Re: [Full-Disclosure] Re: [Vmyths.com ALERT] Hysteria predicted for 'JPEG and windows update

[Barry Fitzgerald <bkfsec@xxxxxxxxxxxxxxxx>]

Ron DuFresne wrote:

> scroll down there and do the custom patching, that will get you the GDI+
> scanner, and any other patches you are missing, once that installs it will
> scan for M$ apps needing the jpeg patch.  Then you are directed to the
> windows appplications update page.  Of course to get the GDI dll patch,
> you will need to have the office sp3 patch first...that patch is pretty
> hefty.
>
> Thanks,
>
> Ron DuFresne
>
>
>  
And this raises the question: What if you have XP SP2 installed, Do not 
have Microsoft Office installed, and the detection tool shows you to be 
vulnerable, but refuses to inform you which application it detected?

Thanks Microsoft, for making everything far more discombobulated than it 
needs to be.  It's your poor development practices and infantile 
software architecture discipline that brought us here.  The least you 
could do is report what your detection tools actually detect and making 
the patch find and apply to all GDI libraries, rather than having to 
hunt around the system.  I can do this same thing on GNU/Linux with less 
than 20 lines of shell code, is it too much to ask for you to take the 
time to do it?  Thanks.

         -Barry

(to all the Microsoft sycophants who I expect to jump down my throat on 
this one:  Your arguments about their how great their system 
architecture is are hollow.  Save them for your psychiatrist, please, 
and tell him to up your dosage if you disagree with my statement.)


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html