54401DA1D1&displaylang=en TinyURL for above link is http://tinyurl.com/5poq2s That tool inspects your system for any app that is vulnerable and needs the patch. Also, if you have other Microsoft products installed (Office and related apps are what I'm thinking of), have you upgraded Windows Update to Microsoft Update? -- Gary S. Terhune MS-MVP Shell/User http://grystmill.com "denmarfl" <denmarfl@discussions.microsoft.com> wrote in message news:78686A09-FB63-4D30-9DC4-B41AAB06AD2B@microsoft.com... > AV is PcCllin. I contacted them they advised Microsoft provides the > information regarding Vulnerability criteria....and they referred me to > Microsoft. The information available for MS04-028 is massive and quite > honestly intimidating as you try to review it. Surely there must be an > easy > way to get to the bottom of this alert and resolve the issue(s). Is > there? > > "PA Bear [MS MVP]" wrote: > >> Does Windows Update offer the machine MS04-028 (KB833987)? If not, you >> don't need to install it. Check with your AV app's tech support. >> -- >> ~Robear Dyer (PA Bear) >> MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002 >> AumHa VSOP & Admin http://aumha.net >> DTS-L http://dts-l.net/ >> >> denmarfl wrote: >> > My Virus Scan reports a Microsoft High Risks Vulnerability and reports >> > it >> > as >> > MS04-028. I have done a seach at Microsoft.com for MS04-028...and to >> > be >> > honest, I have not determined what it is I must do to resolve this >> > risks. >> > I >> > don't see a Security download, etc. >> > >> > What must I do to resolve this Risks? >> >>
Guest Gary S. Terhune Posted August 26, 2008 Posted August 26, 2008 Re: MS04-028 Running WindowsXP SP3 It's listed in my MU History as GDI+ Tool (KB873374) However, if it is listed in any file on my system except the printout from MU history online, it's in a different language (computer language) and not readable as plain text (unless there are translators for such things, I don't know.) In any case, it is downloaded, immediately runs, then disappears itself. No trace remains except in the History. Note that I downloaded and ran the GDI+ Detection Tool just now, and while it told me that I have software installed that MAY be vulnerable, it does not identify the app and simply provides instructions to use Windows Update and Office Update (or Microsoft Update, which includes both) to check to see that the proper patches have been installed. In my case, the only vulnerable item I had was Office XP, and while the MS04-028 update doesn't appear in the History, I presume it was subsumed into a later Update. All I know is that none of the Update sites offers the patch and it isn't listed in my WU history. So, I downloaded the patch suggested for Office XP SP3 http://www.microsoft.com/downloads/details.aspx?FamilyId=7D128614-6D34-49DF-8D63-6C17E9A2D312&displaylang=en and ran it, first the full version, which simply prompted Office Setup, so I clicked OK and downloaded the client version and it gave me a message that the patch had already been installed or had been included in a later update. It still does not appear to be listed in my system anywhere, so I presume the latter. However I don't feel like investigating that possibility (list all the subsequent patches and then find out what's in them.) In case you're curious, this XP SP2 (now SP3) system was installed at the end of January, 2007, and Office XP w/ FrontPage a month later. They were immediately updated using Microsoft Update and kept up to date. So, as PA Bear says, your best recourse is to simply see if Windows Update, Office Update or Microsoft Update offer any of the MS04-028 patches. Or you can do what I did and apply any version that applies to any app you have that's listed in MS04-028 and see what happens. Maybe your AV simply ran the equivalent (or the very same) GDI+ Detection tool and got the same message I did -- you have apps or OS installed that MAY be susceptible and you should make sure you're up to date. Windows, Office and/or Microsoft Update will tell you if any patch is needed. -- Gary S. Terhune MS-MVP Shell/User http://grystmill.com "denmarfl" <denmarfl@discussions.microsoft.com> wrote in message news:7F2A9641-57B7-4143-B6E6-6A928A2F027B@microsoft.com... > Looking at "System Properities": > Microsoft WindowsXP > Home Edition > Version 2002 Service Pack 3 > > When I run Windows Update it shows Current. I ran Express and Custom, > Custom showed a few Windows Updates, none were KB833987 > > I Printed out all 24 pages of Windows Update History, and I did not see > KB833987 > > "PA Bear [MS MVP]" wrote: > >> Please state your full Windows version (e.g., WinXP SP3). >> >> Repost: >> >> Does Windows Update offer the machine MS04-028 (KB833987)? >> >> See GAry's reply. >> >> denmarfl wrote: >> > AV is PcCllin. I contacted them they advised Microsoft provides the >> > information regarding Vulnerability criteria....and they referred me to >> > Microsoft. The information available for MS04-028 is massive and quite >> > honestly intimidating as you try to review it. Surely there must be an >> > easy >> > way to get to the bottom of this alert and resolve the issue(s). Is >> > there? >> > >> > "PA Bear [MS MVP]" wrote: >> >> Does Windows Update offer the machine MS04-028 (KB833987)? If not, >> >> you >> >> don't need to install it. Check with your AV app's tech support. >> >> -- >> >> ~Robear Dyer (PA Bear) >> >> MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002 >> >> AumHa VSOP & Admin http://aumha.net >> >> DTS-L http://dts-l.net/ >> >> >> >> denmarfl wrote: >> >>> My Virus Scan reports a Microsoft High Risks Vulnerability and >> >>> reports >> >>> it >> >>> as >> >>> MS04-028. I have done a seach at Microsoft.com for MS04-028...and to >> >>> be >> >>> honest, I have not determined what it is I must do to resolve this >> >>> risks. >> >>> I don't see a Security download, etc. >> >>> >> >>> What must I do to resolve this Risks? >> >>
Guest PA Bear [MS MVP] Posted August 27, 2008 Posted August 27, 2008 Re: MS04-028 Running WindowsXP SP3 This fix was included in WinXP SP2 when it was released; therefore it's included by default in SP3; cf. Non-Affected Software section of http://www.microsoft.com/technet/security/bulletin/ms04-028.mspx. However, several versions of other MS applications are listed in Affected Software section of MS04-028, including MS Office. If you have these applications installed and your default update source is Microsoft Update (vs Windows Update*), you should be OK. Otherwise, check in at Office Update ASAP: http://office.microsoft.com/officeupdate/ ==================== * Microsoft Update offers updates for Windows, Office, and many Windows Live applications. -- ~PA Bear denmarfl wrote: > Looking at "System Properities": > Microsoft WindowsXP > Home Edition > Version 2002 Service Pack 3 > > When I run Windows Update it shows Current. I ran Express and Custom, > Custom showed a few Windows Updates, none were KB833987 > > I Printed out all 24 pages of Windows Update History, and I did not see > KB833987 > > "PA Bear [MS MVP]" wrote: > >> Please state your full Windows version (e.g., WinXP SP3). >> >> Repost: >>>> Does Windows Update offer the machine MS04-028 (KB833987)? >> >> See GAry's reply. >> >> denmarfl wrote: >>> AV is PcCllin. I contacted them they advised Microsoft provides the >>> information regarding Vulnerability criteria....and they referred me to >>> Microsoft. The information available for MS04-028 is massive and quite >>> honestly intimidating as you try to review it. Surely there must be an >>> easy >>> way to get to the bottom of this alert and resolve the issue(s). Is >>> there? >>> >>> "PA Bear [MS MVP]" wrote: >>>> Does Windows Update offer the machine MS04-028 (KB833987)? If not, you >>>> don't need to install it. Check with your AV app's tech support. >>>> -- >>>> ~Robear Dyer (PA Bear) >>>> MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002 >>>> AumHa VSOP & Admin http://aumha.net >>>> DTS-L http://dts-l.net/ >>>> >>>> denmarfl wrote: >>>>> My Virus Scan reports a Microsoft High Risks Vulnerability and reports >>>>> it >>>>> as >>>>> MS04-028. I have done a seach at Microsoft.com for MS04-028...and to >>>>> be >>>>> honest, I have not determined what it is I must do to resolve this >>>>> risks. >>>>> I don't see a Security download, etc. >>>>> >>>>> What must I do to resolve this Risks?
Guest denmarfl Posted August 27, 2008 Posted August 27, 2008 RE: MS04-028 Running WindowsXP SP3 I am using PcCillin Internet Security....and I totally understand your response. However, I use this same AV Software on other PC's and over the years this vulnerability Scan\Alert on other PC's has proven itself reliable every time it has reported a vulnerability. Speaking with the techs at PcCillin they advise this part of their AV Software is actually designed and built using Microsoft vulnerability specs. It is unfortunate that when a vulnerability is discovered that they are unable to assist because it is a Microsoft issue. "Anteaus" wrote: > Might also add that virus scanner wouldn't normally report a vulnerability in > the OS, its job is to find malware. This might be the case with 'security > suite' apps I guess. > > "denmarfl" wrote: > > > My Virus Scan reports a Microsoft High Risks Vulnerability and reports it as > > MS04-028. I have done a seach at Microsoft.com for MS04-028...and to be > > honest, I have not determined what it is I must do to resolve this risks. I > > don't see a Security download, etc. > > > > What must I do to resolve this Risks?
Guest PA Bear [MS MVP] Posted August 27, 2008 Posted August 27, 2008 Re: MS04-028 Running WindowsXP SP3 It all depends on where this supposed vulnerability was detected (e.g., in System Volume Information; in an email). denmarfl wrote: > I am using PcCillin Internet Security....and I totally understand your > response. However, I use this same AV Software on other PC's and over the > years this vulnerability Scan\Alert on other PC's has proven itself > reliable > every time it has reported a vulnerability. Speaking with the techs at > PcCillin they advise this part of their AV Software is actually designed > and > built using Microsoft vulnerability specs. It is unfortunate that when > a > vulnerability is discovered that they are unable to assist because it is a > Microsoft issue. > > "Anteaus" wrote: > >> Might also add that virus scanner wouldn't normally report a >> vulnerability >> in the OS, its job is to find malware. This might be the case with >> 'security suite' apps I guess. >> >> "denmarfl" wrote: >> >>> My Virus Scan reports a Microsoft High Risks Vulnerability and reports >>> it >>> as MS04-028. I have done a seach at Microsoft.com for MS04-028...and to >>> be honest, I have not determined what it is I must do to resolve this >>> risks. I don't see a Security download, etc. >>> >>> What must I do to resolve this Risks?
Guest denmarfl Posted August 27, 2008 Posted August 27, 2008 Re: MS04-028 Running WindowsXP SP3 I ran Windows Update and Microsoft Update...I went to Microsoft Office and ran the update as well at that site....all came back showing my updates were current. Does Mirosoft make anything that is easy? I downloaded and ran the gdidettool, it showed "The Software tool has detected that you are running Microsoft software that may contain a security vulnerability. There are security updates available from Microsoft that fix rhis security vulnerability. Would you like to learn more about the security vulnerability as well as the necessary security updates that address it?...." The Word doscument that opens that I thought was going to point me to the needed security updates was not of much help. It basically advised to run the Windows\Microsoft\Office Updates. The Word Document did read "How to update your computer with the JPEG processing (GDI+) security update". I really don't know to do next? I was hoping Specific Security Updates would be shown that if downloaded and installed would fix the problem....MS04-028 Will appreciate any assistance you can provide "PA Bear [MS MVP]" wrote: > It all depends on where this supposed vulnerability was detected (e.g., in > System Volume Information; in an email). > > denmarfl wrote: > > I am using PcCillin Internet Security....and I totally understand your > > response. However, I use this same AV Software on other PC's and over the > > years this vulnerability Scan\Alert on other PC's has proven itself > > reliable > > every time it has reported a vulnerability. Speaking with the techs at > > PcCillin they advise this part of their AV Software is actually designed > > and > > built using Microsoft vulnerability specs. It is unfortunate that when > > a > > vulnerability is discovered that they are unable to assist because it is a > > Microsoft issue. > > > > "Anteaus" wrote: > > > >> Might also add that virus scanner wouldn't normally report a > >> vulnerability > >> in the OS, its job is to find malware. This might be the case with > >> 'security suite' apps I guess. > >> > >> "denmarfl" wrote: > >> > >>> My Virus Scan reports a Microsoft High Risks Vulnerability and reports > >>> it > >>> as MS04-028. I have done a seach at Microsoft.com for MS04-028...and to > >>> be honest, I have not determined what it is I must do to resolve this > >>> risks. I don't see a Security download, etc. > >>> > >>> What must I do to resolve this Risks? > >
Guest PA Bear [MS MVP] Posted August 27, 2008 Posted August 27, 2008 Re: MS04-028 Running WindowsXP SP3 Free unlimited installation and compatibility support is available for Windows XP, but only for Service Pack 3 (SP3), until 14 Apr-09. Chat and e-mail support is available only in the United States and Canada. Go to http://support.microsoft.com/oas/default.aspx?gprid=1173 | select Windows XP | select Windows XP Service Pack 3 -- ~Robear Dyer (PA Bear) MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002 AumHa VSOP & Admin http://aumha.net DTS-L http://dts-l.net/ denmarfl wrote: > I ran Windows Update and Microsoft Update...I went to Microsoft Office and > ran the update as well at that site....all came back showing my updates > were > current. > > Does Mirosoft make anything that is easy? I downloaded and ran the > gdidettool, it showed > > "The Software tool has detected that you are running Microsoft software > that may contain a security vulnerability. There are security updates > available from Microsoft that fix rhis security vulnerability. > Would you like to learn more about the security vulnerability as well as > the > necessary security updates that address it?...." > > > The Word doscument that opens that I thought was going to point me to the > needed security updates was not of much help. It basically advised to run > the Windows\Microsoft\Office Updates. > > The Word Document did read "How to update your computer with the JPEG > processing (GDI+) security update". > > I really don't know to do next? I was hoping Specific Security Updates > would be shown that if downloaded and installed would fix the > problem....MS04-028 > > Will appreciate any assistance you can provide > > > "PA Bear [MS MVP]" wrote: > >> It all depends on where this supposed vulnerability was detected (e.g., >> in >> System Volume Information; in an email). >> >> denmarfl wrote: >>> I am using PcCillin Internet Security....and I totally understand your >>> response. However, I use this same AV Software on other PC's and over >>> the >>> years this vulnerability Scan\Alert on other PC's has proven itself >>> reliable >>> every time it has reported a vulnerability. Speaking with the techs at >>> PcCillin they advise this part of their AV Software is actually designed >>> and >>> built using Microsoft vulnerability specs. It is unfortunate that >>> when >>> a >>> vulnerability is discovered that they are unable to assist because it is >>> a >>> Microsoft issue. >>> >>> "Anteaus" wrote: >>> >>>> Might also add that virus scanner wouldn't normally report a >>>> vulnerability >>>> in the OS, its job is to find malware. This might be the case with >>>> 'security suite' apps I guess. >>>> >>>> "denmarfl" wrote: >>>> >>>>> My Virus Scan reports a Microsoft High Risks Vulnerability and reports >>>>> it >>>>> as MS04-028. I have done a seach at Microsoft.com for MS04-028...and >>>>> to >>>>> be honest, I have not determined what it is I must do to resolve this >>>>> risks. I don't see a Security download, etc. >>>>> >>>>> What must I do to resolve this Risks?
Guest Gary S. Terhune Posted August 27, 2008 Posted August 27, 2008 Re: MS04-028 Running WindowsXP SP3 What problem? All you have given us is that PCCillin claims that some unnamed part of your system is (potentially?) vulnerable to the "High Risk" described in MS04-028. Is that the most detail you can provide? If you run the scan again, do you get the notice again? If so, please post the message here EXACTLY word for word. Because at this moment, the high-rollers are placing their bets on the system and any affected applications having already been patched, whether directly or as part of some other Update or as part of a Service Pack. In any case, I can't give you more advice than I already have, particularly in yesterday's post of 11:44 AM (Pacific Daylight Time). Either accept that if you needed the patch it would be offered, or go through MS04-028 line by line and identify each and every item that is listed as potentially vulnerable, then download the patch listed for that app (using the consumer version) and run it. It will either install or it will tell you that it has already been installed. -- Gary S. Terhune MS-MVP Shell/User http://grystmill.com "denmarfl" <denmarfl@discussions.microsoft.com> wrote in message news:EC8CC67E-5A33-4D81-90A6-79B3CE388B7E@microsoft.com... >I ran Windows Update and Microsoft Update...I went to Microsoft Office and > ran the update as well at that site....all came back showing my updates > were > current. > > Does Mirosoft make anything that is easy? I downloaded and ran the > gdidettool, it showed > > "The Software tool has detected that you are running Microsoft software > that may contain a security vulnerability. There are security updates > available from Microsoft that fix rhis security vulnerability. > Would you like to learn more about the security vulnerability as well as > the > necessary security updates that address it?...." > > > The Word doscument that opens that I thought was going to point me to the > needed security updates was not of much help. It basically advised to run > the Windows\Microsoft\Office Updates. > > The Word Document did read "How to update your computer with the JPEG > processing (GDI+) security update". > > I really don't know to do next? I was hoping Specific Security Updates > would be shown that if downloaded and installed would fix the > problem....MS04-028 > > Will appreciate any assistance you can provide > > > "PA Bear [MS MVP]" wrote: > >> It all depends on where this supposed vulnerability was detected (e.g., >> in >> System Volume Information; in an email). >> >> denmarfl wrote: >> > I am using PcCillin Internet Security....and I totally understand your >> > response. However, I use this same AV Software on other PC's and over >> > the >> > years this vulnerability Scan\Alert on other PC's has proven itself >> > reliable >> > every time it has reported a vulnerability. Speaking with the techs at >> > PcCillin they advise this part of their AV Software is actually >> > designed >> > and >> > built using Microsoft vulnerability specs. It is unfortunate that >> > when >> > a >> > vulnerability is discovered that they are unable to assist because it >> > is a >> > Microsoft issue. >> > >> > "Anteaus" wrote: >> > >> >> Might also add that virus scanner wouldn't normally report a >> >> vulnerability >> >> in the OS, its job is to find malware. This might be the case with >> >> 'security suite' apps I guess. >> >> >> >> "denmarfl" wrote: >> >> >> >>> My Virus Scan reports a Microsoft High Risks Vulnerability and >> >>> reports >> >>> it >> >>> as MS04-028. I have done a seach at Microsoft.com for MS04-028...and >> >>> to >> >>> be honest, I have not determined what it is I must do to resolve this >> >>> risks. I don't see a Security download, etc. >> >>> >> >>> What must I do to resolve this Risks? >> >>
Guest denmarfl Posted August 27, 2008 Posted August 27, 2008 Re: MS04-028 Running WindowsXP SP3 I took the same steps you followed downloading the both patches; the 1st simply appeared as a Modify\Repair\uninstall for Office. When I ran the client downlad I got the same message as you got. I ran the scan again, the only info provided is 1 Vulnerbility Found and it shows MS04-028...I wish there was more but there is Not. This is what I was referring to when I wrote, Microsoft does not make it easy....... "Gary S. Terhune" wrote: > What problem? All you have given us is that PCCillin claims that some > unnamed part of your system is (potentially?) vulnerable to the "High Risk" > described in MS04-028. Is that the most detail you can provide? If you run > the scan again, do you get the notice again? If so, please post the message > here EXACTLY word for word. Because at this moment, the high-rollers are > placing their bets on the system and any affected applications having > already been patched, whether directly or as part of some other Update or as > part of a Service Pack. > > In any case, I can't give you more advice than I already have, particularly > in yesterday's post of 11:44 AM (Pacific Daylight Time). Either accept that > if you needed the patch it would be offered, or go through MS04-028 line by > line and identify each and every item that is listed as potentially > vulnerable, then download the patch listed for that app (using the consumer > version) and run it. It will either install or it will tell you that it has > already been installed. > > -- > Gary S. Terhune > MS-MVP Shell/User > http://grystmill.com > > "denmarfl" <denmarfl@discussions.microsoft.com> wrote in message > news:EC8CC67E-5A33-4D81-90A6-79B3CE388B7E@microsoft.com... > >I ran Windows Update and Microsoft Update...I went to Microsoft Office and > > ran the update as well at that site....all came back showing my updates > > were > > current. > > > > Does Mirosoft make anything that is easy? I downloaded and ran the > > gdidettool, it showed > > > > "The Software tool has detected that you are running Microsoft software > > that may contain a security vulnerability. There are security updates > > available from Microsoft that fix rhis security vulnerability. > > Would you like to learn more about the security vulnerability as well as > > the > > necessary security updates that address it?...." > > > > > > The Word doscument that opens that I thought was going to point me to the > > needed security updates was not of much help. It basically advised to run > > the Windows\Microsoft\Office Updates. > > > > The Word Document did read "How to update your computer with the JPEG > > processing (GDI+) security update". > > > > I really don't know to do next? I was hoping Specific Security Updates > > would be shown that if downloaded and installed would fix the > > problem....MS04-028 > > > > Will appreciate any assistance you can provide > > > > > > "PA Bear [MS MVP]" wrote: > > > >> It all depends on where this supposed vulnerability was detected (e.g., > >> in > >> System Volume Information; in an email). > >> > >> denmarfl wrote: > >> > I am using PcCillin Internet Security....and I totally understand your > >> > response. However, I use this same AV Software on other PC's and over > >> > the > >> > years this vulnerability Scan\Alert on other PC's has proven itself > >> > reliable > >> > every time it has reported a vulnerability. Speaking with the techs at > >> > PcCillin they advise this part of their AV Software is actually > >> > designed > >> > and > >> > built using Microsoft vulnerability specs. It is unfortunate that > >> > when > >> > a > >> > vulnerability is discovered that they are unable to assist because it > >> > is a > >> > Microsoft issue. > >> > > >> > "Anteaus" wrote: > >> > > >> >> Might also add that virus scanner wouldn't normally report a > >> >> vulnerability > >> >> in the OS, its job is to find malware. This might be the case with > >> >> 'security suite' apps I guess. > >> >> > >> >> "denmarfl" wrote: > >> >> > >> >>> My Virus Scan reports a Microsoft High Risks Vulnerability and > >> >>> reports > >> >>> it > >> >>> as MS04-028. I have done a seach at Microsoft.com for MS04-028...and > >> >>> to > >> >>> be honest, I have not determined what it is I must do to resolve this > >> >>> risks. I don't see a Security download, etc. > >> >>> > >> >>> What must I do to resolve this Risks? > >> > >> > > >
Guest PA Bear [MS MVP] Posted August 27, 2008 Posted August 27, 2008 Re: MS04-028 Running WindowsXP SP3 Again, *where* (e.g., in what file and/or folder) is this supposed vulnerability located? denmarfl wrote: > I took the same steps you followed downloading the both patches; the 1st > simply appeared as a Modify\Repair\uninstall for Office. When I ran the > client downlad I got the same message as you got. > > I ran the scan again, the only info provided is 1 Vulnerbility Found and > it > shows MS04-028...I wish there was more but there is Not. > > This is what I was referring to when I wrote, Microsoft does not make it > easy....... > > "Gary S. Terhune" wrote: > >> What problem? All you have given us is that PCCillin claims that some >> unnamed part of your system is (potentially?) vulnerable to the "High >> Risk" >> described in MS04-028. Is that the most detail you can provide? If you >> run >> the scan again, do you get the notice again? If so, please post the >> message >> here EXACTLY word for word. Because at this moment, the high-rollers are >> placing their bets on the system and any affected applications having >> already been patched, whether directly or as part of some other Update or >> as part of a Service Pack. >> >> In any case, I can't give you more advice than I already have, >> particularly >> in yesterday's post of 11:44 AM (Pacific Daylight Time). Either accept >> that >> if you needed the patch it would be offered, or go through MS04-028 line >> by >> line and identify each and every item that is listed as potentially >> vulnerable, then download the patch listed for that app (using the >> consumer >> version) and run it. It will either install or it will tell you that it >> has >> already been installed. >> >> -- >> Gary S. Terhune >> MS-MVP Shell/User >> http://grystmill.com >> >> "denmarfl" <denmarfl@discussions.microsoft.com> wrote in message >> news:EC8CC67E-5A33-4D81-90A6-79B3CE388B7E@microsoft.com... >>> I ran Windows Update and Microsoft Update...I went to Microsoft Office >>> and >>> ran the update as well at that site....all came back showing my updates >>> were >>> current. >>> >>> Does Mirosoft make anything that is easy? I downloaded and ran the >>> gdidettool, it showed >>> >>> "The Software tool has detected that you are running Microsoft software >>> that may contain a security vulnerability. There are security updates >>> available from Microsoft that fix rhis security vulnerability. >>> Would you like to learn more about the security vulnerability as well as >>> the >>> necessary security updates that address it?...." >>> >>> >>> The Word doscument that opens that I thought was going to point me to >>> the >>> needed security updates was not of much help. It basically advised to >>> run >>> the Windows\Microsoft\Office Updates. >>> >>> The Word Document did read "How to update your computer with the JPEG >>> processing (GDI+) security update". >>> >>> I really don't know to do next? I was hoping Specific Security Updates >>> would be shown that if downloaded and installed would fix the >>> problem....MS04-028 >>> >>> Will appreciate any assistance you can provide >>> >>> >>> "PA Bear [MS MVP]" wrote: >>> >>>> It all depends on where this supposed vulnerability was detected (e.g., >>>> in >>>> System Volume Information; in an email). >>>> >>>> denmarfl wrote: >>>>> I am using PcCillin Internet Security....and I totally understand your >>>>> response. However, I use this same AV Software on other PC's and over >>>>> the >>>>> years this vulnerability Scan\Alert on other PC's has proven itself >>>>> reliable >>>>> every time it has reported a vulnerability. Speaking with the techs >>>>> at >>>>> PcCillin they advise this part of their AV Software is actually >>>>> designed >>>>> and >>>>> built using Microsoft vulnerability specs. It is unfortunate that >>>>> when >>>>> a >>>>> vulnerability is discovered that they are unable to assist because it >>>>> is a >>>>> Microsoft issue. >>>>> >>>>> "Anteaus" wrote: >>>>> >>>>>> Might also add that virus scanner wouldn't normally report a >>>>>> vulnerability >>>>>> in the OS, its job is to find malware. This might be the case with >>>>>> 'security suite' apps I guess. >>>>>> >>>>>> "denmarfl" wrote: >>>>>> >>>>>>> My Virus Scan reports a Microsoft High Risks Vulnerability and >>>>>>> reports >>>>>>> it >>>>>>> as MS04-028. I have done a seach at Microsoft.com for >>>>>>> MS04-028...and >>>>>>> to >>>>>>> be honest, I have not determined what it is I must do to resolve >>>>>>> this >>>>>>> risks. I don't see a Security download, etc. >>>>>>> >>>>>>> What must I do to resolve this Risks?
Guest Gary S. Terhune Posted August 27, 2008 Posted August 27, 2008 Re: MS04-028 Running WindowsXP SP3 Why do you blame Microsoft when the problem is obviously PCCillan's ignorant and/or inadequately detailed findings? I have no problem with MS04-028, though it *is* one of the more complicated articles they ever produced due to the number of OSes and applications that are affected and the number of *different* patches that apply, depending on which OS or application, which version and which SP, are involved. But while the issue is complicated, Microsoft makes it clear in many places that what you do for this "problem" is go to Windows, Office, or Microsoft Update and if the appropriate patch is offered install it. Otherwise, assume it's been installed. If you don't like making that kind of assumption, then do as I say and go through the whole list and check manually for full compliance. Personally, having had plenty of experience with Trend Micro, both PC-cillin and enterprise versions, my opinion of their tech support is almost as low as you can go. I would suggest that you call them back and tell them that this Microsoft MVP thinks they have a false positive on their hands, or an inadequate explanation of the finding, and that they ought to figure it out immediately and explain it to your satisfaction, or you're switching to a different vendor. I recommend Avast!. Heck, it's even free. -- Gary S. Terhune MS-MVP Shell/User http://grystmill.com "denmarfl" <denmarfl@discussions.microsoft.com> wrote in message news:C50B970D-91EA-4326-B6A4-2016F36C148A@microsoft.com... >I took the same steps you followed downloading the both patches; the 1st > simply appeared as a Modify\Repair\uninstall for Office. When I ran the > client downlad I got the same message as you got. > > I ran the scan again, the only info provided is 1 Vulnerbility Found and > it > shows MS04-028...I wish there was more but there is Not. > > This is what I was referring to when I wrote, Microsoft does not make it > easy....... > > "Gary S. Terhune" wrote: > >> What problem? All you have given us is that PCCillin claims that some >> unnamed part of your system is (potentially?) vulnerable to the "High >> Risk" >> described in MS04-028. Is that the most detail you can provide? If you >> run >> the scan again, do you get the notice again? If so, please post the >> message >> here EXACTLY word for word. Because at this moment, the high-rollers are >> placing their bets on the system and any affected applications having >> already been patched, whether directly or as part of some other Update or >> as >> part of a Service Pack. >> >> In any case, I can't give you more advice than I already have, >> particularly >> in yesterday's post of 11:44 AM (Pacific Daylight Time). Either accept >> that >> if you needed the patch it would be offered, or go through MS04-028 line >> by >> line and identify each and every item that is listed as potentially >> vulnerable, then download the patch listed for that app (using the >> consumer >> version) and run it. It will either install or it will tell you that it >> has >> already been installed. >> >> -- >> Gary S. Terhune >> MS-MVP Shell/User >> http://grystmill.com >> >> "denmarfl" <denmarfl@discussions.microsoft.com> wrote in message >> news:EC8CC67E-5A33-4D81-90A6-79B3CE388B7E@microsoft.com... >> >I ran Windows Update and Microsoft Update...I went to Microsoft Office >> >and >> > ran the update as well at that site....all came back showing my updates >> > were >> > current. >> > >> > Does Mirosoft make anything that is easy? I downloaded and ran the >> > gdidettool, it showed >> > >> > "The Software tool has detected that you are running Microsoft software >> > that may contain a security vulnerability. There are security updates >> > available from Microsoft that fix rhis security vulnerability. >> > Would you like to learn more about the security vulnerability as well >> > as >> > the >> > necessary security updates that address it?...." >> > >> > >> > The Word doscument that opens that I thought was going to point me to >> > the >> > needed security updates was not of much help. It basically advised to >> > run >> > the Windows\Microsoft\Office Updates. >> > >> > The Word Document did read "How to update your computer with the JPEG >> > processing (GDI+) security update". >> > >> > I really don't know to do next? I was hoping Specific Security Updates >> > would be shown that if downloaded and installed would fix the >> > problem....MS04-028 >> > >> > Will appreciate any assistance you can provide >> > >> > >> > "PA Bear [MS MVP]" wrote: >> > >> >> It all depends on where this supposed vulnerability was detected >> >> (e.g., >> >> in >> >> System Volume Information; in an email). >> >> >> >> denmarfl wrote: >> >> > I am using PcCillin Internet Security....and I totally understand >> >> > your >> >> > response. However, I use this same AV Software on other PC's and >> >> > over >> >> > the >> >> > years this vulnerability Scan\Alert on other PC's has proven itself >> >> > reliable >> >> > every time it has reported a vulnerability. Speaking with the techs >> >> > at >> >> > PcCillin they advise this part of their AV Software is actually >> >> > designed >> >> > and >> >> > built using Microsoft vulnerability specs. It is unfortunate that >> >> > when >> >> > a >> >> > vulnerability is discovered that they are unable to assist because >> >> > it >> >> > is a >> >> > Microsoft issue. >> >> > >> >> > "Anteaus" wrote: >> >> > >> >> >> Might also add that virus scanner wouldn't normally report a >> >> >> vulnerability >> >> >> in the OS, its job is to find malware. This might be the case with >> >> >> 'security suite' apps I guess. >> >> >> >> >> >> "denmarfl" wrote: >> >> >> >> >> >>> My Virus Scan reports a Microsoft High Risks Vulnerability and >> >> >>> reports >> >> >>> it >> >> >>> as MS04-028. I have done a seach at Microsoft.com for >> >> >>> MS04-028...and >> >> >>> to >> >> >>> be honest, I have not determined what it is I must do to resolve >> >> >>> this >> >> >>> risks. I don't see a Security download, etc. >> >> >>> >> >> >>> What must I do to resolve this Risks? >> >> >> >> >> >> >>
Guest denmarfl Posted August 28, 2008 Posted August 28, 2008 Re: MS04-028 Running WindowsXP SP3 I wish I could answer the question. The AV only reports "1 Vulnerbility Found and reports it as MS04-028" (Nothing more). When I ran the Microsoft Tool, it merely reported "The Software tool has detected that you are running Microsoft software that may contain a security vulnerability". Neither shows anymore information than what I have written. Sure would be nice if they did..... "PA Bear [MS MVP]" wrote: > Again, *where* (e.g., in what file and/or folder) is this supposed > vulnerability located? > > denmarfl wrote: > > I took the same steps you followed downloading the both patches; the 1st > > simply appeared as a Modify\Repair\uninstall for Office. When I ran the > > client downlad I got the same message as you got. > > > > I ran the scan again, the only info provided is 1 Vulnerbility Found and > > it > > shows MS04-028...I wish there was more but there is Not. > > > > This is what I was referring to when I wrote, Microsoft does not make it > > easy....... > > > > "Gary S. Terhune" wrote: > > > >> What problem? All you have given us is that PCCillin claims that some > >> unnamed part of your system is (potentially?) vulnerable to the "High > >> Risk" > >> described in MS04-028. Is that the most detail you can provide? If you > >> run > >> the scan again, do you get the notice again? If so, please post the > >> message > >> here EXACTLY word for word. Because at this moment, the high-rollers are > >> placing their bets on the system and any affected applications having > >> already been patched, whether directly or as part of some other Update or > >> as part of a Service Pack. > >> > >> In any case, I can't give you more advice than I already have, > >> particularly > >> in yesterday's post of 11:44 AM (Pacific Daylight Time). Either accept > >> that > >> if you needed the patch it would be offered, or go through MS04-028 line > >> by > >> line and identify each and every item that is listed as potentially > >> vulnerable, then download the patch listed for that app (using the > >> consumer > >> version) and run it. It will either install or it will tell you that it > >> has > >> already been installed. > >> > >> -- > >> Gary S. Terhune > >> MS-MVP Shell/User > >> http://grystmill.com > >> > >> "denmarfl" <denmarfl@discussions.microsoft.com> wrote in message > >> news:EC8CC67E-5A33-4D81-90A6-79B3CE388B7E@microsoft.com... > >>> I ran Windows Update and Microsoft Update...I went to Microsoft Office > >>> and > >>> ran the update as well at that site....all came back showing my updates > >>> were > >>> current. > >>> > >>> Does Mirosoft make anything that is easy? I downloaded and ran the > >>> gdidettool, it showed > >>> > >>> "The Software tool has detected that you are running Microsoft software > >>> that may contain a security vulnerability. There are security updates > >>> available from Microsoft that fix rhis security vulnerability. > >>> Would you like to learn more about the security vulnerability as well as > >>> the > >>> necessary security updates that address it?...." > >>> > >>> > >>> The Word doscument that opens that I thought was going to point me to > >>> the > >>> needed security updates was not of much help. It basically advised to > >>> run > >>> the Windows\Microsoft\Office Updates. > >>> > >>> The Word Document did read "How to update your computer with the JPEG > >>> processing (GDI+) security update". > >>> > >>> I really don't know to do next? I was hoping Specific Security Updates > >>> would be shown that if downloaded and installed would fix the > >>> problem....MS04-028 > >>> > >>> Will appreciate any assistance you can provide > >>> > >>> > >>> "PA Bear [MS MVP]" wrote: > >>> > >>>> It all depends on where this supposed vulnerability was detected (e.g., > >>>> in > >>>> System Volume Information; in an email). > >>>> > >>>> denmarfl wrote: > >>>>> I am using PcCillin Internet Security....and I totally understand your > >>>>> response. However, I use this same AV Software on other PC's and over > >>>>> the > >>>>> years this vulnerability Scan\Alert on other PC's has proven itself > >>>>> reliable > >>>>> every time it has reported a vulnerability. Speaking with the techs > >>>>> at > >>>>> PcCillin they advise this part of their AV Software is actually > >>>>> designed > >>>>> and > >>>>> built using Microsoft vulnerability specs. It is unfortunate that > >>>>> when > >>>>> a > >>>>> vulnerability is discovered that they are unable to assist because it > >>>>> is a > >>>>> Microsoft issue. > >>>>> > >>>>> "Anteaus" wrote: > >>>>> > >>>>>> Might also add that virus scanner wouldn't normally report a > >>>>>> vulnerability > >>>>>> in the OS, its job is to find malware. This might be the case with > >>>>>> 'security suite' apps I guess. > >>>>>> > >>>>>> "denmarfl" wrote: > >>>>>> > >>>>>>> My Virus Scan reports a Microsoft High Risks Vulnerability and > >>>>>>> reports > >>>>>>> it > >>>>>>> as MS04-028. I have done a seach at Microsoft.com for > >>>>>>> MS04-028...and > >>>>>>> to > >>>>>>> be honest, I have not determined what it is I must do to resolve > >>>>>>> this > >>>>>>> risks. I don't see a Security download, etc. > >>>>>>> > >>>>>>> What must I do to resolve this Risks? > >
Guest Gary S. Terhune Posted August 28, 2008 Posted August 28, 2008 Re: MS04-028 Running WindowsXP SP3 I don't know about the PC-Cillan warning, but the Microsoft tool tells you precisely what to do. The same thing PA, and eventually myself, told you: Go to Windows Update and/or Office Update (or get both at once with Microsoft Update.) If it isn't offered by any of the Update sites, it's already been patched. It's that simple. Downloading and running that patch even told you that you already have it installed, one way or another. Why is this so difficult to comprehend? -- Gary S. Terhune MS-MVP Shell/User http://grystmill.com "denmarfl" <denmarfl@discussions.microsoft.com> wrote in message news:DCE5092F-70AA-4A2E-A559-8BE61B9F897E@microsoft.com... >I wish I could answer the question. The AV only reports "1 Vulnerbility > Found and reports it as MS04-028" (Nothing more). When I ran the > Microsoft > Tool, it merely reported "The Software tool has detected that you are > running > Microsoft software that may contain a security vulnerability". Neither > shows > anymore information than what I have written. Sure would be nice if they > did..... > > "PA Bear [MS MVP]" wrote: > >> Again, *where* (e.g., in what file and/or folder) is this supposed >> vulnerability located? >> >> denmarfl wrote: >> > I took the same steps you followed downloading the both patches; the >> > 1st >> > simply appeared as a Modify\Repair\uninstall for Office. When I ran >> > the >> > client downlad I got the same message as you got. >> > >> > I ran the scan again, the only info provided is 1 Vulnerbility Found >> > and >> > it >> > shows MS04-028...I wish there was more but there is Not. >> > >> > This is what I was referring to when I wrote, Microsoft does not make >> > it >> > easy....... >> > >> > "Gary S. Terhune" wrote: >> > >> >> What problem? All you have given us is that PCCillin claims that some >> >> unnamed part of your system is (potentially?) vulnerable to the "High >> >> Risk" >> >> described in MS04-028. Is that the most detail you can provide? If you >> >> run >> >> the scan again, do you get the notice again? If so, please post the >> >> message >> >> here EXACTLY word for word. Because at this moment, the high-rollers >> >> are >> >> placing their bets on the system and any affected applications having >> >> already been patched, whether directly or as part of some other Update >> >> or >> >> as part of a Service Pack. >> >> >> >> In any case, I can't give you more advice than I already have, >> >> particularly >> >> in yesterday's post of 11:44 AM (Pacific Daylight Time). Either accept >> >> that >> >> if you needed the patch it would be offered, or go through MS04-028 >> >> line >> >> by >> >> line and identify each and every item that is listed as potentially >> >> vulnerable, then download the patch listed for that app (using the >> >> consumer >> >> version) and run it. It will either install or it will tell you that >> >> it >> >> has >> >> already been installed. >> >> >> >> -- >> >> Gary S. Terhune >> >> MS-MVP Shell/User >> >> http://grystmill.com >> >> >> >> "denmarfl" <denmarfl@discussions.microsoft.com> wrote in message >> >> news:EC8CC67E-5A33-4D81-90A6-79B3CE388B7E@microsoft.com... >> >>> I ran Windows Update and Microsoft Update...I went to Microsoft >> >>> Office >> >>> and >> >>> ran the update as well at that site....all came back showing my >> >>> updates >> >>> were >> >>> current. >> >>> >> >>> Does Mirosoft make anything that is easy? I downloaded and ran the >> >>> gdidettool, it showed >> >>> >> >>> "The Software tool has detected that you are running Microsoft >> >>> software >> >>> that may contain a security vulnerability. There are security >> >>> updates >> >>> available from Microsoft that fix rhis security vulnerability. >> >>> Would you like to learn more about the security vulnerability as well >> >>> as >> >>> the >> >>> necessary security updates that address it?...." >> >>> >> >>> >> >>> The Word doscument that opens that I thought was going to point me to >> >>> the >> >>> needed security updates was not of much help. It basically advised >> >>> to >> >>> run >> >>> the Windows\Microsoft\Office Updates. >> >>> >> >>> The Word Document did read "How to update your computer with the JPEG >> >>> processing (GDI+) security update". >> >>> >> >>> I really don't know to do next? I was hoping Specific Security >> >>> Updates >> >>> would be shown that if downloaded and installed would fix the >> >>> problem....MS04-028 >> >>> >> >>> Will appreciate any assistance you can provide >> >>> >> >>> >> >>> "PA Bear [MS MVP]" wrote: >> >>> >> >>>> It all depends on where this supposed vulnerability was detected >> >>>> (e.g., >> >>>> in >> >>>> System Volume Information; in an email). >> >>>> >> >>>> denmarfl wrote: >> >>>>> I am using PcCillin Internet Security....and I totally understand >> >>>>> your >> >>>>> response. However, I use this same AV Software on other PC's and >> >>>>> over >> >>>>> the >> >>>>> years this vulnerability Scan\Alert on other PC's has proven itself >> >>>>> reliable >> >>>>> every time it has reported a vulnerability. Speaking with the >> >>>>> techs >> >>>>> at >> >>>>> PcCillin they advise this part of their AV Software is actually >> >>>>> designed >> >>>>> and >> >>>>> built using Microsoft vulnerability specs. It is unfortunate >> >>>>> that >> >>>>> when >> >>>>> a >> >>>>> vulnerability is discovered that they are unable to assist because >> >>>>> it >> >>>>> is a >> >>>>> Microsoft issue. >> >>>>> >> >>>>> "Anteaus" wrote: >> >>>>> >> >>>>>> Might also add that virus scanner wouldn't normally report a >> >>>>>> vulnerability >> >>>>>> in the OS, its job is to find malware. This might be the case with >> >>>>>> 'security suite' apps I guess. >> >>>>>> >> >>>>>> "denmarfl" wrote: >> >>>>>> >> >>>>>>> My Virus Scan reports a Microsoft High Risks Vulnerability and >> >>>>>>> reports >> >>>>>>> it >> >>>>>>> as MS04-028. I have done a seach at Microsoft.com for >> >>>>>>> MS04-028...and >> >>>>>>> to >> >>>>>>> be honest, I have not determined what it is I must do to resolve >> >>>>>>> this >> >>>>>>> risks. I don't see a Security download, etc. >> >>>>>>> >> >>>>>>> What must I do to resolve this Risks? >> >>
Guest denmarfl Posted August 28, 2008 Posted August 28, 2008 Re: MS04-028 Running WindowsXP SP3 Please understand I really do appreciate your assistance...but not everyone has the same knowledge and understanding that you have. It appears to me that the tools are providing contradictory results. The Microsoft tool agrees with the AV finding, a Vulnerability exists. When you run the patch it says it has already been installed advising whatever is lacking as to updates, has been patched and the problem is no longer. Now whereas I can accept that might be OK as to what the AV displays, that is, ignore the AV findings based on the Patch advices, I have a more difficult time accepting it based on the Microsoft Tool Findings, which is, a Vulnerability exists. Why would the Mocrosoft Detection tool on the one hand show a vulnerability and then on the other hand 9Patch) show the problem has been corrected with an already installed patch. Now to my level of knowledge, puting it in those terms, it is not comprehendable........ "Gary S. Terhune" wrote: > I don't know about the PC-Cillan warning, but the Microsoft tool tells you > precisely what to do. The same thing PA, and eventually myself, told you: Go > to Windows Update and/or Office Update (or get both at once with Microsoft > Update.) If it isn't offered by any of the Update sites, it's already been > patched. It's that simple. Downloading and running that patch even told you > that you already have it installed, one way or another. Why is this so > difficult to comprehend? > > -- > Gary S. Terhune > MS-MVP Shell/User > http://grystmill.com > > "denmarfl" <denmarfl@discussions.microsoft.com> wrote in message > news:DCE5092F-70AA-4A2E-A559-8BE61B9F897E@microsoft.com... > >I wish I could answer the question. The AV only reports "1 Vulnerbility > > Found and reports it as MS04-028" (Nothing more). When I ran the > > Microsoft > > Tool, it merely reported "The Software tool has detected that you are > > running > > Microsoft software that may contain a security vulnerability". Neither > > shows > > anymore information than what I have written. Sure would be nice if they > > did..... > > > > "PA Bear [MS MVP]" wrote: > > > >> Again, *where* (e.g., in what file and/or folder) is this supposed > >> vulnerability located? > >> > >> denmarfl wrote: > >> > I took the same steps you followed downloading the both patches; the > >> > 1st > >> > simply appeared as a Modify\Repair\uninstall for Office. When I ran > >> > the > >> > client downlad I got the same message as you got. > >> > > >> > I ran the scan again, the only info provided is 1 Vulnerbility Found > >> > and > >> > it > >> > shows MS04-028...I wish there was more but there is Not. > >> > > >> > This is what I was referring to when I wrote, Microsoft does not make > >> > it > >> > easy....... > >> > > >> > "Gary S. Terhune" wrote: > >> > > >> >> What problem? All you have given us is that PCCillin claims that some > >> >> unnamed part of your system is (potentially?) vulnerable to the "High > >> >> Risk" > >> >> described in MS04-028. Is that the most detail you can provide? If you > >> >> run > >> >> the scan again, do you get the notice again? If so, please post the > >> >> message > >> >> here EXACTLY word for word. Because at this moment, the high-rollers > >> >> are > >> >> placing their bets on the system and any affected applications having > >> >> already been patched, whether directly or as part of some other Update > >> >> or > >> >> as part of a Service Pack. > >> >> > >> >> In any case, I can't give you more advice than I already have, > >> >> particularly > >> >> in yesterday's post of 11:44 AM (Pacific Daylight Time). Either accept > >> >> that > >> >> if you needed the patch it would be offered, or go through MS04-028 > >> >> line > >> >> by > >> >> line and identify each and every item that is listed as potentially > >> >> vulnerable, then download the patch listed for that app (using the > >> >> consumer > >> >> version) and run it. It will either install or it will tell you that > >> >> it > >> >> has > >> >> already been installed. > >> >> > >> >> -- > >> >> Gary S. Terhune > >> >> MS-MVP Shell/User > >> >> http://grystmill.com > >> >> > >> >> "denmarfl" <denmarfl@discussions.microsoft.com> wrote in message > >> >> news:EC8CC67E-5A33-4D81-90A6-79B3CE388B7E@microsoft.com... > >> >>> I ran Windows Update and Microsoft Update...I went to Microsoft > >> >>> Office > >> >>> and > >> >>> ran the update as well at that site....all came back showing my > >> >>> updates > >> >>> were > >> >>> current. > >> >>> > >> >>> Does Mirosoft make anything that is easy? I downloaded and ran the > >> >>> gdidettool, it showed > >> >>> > >> >>> "The Software tool has detected that you are running Microsoft > >> >>> software > >> >>> that may contain a security vulnerability. There are security > >> >>> updates > >> >>> available from Microsoft that fix rhis security vulnerability. > >> >>> Would you like to learn more about the security vulnerability as well > >> >>> as > >> >>> the > >> >>> necessary security updates that address it?...." > >> >>> > >> >>> > >> >>> The Word doscument that opens that I thought was going to point me to > >> >>> the > >> >>> needed security updates was not of much help. It basically advised > >> >>> to > >> >>> run > >> >>> the Windows\Microsoft\Office Updates. > >> >>> > >> >>> The Word Document did read "How to update your computer with the JPEG > >> >>> processing (GDI+) security update". > >> >>> > >> >>> I really don't know to do next? I was hoping Specific Security > >> >>> Updates > >> >>> would be shown that if downloaded and installed would fix the > >> >>> problem....MS04-028 > >> >>> > >> >>> Will appreciate any assistance you can provide > >> >>> > >> >>> > >> >>> "PA Bear [MS MVP]" wrote: > >> >>> > >> >>>> It all depends on where this supposed vulnerability was detected > >> >>>> (e.g., > >> >>>> in > >> >>>> System Volume Information; in an email). > >> >>>> > >> >>>> denmarfl wrote: > >> >>>>> I am using PcCillin Internet Security....and I totally understand > >> >>>>> your > >> >>>>> response. However, I use this same AV Software on other PC's and > >> >>>>> over > >> >>>>> the > >> >>>>> years this vulnerability Scan\Alert on other PC's has proven itself > >> >>>>> reliable > >> >>>>> every time it has reported a vulnerability. Speaking with the > >> >>>>> techs > >> >>>>> at > >> >>>>> PcCillin they advise this part of their AV Software is actually > >> >>>>> designed > >> >>>>> and > >> >>>>> built using Microsoft vulnerability specs. It is unfortunate > >> >>>>> that > >> >>>>> when > >> >>>>> a > >> >>>>> vulnerability is discovered that they are unable to assist because > >> >>>>> it > >> >>>>> is a > >> >>>>> Microsoft issue. > >> >>>>> > >> >>>>> "Anteaus" wrote: > >> >>>>> > >> >>>>>> Might also add that virus scanner wouldn't normally report a > >> >>>>>> vulnerability > >> >>>>>> in the OS, its job is to find malware. This might be the case with > >> >>>>>> 'security suite' apps I guess. > >> >>>>>> > >> >>>>>> "denmarfl" wrote: > >> >>>>>> > >> >>>>>>> My Virus Scan reports a Microsoft High Risks Vulnerability and > >> >>>>>>> reports > >> >>>>>>> it > >> >>>>>>> as MS04-028. I have done a seach at Microsoft.com for > >> >>>>>>> MS04-028...and > >> >>>>>>> to > >> >>>>>>> be honest, I have not determined what it is I must do to resolve > >> >>>>>>> this > >> >>>>>>> risks. I don't see a Security download, etc. > >> >>>>>>> > >> >>>>>>> What must I do to resolve this Risks? > >> > >> > > >
Guest PA Bear [MS MVP] Posted August 28, 2008 Posted August 28, 2008 Re: MS04-028 Running WindowsXP SP3 Start a free Windows Update support incident request: https://support.microsoft.com/oas/default.aspx?gprid=6527 Support for Windows Update: http://support.microsoft.com/gp/wusupport For home users, no-charge support is available by calling 1-866-PCSAFETY in the United States and in Canada or by contacting your local Microsoft subsidiary. There is no-charge for support calls that are associated with security updates. When you call, clearly state that your problem is related to a Security Update and cite the update's KB number (e.g., KB833987). Or... Free unlimited installation and compatibility support is available for Windows XP, but only for Service Pack 3 (SP3), until 14 Apr-09. Chat and e-mail support is available only in the United States and Canada. Go to http://support.microsoft.com/oas/default.aspx?gprid=1173 | select "Windows XP" then select "Windows XP Service Pack 3" -- ~Robear Dyer (PA Bear) MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002 AumHa VSOP & Admin http://aumha.net DTS-L http://dts-l.net/ denmarfl wrote: > Please understand I really do appreciate your assistance...but not > everyone > has the same knowledge and understanding that you have. It appears to me > that the tools are providing contradictory results. The Microsoft tool > agrees with the AV finding, a Vulnerability exists. When you run the > patch > it says it has already been installed advising whatever is lacking as to > updates, has been patched and the problem is no longer. Now whereas I can > accept that might be OK as to what the AV displays, that is, ignore the AV > findings based on the Patch advices, I have a more difficult time > accepting > it based on the Microsoft Tool Findings, which is, a Vulnerability exists. > Why would the Mocrosoft Detection tool on the one hand show a > vulnerability > and then on the other hand 9Patch) show the problem has been corrected > with > an already installed patch. Now to my level of knowledge, puting it in > those terms, it is not comprehendable........ > > "Gary S. Terhune" wrote: > >> I don't know about the PC-Cillan warning, but the Microsoft tool tells >> you >> precisely what to do. The same thing PA, and eventually myself, told you: >> Go to Windows Update and/or Office Update (or get both at once with >> Microsoft Update.) If it isn't offered by any of the Update sites, it's >> already been patched. It's that simple. Downloading and running that >> patch >> even told you that you already have it installed, one way or another. Why >> is this so difficult to comprehend? >> >> -- >> Gary S. Terhune >> MS-MVP Shell/User >> http://grystmill.com >> >> "denmarfl" <denmarfl@discussions.microsoft.com> wrote in message >> news:DCE5092F-70AA-4A2E-A559-8BE61B9F897E@microsoft.com... >>> I wish I could answer the question. The AV only reports "1 Vulnerbility >>> Found and reports it as MS04-028" (Nothing more). When I ran the >>> Microsoft >>> Tool, it merely reported "The Software tool has detected that you are >>> running >>> Microsoft software that may contain a security vulnerability". Neither >>> shows >>> anymore information than what I have written. Sure would be nice if >>> they >>> did..... >>> >>> "PA Bear [MS MVP]" wrote: >>> >>>> Again, *where* (e.g., in what file and/or folder) is this supposed >>>> vulnerability located? >>>> >>>> denmarfl wrote: >>>>> I took the same steps you followed downloading the both patches; the >>>>> 1st >>>>> simply appeared as a Modify\Repair\uninstall for Office. When I ran >>>>> the >>>>> client downlad I got the same message as you got. >>>>> >>>>> I ran the scan again, the only info provided is 1 Vulnerbility Found >>>>> and >>>>> it >>>>> shows MS04-028...I wish there was more but there is Not. >>>>> >>>>> This is what I was referring to when I wrote, Microsoft does not make >>>>> it >>>>> easy....... >>>>> >>>>> "Gary S. Terhune" wrote: >>>>> >>>>>> What problem? All you have given us is that PCCillin claims that some >>>>>> unnamed part of your system is (potentially?) vulnerable to the "High >>>>>> Risk" >>>>>> described in MS04-028. Is that the most detail you can provide? If >>>>>> you >>>>>> run >>>>>> the scan again, do you get the notice again? If so, please post the >>>>>> message >>>>>> here EXACTLY word for word. Because at this moment, the high-rollers >>>>>> are >>>>>> placing their bets on the system and any affected applications having >>>>>> already been patched, whether directly or as part of some other >>>>>> Update >>>>>> or >>>>>> as part of a Service Pack. >>>>>> >>>>>> In any case, I can't give you more advice than I already have, >>>>>> particularly >>>>>> in yesterday's post of 11:44 AM (Pacific Daylight Time). Either >>>>>> accept >>>>>> that >>>>>> if you needed the patch it would be offered, or go through MS04-028 >>>>>> line >>>>>> by >>>>>> line and identify each and every item that is listed as potentially >>>>>> vulnerable, then download the patch listed for that app (using the >>>>>> consumer >>>>>> version) and run it. It will either install or it will tell you that >>>>>> it >>>>>> has >>>>>> already been installed. >>>>>> >>>>>> -- >>>>>> Gary S. Terhune >>>>>> MS-MVP Shell/User >>>>>> http://grystmill.com >>>>>> >>>>>> "denmarfl" <denmarfl@discussions.microsoft.com> wrote in message >>>>>> news:EC8CC67E-5A33-4D81-90A6-79B3CE388B7E@microsoft.com... >>>>>>> I ran Windows Update and Microsoft Update...I went to Microsoft >>>>>>> Office >>>>>>> and >>>>>>> ran the update as well at that site....all came back showing my >>>>>>> updates >>>>>>> were >>>>>>> current. >>>>>>> >>>>>>> Does Mirosoft make anything that is easy? I downloaded and ran the >>>>>>> gdidettool, it showed >>>>>>> >>>>>>> "The Software tool has detected that you are running Microsoft >>>>>>> software >>>>>>> that may contain a security vulnerability. There are security >>>>>>> updates >>>>>>> available from Microsoft that fix rhis security vulnerability. >>>>>>> Would you like to learn more about the security vulnerability as >>>>>>> well >>>>>>> as >>>>>>> the >>>>>>> necessary security updates that address it?...." >>>>>>> >>>>>>> >>>>>>> The Word doscument that opens that I thought was going to point me >>>>>>> to >>>>>>> the >>>>>>> needed security updates was not of much help. It basically advised >>>>>>> to >>>>>>> run >>>>>>> the Windows\Microsoft\Office Updates. >>>>>>> >>>>>>> The Word Document did read "How to update your computer with the >>>>>>> JPEG >>>>>>> processing (GDI+) security update". >>>>>>> >>>>>>> I really don't know to do next? I was hoping Specific Security >>>>>>> Updates >>>>>>> would be shown that if downloaded and installed would fix the >>>>>>> problem....MS04-028 >>>>>>> >>>>>>> Will appreciate any assistance you can provide >>>>>>> >>>>>>> >>>>>>> "PA Bear [MS MVP]" wrote: >>>>>>> >>>>>>>> It all depends on where this supposed vulnerability was detected >>>>>>>> (e.g., >>>>>>>> in >>>>>>>> System Volume Information; in an email). >>>>>>>> >>>>>>>> denmarfl wrote: >>>>>>>>> I am using PcCillin Internet Security....and I totally understand >>>>>>>>> your >>>>>>>>> response. However, I use this same AV Software on other PC's and >>>>>>>>> over >>>>>>>>> the >>>>>>>>> years this vulnerability Scan\Alert on other PC's has proven >>>>>>>>> itself >>>>>>>>> reliable >>>>>>>>> every time it has reported a vulnerability. Speaking with the >>>>>>>>> techs >>>>>>>>> at >>>>>>>>> PcCillin they advise this part of their AV Software is actually >>>>>>>>> designed >>>>>>>>> and >>>>>>>>> built using Microsoft vulnerability specs. It is unfortunate >>>>>>>>> that >>>>>>>>> when >>>>>>>>> a >>>>>>>>> vulnerability is discovered that they are unable to assist because >>>>>>>>> it >>>>>>>>> is a >>>>>>>>> Microsoft issue. >>>>>>>>> >>>>>>>>> "Anteaus" wrote: >>>>>>>>> >>>>>>>>>> Might also add that virus scanner wouldn't normally report a >>>>>>>>>> vulnerability >>>>>>>>>> in the OS, its job is to find malware. This might be the case >>>>>>>>>> with >>>>>>>>>> 'security suite' apps I guess. >>>>>>>>>> >>>>>>>>>> "denmarfl" wrote: >>>>>>>>>> >>>>>>>>>>> My Virus Scan reports a Microsoft High Risks Vulnerability and >>>>>>>>>>> reports >>>>>>>>>>> it >>>>>>>>>>> as MS04-028. I have done a seach at Microsoft.com for >>>>>>>>>>> MS04-028...and >>>>>>>>>>> to >>>>>>>>>>> be honest, I have not determined what it is I must do to resolve >>>>>>>>>>> this >>>>>>>>>>> risks. I don't see a Security download, etc. >>>>>>>>>>> >>>>>>>>>>> What must I do to resolve this Risks?
Guest Gary S. Terhune Posted August 29, 2008 Posted August 29, 2008 Re: MS04-028 Running WindowsXP SP3 This is the message from the GDI+ Detection Tool. All UPPER CASE indicates my emphasis, which emphasis is not in the original: "The software tools has detected that you are running software that MAY contain a security vulnerability. There are security updates available from Microsoft that fix this security vulnerability." That sentence explicitly implies that you are running software that MAY NOT contain the vulnerability. It is made even more clear in the accompanying documentation that this would be the case if the system has already been patched, nullifying the vulnerabilities(s). I see no conflict. The problem, I think, is that you expect the GDI+ Detection Tool to detect whether or not the patch has been applied that nullifies the vulnerability. The tool doesn't do that. It doesn't even detect if any vulnerability exists. It simply looks to see if you have software that MAY be vulnerable, (and I'll interject here that you might, for example, have Office XP installed, but not the specific component of Office that has the vulnerability). It simply tells you if that software is present, not whether it actually contains the vulnerability nor whether, IF it has the vulnerability, it's been patched. Say you heard about a recall that MAY apply to your car. You go online to the company's site, you enter your VIN number and it says, "You drive a vehicle that may have the defective part. There are free replacement parts available if your part is defective. Follow these instructions to find out if you have the defective part, and to obtain a replacement if it turns out that you do. If inspection results in a finding that you do NOT have the defective part, then you do not need to reinstall the part." The instructions say to take the vehicle to your dealership and have them inspect it. Now, if your specific vehicle just happens to not have the defective part, there are three plausible reasons I can think of: 1. Only some certain batch of parts were defective and your vehicle didn't get the part from that batch. 2. Your dealership replaced the part as part of regular maintenance and you simply weren't told about it. 3. You *did* have the defective part, but it was only one component of a larger component that had been replaced, including the replacement part. (Think "Service Pack".) -- Gary S. Terhune MS-MVP Shell/User http://grystmill.com "denmarfl" <denmarfl@discussions.microsoft.com> wrote in message news:30AE7D39-5945-4278-B917-9E3385B9F6F5@microsoft.com... > Please understand I really do appreciate your assistance...but not > everyone > has the same knowledge and understanding that you have. It appears to me > that the tools are providing contradictory results. The Microsoft tool > agrees with the AV finding, a Vulnerability exists. When you run the > patch > it says it has already been installed advising whatever is lacking as to > updates, has been patched and the problem is no longer. Now whereas I can > accept that might be OK as to what the AV displays, that is, ignore the AV > findings based on the Patch advices, I have a more difficult time > accepting > it based on the Microsoft Tool Findings, which is, a Vulnerability exists. > Why would the Mocrosoft Detection tool on the one hand show a > vulnerability > and then on the other hand 9Patch) show the problem has been corrected > with > an already installed patch. Now to my level of knowledge, puting it in > those > terms, it is not comprehendable........ > > "Gary S. Terhune" wrote: > >> I don't know about the PC-Cillan warning, but the Microsoft tool tells >> you >> precisely what to do. The same thing PA, and eventually myself, told you: >> Go >> to Windows Update and/or Office Update (or get both at once with >> Microsoft >> Update.) If it isn't offered by any of the Update sites, it's already >> been >> patched. It's that simple. Downloading and running that patch even told >> you >> that you already have it installed, one way or another. Why is this so >> difficult to comprehend? >> >> -- >> Gary S. Terhune >> MS-MVP Shell/User >> http://grystmill.com >> >> "denmarfl" <denmarfl@discussions.microsoft.com> wrote in message >> news:DCE5092F-70AA-4A2E-A559-8BE61B9F897E@microsoft.com... >> >I wish I could answer the question. The AV only reports "1 Vulnerbility >> > Found and reports it as MS04-028" (Nothing more). When I ran the >> > Microsoft >> > Tool, it merely reported "The Software tool has detected that you are >> > running >> > Microsoft software that may contain a security vulnerability". Neither >> > shows >> > anymore information than what I have written. Sure would be nice if >> > they >> > did..... >> > >> > "PA Bear [MS MVP]" wrote: >> > >> >> Again, *where* (e.g., in what file and/or folder) is this supposed >> >> vulnerability located? >> >> >> >> denmarfl wrote: >> >> > I took the same steps you followed downloading the both patches; the >> >> > 1st >> >> > simply appeared as a Modify\Repair\uninstall for Office. When I ran >> >> > the >> >> > client downlad I got the same message as you got. >> >> > >> >> > I ran the scan again, the only info provided is 1 Vulnerbility Found >> >> > and >> >> > it >> >> > shows MS04-028...I wish there was more but there is Not. >> >> > >> >> > This is what I was referring to when I wrote, Microsoft does not >> >> > make >> >> > it >> >> > easy....... >> >> > >> >> > "Gary S. Terhune" wrote: >> >> > >> >> >> What problem? All you have given us is that PCCillin claims that >> >> >> some >> >> >> unnamed part of your system is (potentially?) vulnerable to the >> >> >> "High >> >> >> Risk" >> >> >> described in MS04-028. Is that the most detail you can provide? If >> >> >> you >> >> >> run >> >> >> the scan again, do you get the notice again? If so, please post the >> >> >> message >> >> >> here EXACTLY word for word. Because at this moment, the >> >> >> high-rollers >> >> >> are >> >> >> placing their bets on the system and any affected applications >> >> >> having >> >> >> already been patched, whether directly or as part of some other >> >> >> Update >> >> >> or >> >> >> as part of a Service Pack. >> >> >> >> >> >> In any case, I can't give you more advice than I already have, >> >> >> particularly >> >> >> in yesterday's post of 11:44 AM (Pacific Daylight Time). Either >> >> >> accept >> >> >> that >> >> >> if you needed the patch it would be offered, or go through MS04-028 >> >> >> line >> >> >> by >> >> >> line and identify each and every item that is listed as potentially >> >> >> vulnerable, then download the patch listed for that app (using the >> >> >> consumer >> >> >> version) and run it. It will either install or it will tell you >> >> >> that >> >> >> it >> >> >> has >> >> >> already been installed. >> >> >> >> >> >> -- >> >> >> Gary S. Terhune >> >> >> MS-MVP Shell/User >> >> >> http://grystmill.com >> >> >> >> >> >> "denmarfl" <denmarfl@discussions.microsoft.com> wrote in message >> >> >> news:EC8CC67E-5A33-4D81-90A6-79B3CE388B7E@microsoft.com... >> >> >>> I ran Windows Update and Microsoft Update...I went to Microsoft >> >> >>> Office >> >> >>> and >> >> >>> ran the update as well at that site....all came back showing my >> >> >>> updates >> >> >>> were >> >> >>> current. >> >> >>> >> >> >>> Does Mirosoft make anything that is easy? I downloaded and ran >> >> >>> the >> >> >>> gdidettool, it showed >> >> >>> >> >> >>> "The Software tool has detected that you are running Microsoft >> >> >>> software >> >> >>> that may contain a security vulnerability. There are security >> >> >>> updates >> >> >>> available from Microsoft that fix rhis security vulnerability. >> >> >>> Would you like to learn more about the security vulnerability as >> >> >>> well >> >> >>> as >> >> >>> the >> >> >>> necessary security updates that address it?...." >> >> >>> >> >> >>> >> >> >>> The Word doscument that opens that I thought was going to point me >> >> >>> to >> >> >>> the >> >> >>> needed security updates was not of much help. It basically >> >> >>> advised >> >> >>> to >> >> >>> run >> >> >>> the Windows\Microsoft\Office Updates. >> >> >>> >> >> >>> The Word Document did read "How to update your computer with the >> >> >>> JPEG >> >> >>> processing (GDI+) security update". >> >> >>> >> >> >>> I really don't know to do next? I was hoping Specific Security >> >> >>> Updates >> >> >>> would be shown that if downloaded and installed would fix the >> >> >>> problem....MS04-028 >> >> >>> >> >> >>> Will appreciate any assistance you can provide >> >> >>> >> >> >>> >> >> >>> "PA Bear [MS MVP]" wrote: >> >> >>> >> >> >>>> It all depends on where this supposed vulnerability was detected >> >> >>>> (e.g., >> >> >>>> in >> >> >>>> System Volume Information; in an email). >> >> >>>> >> >> >>>> denmarfl wrote: >> >> >>>>> I am using PcCillin Internet Security....and I totally >> >> >>>>> understand >> >> >>>>> your >> >> >>>>> response. However, I use this same AV Software on other PC's >> >> >>>>> and >> >> >>>>> over >> >> >>>>> the >> >> >>>>> years this vulnerability Scan\Alert on other PC's has proven >> >> >>>>> itself >> >> >>>>> reliable >> >> >>>>> every time it has reported a vulnerability. Speaking with the >> >> >>>>> techs >> >> >>>>> at >> >> >>>>> PcCillin they advise this part of their AV Software is actually >> >> >>>>> designed >> >> >>>>> and >> >> >>>>> built using Microsoft vulnerability specs. It is unfortunate >> >> >>>>> that >> >> >>>>> when >> >> >>>>> a >> >> >>>>> vulnerability is discovered that they are unable to assist >> >> >>>>> because >> >> >>>>> it >> >> >>>>> is a >> >> >>>>> Microsoft issue. >> >> >>>>> >> >> >>>>> "Anteaus" wrote: >> >> >>>>> >> >> >>>>>> Might also add that virus scanner wouldn't normally report a >> >> >>>>>> vulnerability >> >> >>>>>> in the OS, its job is to find malware. This might be the case >> >> >>>>>> with >> >> >>>>>> 'security suite' apps I guess. >> >> >>>>>> >> >> >>>>>> "denmarfl" wrote: >> >> >>>>>> >> >> >>>>>>> My Virus Scan reports a Microsoft High Risks Vulnerability and >> >> >>>>>>> reports >> >> >>>>>>> it >> >> >>>>>>> as MS04-028. I have done a seach at Microsoft.com for >> >> >>>>>>> MS04-028...and >> >> >>>>>>> to >> >> >>>>>>> be honest, I have not determined what it is I must do to >> >> >>>>>>> resolve >> >> >>>>>>> this >> >> >>>>>>> risks. I don't see a Security download, etc. >> >> >>>>>>> >> >> >>>>>>> What must I do to resolve this Risks? >> >> >> >> >> >> >>
Recommended Posts