GDI Detection Tool Via Windows Update

[Jaime]

Hello,

I downloaded the latest windows updates today, and among
them was the GDI detection tool. Where does this tool get
installed, and how do I use it What does this tool do?

Any help would be appreciated.

Jaime

 

[Lucvdv]

Hello,

I downloaded the latest windows updates today, and among
them was the GDI detection tool. Where does this tool get
installed, and how do I use it What does this tool do?

Any help would be appreciated.

Jaime

As for what the tool does, see
http://www.microsoft.com/security/bulletins/200409_jpeg.mspx and
http://www.microsoft.com/technet/security/bulletin/MS04-028.mspx

You may find it as \WinNT\gdidet.exe (if it hasn't been run yet: see
below).

Windows update installs the tool in the WINNT directory and an INF file in
\WinNT\inf, and adds a registry entry in
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce so it is started
automatically at the next boot.

It doesn't ask you to reboot though (or even warn that it's necessary), an
omission that doesn't look like a good choice (especially for servers).


Apparently it can be started manually like any other application, but the
RunOnce entry in the registry does it through advpack.dll and the INF file
(the difference being that the tool is deleted after running that way).

The exe is a self-extracting archive: you can examine its contents through
WinRAR, maybe WinZip will work too.

 

[Lucvdv]

It doesn't ask you to reboot though (or even warn that it's necessary), an
omission that doesn't look like a good choice (especially for servers).

Additional info: apparently it only does this when the tool comes in as an
automatic update.

When you visit the windows update site and get it that way, it is executed
automatically without rebooting.

 

[Shannon Jacobs]

Well, I know that your information on this thing is inconsistent or not
complete, but thanks for trying. Just a bit of anecdotal evidence, but I
have four primary machines, and here's the summary.

Two of them are WXP, and two are W2K. The GDI/JPEG security update seemed to
run normally on all four of them, as reported by WindowsUpdate. Both of the
WXP machines immediately executed the tool without rebooting, as did one of
the W2K machines, but the other W2K machine did not execute it, and there is
no sign of gdidet.exe on the machine. Yes, WindowsUpdate did run ALL the way
to the completion screen, and there were no error messages or suspicious
behavior along the way, but it looks like it didn't take... I ran
WindowsUpdate again, just to make sure, and it claims my machine is fully up
to date now.

Also checked on the WXP machine here, and no residue of a gdidet.exe file
there, either.

Microsoft software gives me such a warm fuzzy secure feeling. NOT.

 

[Lucvdv]

Well, I know that your information on this thing is inconsistent or not
complete, but thanks for trying. Just a bit of anecdotal evidence, but I
have four primary machines, and here's the summary.

My information was based on observation alone, but in my case it was as I
said:

- on the machines where the update arrived as an automatic update, it was
not executed immediately but saved in the %systemdir% directory and started
through a RunOnce entry at the next logon (I know I said reboot, but that
wasn't accurate).

- on the machines where I manually visited windows update, the tool was
executed automatically without logging on or rebooting, and the exe was
deleted after running.

Two of them are WXP, and two are W2K. The GDI/JPEG security update seemed to
run normally on all four of them, as reported by WindowsUpdate.

Windows update did not report that it had installed any updates, it just
told me I needed to download them.
I had to go to Office Update, and (separately) to download and run the
update for Visual Studio.Net manually.