Mon, Dec 23, 8:21 AM CST

Renderosity Forums / Community Center



Welcome to the Community Center Forum

Forum Moderators: wheatpenny Forum Coordinators: Anim8dtoon

Community Center F.A.Q (Last Updated: 2024 Dec 20 3:22 am)

Forum news, updates, events, etc. Please sitemail any notices or questions for the staff to the Forum Moderators.



Subject: Microsoft Security Bulletin


elizabyte ( ) posted Tue, 14 September 2004 at 10:50 PM · edited Tue, 17 December 2024 at 1:18 PM

Attached Link: http://www.microsoft.com/technet/security/bulletin/ms04-028.mspx

This one definitely bears reading. Summary: This update resolves a newly-discovered, privately reported vulnerability. A buffer overrun vulnerability exists in the processing of JPEG image formats that could allow remote code execution on an affected system. The vulnerability is documented in this bulletin in its own section. If a user is logged on with administrator privileges, an attacker who successfully exploited this vulnerability could take complete control of an affected system, including installing programs; viewing, changing, or deleting data; or creating new accounts with full privileges. Users whose accounts are configured to have fewer privileges on the system would be at less risk than users who operate with administrative privileges. Microsoft recommends that customers apply the update immediately. Details provided at attached link.

"When a man gives his opinion, he's a man. When a woman gives her opinion, she's a bitch." - Bette Davis


Khai ( ) posted Tue, 14 September 2004 at 11:16 PM

good news is, if you've installed Service Pack 2 for XP your're in the clear on this one.. (just checked the bulletin)


elizabyte ( ) posted Tue, 14 September 2004 at 11:28 PM

I haven't though. I know too many people who lost their hard drive or couldn't boot or any number of horrors, so I'm holding off. :( I did install the patch for this one, though. bonni

"When a man gives his opinion, he's a man. When a woman gives her opinion, she's a bitch." - Bette Davis


SWAMP ( ) posted Wed, 15 September 2004 at 12:43 AM

Thanks bonni! I was doing a quick read tonight in one of the CG magazines at Borders just as they were closing...(not sure which mag..Computer Arts, 3D World,.. but one of the more popular ones). It was saying that a script based (Java) virus is being used in Jpeg image files, and that sites that allow uploads,need to take extra precautions. I did a little fast research online about Jpeg virus, and at one point in time,the thinking was even if a script was imbedded, it still needed a Trojan type .exe on a machine to do any damage. Seems like that has now changed, as this new script can do the damage all by itself. Came here to see if anybody else knew about this,and find bonni already on the ball. Getting that patch right now! I think this is a very important issue Renderosity, as well as all Graphic sites better look into ASAP!!!! SWAMP


Zhann ( ) posted Wed, 15 September 2004 at 1:36 AM

Which update, there are a few on that page...?

Bryce Forum Coordinator....

Vision is the Art of seeing things invisible...


SWAMP ( ) posted Wed, 15 September 2004 at 2:06 AM

Attached Link: http://support.microsoft.com/default.aspx?scid=kb;EN-US;873374

Any and all that pertain to the OS and software you have installed on your machine. Like if you have Windows XP sr1,Word 2002,and Microsoft Greeting,you will need to DL three patches. To make it easy,first DL and install the patch for your version of XP,or Server2003 (XP with the the new SR2 is not effected). Then go to this link and DL the GDI+ detection tool,which will tell you if you have anything else that needs to be patched. SWAMP


kawecki ( ) posted Wed, 15 September 2004 at 2:22 AM

I can't believe this! Only in Microsoft's world is possible jpeg images with virus! The most secure and stable Windows is Win95 first edition, newer version, worst and more unsecure, good luck XP users and pray to God, maybe the faith saves you.......

Stupidity also evolves!


elizabyte ( ) posted Wed, 15 September 2004 at 3:31 AM

Only in Microsoft's world is possible jpeg images with virus! Well, the term "email virus" used to be quite literally a JOKE. It was impossible for a virus to be spread via email, back in the day. How nice of Microsoft to provide that functionality for us. :-) bonni

"When a man gives his opinion, he's a man. When a woman gives her opinion, she's a bitch." - Bette Davis


Jumpstartme2 ( ) posted Wed, 15 September 2004 at 3:41 AM

So, do we have to get the sp2 in order to have this patch? or can we use what we have...I am running XP sp1, and def do NOT want sp2.

~Jani

Renderosity Community Admin
---------------------------------------




elizabyte ( ) posted Wed, 15 September 2004 at 3:51 AM

No, you can get just the patch for this. That's what I did. I don't want to install sp2 until they've fixed it. ;-) I just went to the Windows download site and chose the "custom install" or whatever they call it, and picked the updates I wanted. bonni

"When a man gives his opinion, he's a man. When a woman gives her opinion, she's a bitch." - Bette Davis


Jumpstartme2 ( ) posted Wed, 15 September 2004 at 4:09 AM

Ahhh okies ;) Thanks!

~Jani

Renderosity Community Admin
---------------------------------------




marzo ( ) posted Wed, 15 September 2004 at 5:15 AM

I'm on Win2000 and I don't even want XP, never mind about its sp2. Do I need to download this patch?

How I bled when they said that the rose had no thorns


SWAMP ( ) posted Wed, 15 September 2004 at 6:34 AM

No,the Win2000 OS "itself" is not effected,and does not need to be patched. However you CAN STILL HAVE software/programs that are effected that will need to be patched (like Office,Word,PictureIT,etc.). Read what is listed on the site bonni linked to. If you are still not sure, DL the GDI+ detection tool which will search your system and inform you if you do have any of the software that can be effected. (I already gave you that link above). SWAMP


spook ( ) posted Wed, 15 September 2004 at 9:33 AM · edited Wed, 15 September 2004 at 9:35 AM

bonni: i received the sp2 update as an automatic download.... and i let it install itself (not knowing any better). it's fine - except that it wants to over-ride my native security package with its own.... (and i have a "peculiar" configuration on my home use PC - with many custom scripts and patches which i do not understand.)

Message edited on: 09/15/2004 09:35


marzo ( ) posted Wed, 15 September 2004 at 9:39 AM

Thanks Swamp.

How I bled when they said that the rose had no thorns


XENOPHONZ ( ) posted Wed, 15 September 2004 at 12:29 PM

bonni --

Thanks for the heads-up.

I've got SP2 installed on my machines at home.....the install went as smooth as a glass sea....no problems at all.

On the other hand, one of my co-workers at the office had severe problems resulting from the installation of SP2 on his machine. So, I haven't installed SP2 at the office yet.

I'll install this security patch.

Thanks again.

Something To Do At 3:00AM 



Ardiva ( ) posted Wed, 15 September 2004 at 12:31 PM · edited Wed, 15 September 2004 at 12:34 PM

elizabyte...which specific patch was that you installed?

...edited for spelling

Message edited on: 09/15/2004 12:34



Midnightposer ( ) posted Wed, 15 September 2004 at 1:36 PM

Installed the Windows XP sr1 patch. The GDI+ detection tool still says I am running software that may contain a security vulnerability even though I have NONE of the other programs listed. Perish the thought that they should provide a tool that tells you which program needs to be patched. Long live the evil microcrap empire. sarcasm


scourge ( ) posted Wed, 15 September 2004 at 2:10 PM

Damn it's easy to cause a buffer overrun on Windows systems. Until now we've seen tons of little patches for IE, Media Player, Outlook Express, Winamp etc. to prevent buffer overrun, but finally it looks like there's going to be protection from that kind of exploits on hardware (CPU) level. Which of course means even if the software is vulnerable the CPU won't let the buffer overrun happen. Anyway, it's good to be on Linux (though I still use Windows too). A couple of months ago there were some serious attempts to hack some Linux servers using ssh. Well, that wasn't very successfull as the hacking scripts were trying to guess the root password. If that's the best way to break into a Linux system I feel pretty safe.


Penguinisto ( ) posted Wed, 15 September 2004 at 3:34 PM

...wait. I only have Linux and OSX.... ne'ermind >:) /P


Ardiva ( ) posted Wed, 15 September 2004 at 3:44 PM

Pen...you mean to tell me that they now have Poser for Linux??



scourge ( ) posted Wed, 15 September 2004 at 4:39 PM

Unfortunately there's no Poser for Linux, which is one of the few reasons I'm still using Windows. But as Peng found out Crossover Office (a Windows emulator for Linux, uses Wine but supports a wider range of apps) can run DAZ Studio. One can also run a whole Windows OS under Linux, with software like VMware, Win4Lin or Bochs. Even Poser will work then, but that requires an installation of a real Windows.


RubiconDigital ( ) posted Wed, 15 September 2004 at 7:26 PM

"Even Poser will work then, but that requires an installation of a real Windows." Will Microsoft be releasing that any time soon, now that they've had all these practice versions out for so long?


Mikan ( ) posted Wed, 15 September 2004 at 9:00 PM

As long as I'm not a Linux user, I've dowloaded the update...Thank you for the link!


Lyne ( ) posted Thu, 16 September 2004 at 11:40 AM

Well this is confusing, but will look into it... I use win2kpro SP4 full updated.. and hate word so don't have that..but what does word have to do with jpgs? I of course have paint programs and make jpgs all the time! Sheesh what a world we live in!

Life Requires Assembly and we all know how THAT goes!


Allen9 ( ) posted Thu, 16 September 2004 at 5:18 PM

One question about the latest patches from Microsoft - that "fix" this problem. How many new vulnerabilities do they install on your system?


svdl ( ) posted Sat, 18 September 2004 at 2:20 PM

The bug is in GDI+, which is .NET specific. If you don't have the .NET framework installed (most users don't have it) you're safe. Doesn't matter what Windows version you run.

The pen is mightier than the sword. But if you literally want to have some impact, use a typewriter

My gallery   My freestuff


Privacy Notice

This site uses cookies to deliver the best experience. Our own cookies make user accounts and other features possible. Third-party cookies are used to display relevant ads and to analyze how Renderosity is used. By using our site, you acknowledge that you have read and understood our Terms of Service, including our Cookie Policy and our Privacy Policy.