The good people at sans.org have released their own tool which appears to be much better than Microsoft’s. I recommend running this tool at least once on your Windows PC and then each time you install any application that *may* install its own copy of the dll (i.e. potentially *any* application that does JPEG processing). Of course it’s worth making sure that you have installed all vendor updates before you run the tool as they may well fix the vulnerability. Also, please read the sans.org web page carefully before your run their tool as there are some instances where it is “OK” if a vulnerable instance of the dll is found on your computer.

Additionally for users of Macromedia’s MX line of products, they recently released this security bulletin that states that their products are not affected by the vulnerability.

Thanks goes to my ever dependable colleague Rob for showing me the sans.org tool.

Could I still be vulnerable even after I have installed all required security updates?
Yes. …(long list of reasons why)…

Please find me a tall building to jump from…

Will blog some more about this when (and if) I find an effective way to patch multiple machines + programs without shelling out big $$$

It makes sense that they would use an RSS feed for their security bulletins, it involves a much lower overhead than individual emails. I guess it’s not that different from the concept of “newsgroups”(hmm, I wonder if you can get access to popular newsgroups via RSS?).

Note to self: Look for more security related RSS feeds after my exam next week.