Update on Recent Vulnerabilities

If you read my post dated 9.17 you'll undoubtedly notice the critical vulnerability in Microsoft's JPEG implementation. One glaring ommision in Microsoft's response to this vulnerability is their scanning tool... which is an exercise in frustration. It'll tell you you're vulnerable and recommend that you visit Windows Update and Office Update. OK - that's not so bad, right? The problem is that if you run the scanning tool again it will tell you you're still vulnerable - prompting another trip to Windows Update and Office Update. Try this utility from SANS instead. It will scan your system and give you a detailed list of all vulnerable or potentially vulnerable components. You'll need to do a little leg work on your own to figure out which program needs patching - but if you look at the path to the vulnerable component (e.g. c:\program files\Microsoft PictureIT) you can pretty much figure out what program really needs patching. Good luck... you'll need it.