MS04-028 Running WindowsXP SP3

[denmarfl]

My Virus Scan reports a Microsoft High Risks Vulnerability and reports it as
MS04-028. I have done a seach at Microsoft.com for MS04-028...and to be
honest, I have not determined what it is I must do to resolve this risks. I
don't see a Security download, etc.

What must I do to resolve this Risks?

 

[Gary S. Terhune]

Here? http://www.microsoft.com/technet/security/Bulletin/MS04-028.mspx

There are a TON of download links in that article. The article also has a
TON of information about possible problems you may encounter, another KB
article to tell you how to deal with those, etc.

But different versions apply to different OSes and OS versions.

First read the article ENTIRELY!! Check out the referenced KB833937
http://support.microsoft.com/default.aspx?scid=kb;en-us;833987
Go through the list that's provided very carefully and for each item that is
listed that you have, install the associated version of the patch. And do it
very carefully.

What Virus Scan are you using and does it report which application it is
that requires the update? I presume you're up to date at Windows Update, or
at least running SP2, which means it isn't Windows itself, so it must be
some other app.

 

[PA Bear [MS MVP]]

Does Windows Update offer the machine MS04-028 (KB833987)? If not, you
don't need to install it. Check with your AV app's tech support.

 

[Gary S. Terhune]

Doh! Isn't this what the often repeated Update "Microsoft GDI+ Detection
Tool" is all about?
http://support.microsoft.com/kb/873374

WU offers it to you every so often, though I don't know the logic behind its
timing. But if you have any other MS apps than Windows, it's a good idea to
upgrade WU to Microsoft Update.

Sorry, "denmarfl", I gave you the long way. Probably much simpler to run the
above Detection Tool.

 

[Anteaus]

Might also add that virus scanner wouldn't normally report a vulnerability in
the OS, its job is to find malware. This might be the case with 'security
suite' apps I guess.

 

[denmarfl]

AV is PcCllin. I contacted them they advised Microsoft provides the
information regarding Vulnerability criteria....and they referred me to
Microsoft. The information available for MS04-028 is massive and quite
honestly intimidating as you try to review it. Surely there must be an easy
way to get to the bottom of this alert and resolve the issue(s). Is there?

 

[PA Bear [MS MVP]]

Please state your full Windows version (e.g., WinXP SP3).

Repost:
See GAry's reply.

 

[denmarfl]

Looking at "System Properities":
Microsoft WindowsXP
Home Edition
Version 2002 Service Pack 3

When I run Windows Update it shows Current. I ran Express and Custom,
Custom showed a few Windows Updates, none were KB833987

I Printed out all 24 pages of Windows Update History, and I did not see
KB833987

 

[Gary S. Terhune]

As PA, suggested, see second post (in reply to PA), for links to the tool
that Windows Update offers up when it thinks you need it. That tool can be
downloaded separately from:
http://www.microsoft.com/downloads/...74-7142-4780-83E5-CE54401DA1D1&displaylang=en

TinyURL for above link is http://tinyurl.com/5poq2s

That tool inspects your system for any app that is vulnerable and needs the
patch. Also, if you have other Microsoft products installed (Office and
related apps are what I'm thinking of), have you upgraded Windows Update to
Microsoft Update?

 

[Gary S. Terhune]

It's listed in my MU History as GDI+ Tool (KB873374) However, if it is
listed in any file on my system except the printout from MU history online,
it's in a different language (computer language) and not readable as plain
text (unless there are translators for such things, I don't know.)

In any case, it is downloaded, immediately runs, then disappears itself. No
trace remains except in the History.

Note that I downloaded and ran the GDI+ Detection Tool just now, and while
it told me that I have software installed that MAY be vulnerable, it does
not identify the app and simply provides instructions to use Windows Update
and Office Update (or Microsoft Update, which includes both) to check to see
that the proper patches have been installed. In my case, the only vulnerable
item I had was Office XP, and while the MS04-028 update doesn't appear in
the History, I presume it was subsumed into a later Update. All I know is
that none of the Update sites offers the patch and it isn't listed in my WU
history.

So, I downloaded the patch suggested for Office XP SP3
http://www.microsoft.com/downloads/...14-6D34-49DF-8D63-6C17E9A2D312&displaylang=en

and ran it, first the full version, which simply prompted Office Setup, so I
clicked OK and downloaded the client version and it gave me a message that
the patch had already been installed or had been included in a later update.
It still does not appear to be listed in my system anywhere, so I presume
the latter. However I don't feel like investigating that possibility (list
all the subsequent patches and then find out what's in them.)

In case you're curious, this XP SP2 (now SP3) system was installed at the
end of January, 2007, and Office XP w/ FrontPage a month later. They were
immediately updated using Microsoft Update and kept up to date.

So, as PA Bear says, your best recourse is to simply see if Windows Update,
Office Update or Microsoft Update offer any of the MS04-028 patches. Or you
can do what I did and apply any version that applies to any app you have
that's listed in MS04-028 and see what happens.

Maybe your AV simply ran the equivalent (or the very same) GDI+ Detection
tool and got the same message I did -- you have apps or OS installed that
MAY be susceptible and you should make sure you're up to date. Windows,
Office and/or Microsoft Update will tell you if any patch is needed.

 

[PA Bear [MS MVP]]

This fix was included in WinXP SP2 when it was released; therefore it's
included by default in SP3; cf. Non-Affected Software section of
http://www.microsoft.com/technet/security/bulletin/ms04-028.mspx.

However, several versions of other MS applications are listed in Affected
Software section of MS04-028, including MS Office. If you have these
applications installed and your default update source is Microsoft Update
(vs Windows Update*), you should be OK. Otherwise, check in at Office
Update ASAP: http://office.microsoft.com/officeupdate/
====================

* Microsoft Update offers updates for Windows, Office, and many Windows Live
applications.

 

[denmarfl]

I am using PcCillin Internet Security....and I totally understand your
response. However, I use this same AV Software on other PC's and over the
years this vulnerability Scan\Alert on other PC's has proven itself reliable
every time it has reported a vulnerability. Speaking with the techs at
PcCillin they advise this part of their AV Software is actually designed and
built using Microsoft vulnerability specs. It is unfortunate that when a
vulnerability is discovered that they are unable to assist because it is a
Microsoft issue.

 

[PA Bear [MS MVP]]

It all depends on where this supposed vulnerability was detected (e.g., in
System Volume Information; in an email).

 

[denmarfl]

I ran Windows Update and Microsoft Update...I went to Microsoft Office and
ran the update as well at that site....all came back showing my updates were
current.

Does Mirosoft make anything that is easy? I downloaded and ran the
gdidettool, it showed

"The Software tool has detected that you are running Microsoft software
that may contain a security vulnerability. There are security updates
available from Microsoft that fix rhis security vulnerability.
Would you like to learn more about the security vulnerability as well as the
necessary security updates that address it?...."


The Word doscument that opens that I thought was going to point me to the
needed security updates was not of much help. It basically advised to run
the Windows\Microsoft\Office Updates.

The Word Document did read "How to update your computer with the JPEG
processing (GDI+) security update".

I really don't know to do next? I was hoping Specific Security Updates
would be shown that if downloaded and installed would fix the
problem....MS04-028

Will appreciate any assistance you can provide

 

[PA Bear [MS MVP]]

Free unlimited installation and compatibility support is available for
Windows XP, but only for Service Pack 3 (SP3), until 14 Apr-09. Chat and
e-mail support is available only in the United States and Canada. Go to
http://support.microsoft.com/oas/default.aspx?gprid=1173 | select Windows XP
| select Windows XP Service Pack 3

 

[Gary S. Terhune]

What problem? All you have given us is that PCCillin claims that some
unnamed part of your system is (potentially?) vulnerable to the "High Risk"
described in MS04-028. Is that the most detail you can provide? If you run
the scan again, do you get the notice again? If so, please post the message
here EXACTLY word for word. Because at this moment, the high-rollers are
placing their bets on the system and any affected applications having
already been patched, whether directly or as part of some other Update or as
part of a Service Pack.

In any case, I can't give you more advice than I already have, particularly
in yesterday's post of 11:44 AM (Pacific Daylight Time). Either accept that
if you needed the patch it would be offered, or go through MS04-028 line by
line and identify each and every item that is listed as potentially
vulnerable, then download the patch listed for that app (using the consumer
version) and run it. It will either install or it will tell you that it has
already been installed.

 

[denmarfl]

I took the same steps you followed downloading the both patches; the 1st
simply appeared as a Modify\Repair\uninstall for Office. When I ran the
client downlad I got the same message as you got.

I ran the scan again, the only info provided is 1 Vulnerbility Found and it
shows MS04-028...I wish there was more but there is Not.

This is what I was referring to when I wrote, Microsoft does not make it
easy.......

 

[PA Bear [MS MVP]]

Again, *where* (e.g., in what file and/or folder) is this supposed
vulnerability located?

 

[Gary S. Terhune]

Why do you blame Microsoft when the problem is obviously PCCillan's ignorant
and/or inadequately detailed findings? I have no problem with MS04-028,
though it *is* one of the more complicated articles they ever produced due
to the number of OSes and applications that are affected and the number of
*different* patches that apply, depending on which OS or application, which
version and which SP, are involved.

But while the issue is complicated, Microsoft makes it clear in many places
that what you do for this "problem" is go to Windows, Office, or Microsoft
Update and if the appropriate patch is offered install it. Otherwise, assume
it's been installed. If you don't like making that kind of assumption, then
do as I say and go through the whole list and check manually for full
compliance.

Personally, having had plenty of experience with Trend Micro, both PC-cillin
and enterprise versions, my opinion of their tech support is almost as low
as you can go. I would suggest that you call them back and tell them that
this Microsoft MVP thinks they have a false positive on their hands, or an
inadequate explanation of the finding, and that they ought to figure it out
immediately and explain it to your satisfaction, or you're switching to a
different vendor. I recommend Avast!. Heck, it's even free.

 

[denmarfl]

I wish I could answer the question. The AV only reports "1 Vulnerbility
Found and reports it as MS04-028" (Nothing more). When I ran the Microsoft
Tool, it merely reported "The Software tool has detected that you are running
Microsoft software that may contain a security vulnerability". Neither shows
anymore information than what I have written. Sure would be nice if they
did.....