If you installed XP Service Pack 3 or Windows Server SP2 after September 2008, you need to reapply an important security update.
In addition, if Windows Update offers your XP or Server 2003 system Microsoft's security bulletin MS08-067 patch, you should install it — even if you've previously done so. You may be wondering why my lead topic today is MS08-067, a patch from 2008. Well, I'm wondering, too.
People who installed MS08-067 when it first came out last summer — and then installed either the XP SP3 or 2003 SP2 service pack — may not know that systems were reverted back to a vulnerable version of gdiplus.dll. Service packs aren't supposed to do that. They're supposed to be smart enough to retain the patched versions of all system files.
Last month, however, I found that some XP machines I'd updated to SP3 post-September had the pre-update version of gdiplus.dll. On three of the systems, my third-party patching tool from Shavlik flagged this file as out-of-date. It offered the patch to me when I performed a manual scan.
I thought it odd at the time, but I believed that the problem was with Shavlik's tool, not Microsoft's. When I reviewed the patch information on Shavlik's forum, though, I found a forum post from last November by a commenter named Fordhami indicating that Microsoft knew of this issue back then. Interestingly, I'd installed XP SP2 on several XP SP3 workstations and then reinstalled XP SP3, only to find that the machines were properly patched. I searched for gdiplus.dll on those systems and found three files in locations similar to the following path:
C:\Windows \ WinSxS \ x86_Microsoft.Windows.GdiPlus_hashnumber
The version of all three files was 5.1.3102.5581. This indicated that the machine was patched. You may want to search for that file and see what version you have. Don't worry about any gdiplus.dll files located elsewhere on your system. The important one is found in the WinSxS folder.