United States

Change

All Microsoft Sites

Microsoft Support

Article ID: 957488 - Last Review: October 13, 2009 - Revision: 2.1

MS09-062: Vulnerabilities in GDI+ could allow remote code execution

View products that this article applies to.

INTRODUCTION

Microsoft has released security bulletin MS09-062. To view the complete security bulletin, visit one of the following Microsoft Web sites:

Home users:
http://www.microsoft.com/security/updates/bulletins/200910.aspx (http://www.microsoft.com/security/updates/bulletins/200910.aspx)
Skip the details: Download the updates for your home computer or laptop from the Microsoft Update Web site now:
http://update.microsoft.com/microsoftupdate/ (http://update.microsoft.com/microsoftupdate/)
IT professionals:
http://www.microsoft.com/technet/security/bulletin/MS09-062.mspx (http://www.microsoft.com/technet/security/bulletin/MS09-062.mspx)

Back to the top

How to obtain help and support for this security update

For home users, no-charge support is available by calling 1-866-PCSAFETY in the United States and Canada or by contacting your local Microsoft subsidiary. For more information about how to contact your local Microsoft subsidiary for support issues with security updates, visit the Microsoft International Support Web site:

http://support.microsoft.com/common/international.aspx?rdpath=4 (http://support.microsoft.com/common/international.aspx?rdpath=4)

North American customers can also obtain instant access to unlimited no-charge e-mail support or to unlimited individual chat support by visiting the following Microsoft Web site:

http://support.microsoft.com/oas/default.aspx?&prid=7552 (http://support.microsoft.com/oas/default.aspx?&prid=7552)

For enterprise customers, support for security updates is available through your usual support contacts.

Back to the top

MORE INFORMATION

Known issues and additional information about this security update

For more information about this security update and for information about any known issues with specific releases of this software, click the following article number to view the article in the Microsoft Knowledge Base:

958869 (http://support.microsoft.com/kb/958869/ ) MS09-062: Description of the security update for GDI+ for all editions of Windows XP, Windows Vista, Windows Server 2003, and Windows Server 2008 and for Windows Server 2000 with Internet Explorer 6 Service Pack 1: October 13, 2009

970892 (http://support.microsoft.com/kb/970892/ ) MS09-062: Description of the security update for SQL Server 2005 Service Pack 3 GDR: October 13, 2009

970894 (http://support.microsoft.com/kb/970894/ ) MS09-062: Description of the security update for SQL Server 2005 Service Pack 3 QFE: October 13, 2009

970895 (http://support.microsoft.com/kb/970895/ ) MS09-062: Description of the security update for GDI+ for SQL Server 2005 Service Pack 2 GDR: October 13, 2009

970896 (http://support.microsoft.com/kb/970896/ ) MS09-062: Description of the security update for SQL Server 2005 Service Pack 2 QFE: October 13, 2009

970899 (http://support.microsoft.com/kb/970899/ ) MS09-062: Description of the security update for GDI+ for SQL Server 2000 Reporting Services Service Pack 2: October 13, 2009

971022 (http://support.microsoft.com/kb/971022/ ) MS09-062: Description of the security update for Microsoft Visual Studio 2003 Service Pack 1: October 13, 2009

971023 (http://support.microsoft.com/kb/971023/ ) MS09-062: Description of the security update for Microsoft Visual Studio 2005 Service Pack 1: October 13, 2009

971104 (http://support.microsoft.com/kb/971104/ ) MS09-062: Description of the security update for Microsoft Visual FoxPro 8.0 Service Pack 1: October 13, 2009

971105 (http://support.microsoft.com/kb/971105/ ) MS09-062: Description of the security update for Microsoft Visual FoxPro 9.0 Service Pack 2: October 13, 2009

971108 (http://support.microsoft.com/kb/971108/ ) MS09-062: Description of the security update for Microsoft .NET Framework 1.1 Service Pack 1: October 13, 2009

971110 (http://support.microsoft.com/kb/971110/ ) MS09-062: Description of the security update for Microsoft .NET Framework 2.0 Service Pack 1: October 13, 2009

971111 (http://support.microsoft.com/kb/971111/ ) MS09-062: Description of the security update for Microsoft .NET Framework 2.0 Service Pack 2: October 13, 2009

971117 (http://support.microsoft.com/kb/971117/ ) MS09-062: Description of the security update for Microsoft Report Viewer 2005 Service Pack 1 Redistributable Package: October 13, 2009

971118 (http://support.microsoft.com/kb/971118/ ) MS09-062: Description of the security update for Microsoft Report Viewer 2008 Redistributable Package: October 13, 2009

971119 (http://support.microsoft.com/kb/971119/ ) MS09-062: Description of the security update for Microsoft Report Viewer 2008 Service Pack 1 Redistributable Package: October 13, 2009

972221 (http://support.microsoft.com/kb/972221/ ) MS09-062: Description of the security update for Microsoft Visual Studio 2008: October 13, 2009

972222 (http://support.microsoft.com/kb/972222/ ) MS09-062: Description of the security update for Microsoft Visual Studio 2008 Service Pack 1: October 13, 2009

972580 (http://support.microsoft.com/kb/972580/ ) MS09-062: Description of the security update for Office 2003: October 13, 2009

972581 (http://support.microsoft.com/kb/972581/ ) MS09-062: Description of the security update for the 2007 Office system: October 13, 2009

974811 (http://support.microsoft.com/kb/974811/ ) MS09-062: Description of the security update for Office XP: October 13, 2009

973636 (http://support.microsoft.com/kb/973636/ ) MS09-062: Description of the security update for Microsoft Works 8: October 13, 2009

975337 (http://support.microsoft.com/kb/975337/ ) MS09-062: Description of the security update for GDI+ for Microsoft Platform SDK Redistributable: October 13, 2009

975365 (http://support.microsoft.com/kb/975365/ ) MS09-062: Description of the security update for GDI+ for Microsoft Visio 2002: October 13, 2009

975962 (http://support.microsoft.com/kb/975962/ ) MS09-062: Description of the security update for Forefront Client Security on Windows 2000: October 13, 2009

Note In addition to the products listed in the Applies To section, this update also applies to Microsoft Report Viewer Redistributable 2008 SP1.

Back to the top

APPLIES TO

Windows Server 2008 Service Pack 2, when used with:

Windows Server 2008 Datacenter without Hyper-V
Windows Server 2008 Enterprise without Hyper-V
Windows Server 2008 for Itanium-Based Systems
Windows Server 2008 Standard without Hyper-V
Windows Server 2008 Datacenter
Windows Server 2008 Enterprise
Windows Server 2008 Standard
Windows Web Server 2008

Windows Vista Service Pack 2, when used with:

Windows Vista Business
Windows Vista Enterprise
Windows Vista Home Basic
Windows Vista Home Premium
Windows Vista Starter
Windows Vista Ultimate
Windows Vista Enterprise 64-bit Edition
Windows Vista Home Basic 64-bit Edition
Windows Vista Home Premium 64-bit Edition
Windows Vista Ultimate 64-bit Edition
Windows Vista Business 64-bit Edition

Windows Vista Service Pack 1, when used with:

Windows Vista Business
Windows Vista Enterprise
Windows Vista Home Basic
Windows Vista Home Premium
Windows Vista Starter
Windows Vista Ultimate
Windows Vista Enterprise 64-bit Edition
Windows Vista Home Basic 64-bit Edition
Windows Vista Home Premium 64-bit Edition
Windows Vista Ultimate 64-bit Edition
Windows Vista Business 64-bit Edition

Microsoft Windows Server 2003 Service Pack 2, when used with:

Microsoft Windows Server 2003, Standard Edition (32-bit x86)
Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)
Microsoft Windows Server 2003, Datacenter Edition (32-bit x86)
Microsoft Windows Server 2003, Web Edition
Microsoft Windows Server 2003, Datacenter x64 Edition
Microsoft Windows Server 2003, Enterprise x64 Edition
Microsoft Windows Server 2003, Standard x64 Edition
Microsoft Windows XP Professional x64 Edition
Microsoft Windows Server 2003, Datacenter Edition for Itanium-Based Systems
Microsoft Windows Server 2003, Enterprise Edition for Itanium-based Systems

Microsoft Windows XP Service Pack 3, when used with:

Microsoft Windows XP Home Edition
Microsoft Windows XP Professional

Microsoft Windows XP Service Pack 2, when used with:

Microsoft Windows XP Home Edition
Microsoft Windows XP Professional

Microsoft Windows 2000 Service Pack 4

Microsoft Forefront Client Security, when used with:

Microsoft Windows 2000 Service Pack 4

Microsoft Visual Studio Team System 2008 Team Suite
Microsoft Visual Studio 2008 Standard Edition
Microsoft Visual Studio 2008 Professional Edition
Microsoft Visual Studio Team System 2008 Database Edition
Microsoft Visual Studio Team System 2008 Architecture Edition
Microsoft Visual Studio Team System 2008 Development Edition
Microsoft Visual Studio Team System 2008 Test Edition
Microsoft Visual Studio 2008 Service Pack 1, when used with:

Microsoft Visual Studio Team System 2008 Team Suite
Microsoft Visual Studio 2008 Standard Edition
Microsoft Visual Studio 2008 Professional Edition
Microsoft Visual Studio Team System 2008 Database Edition
Microsoft Visual Studio Team System 2008 Architecture Edition
Microsoft Visual Studio Team System 2008 Development Edition
Microsoft Visual Studio Team System 2008 Test Edition

Microsoft Visual Studio 2005 Service Pack 1, when used with:

Microsoft Visual Studio 2005 Team Suite
Microsoft Visual Studio 2005 Standard Edition
Microsoft Visual Studio 2005 Professional Edition
Microsoft Visual Studio 2005 Team Edition for Database Professionals
Microsoft Visual Studio 2005 Team Edition for Software Architects
Microsoft Visual Studio 2005 Team Edition for Software Developers
Microsoft Visual Studio 2005 Team Edition for Software Testers
Microsoft Visual Studio 2005 Tools for the Microsoft Office System

Microsoft Visual Studio .NET 2003 Service Pack 1, when used with:

Microsoft Visual Studio .NET 2003 Enterprise Architect
Microsoft Visual Studio .NET 2003 Enterprise Developer
Microsoft Visual Studio .NET 2003 Professional Edition
Microsoft Visual Basic .NET 2003 Standard Edition
Microsoft Visual C++ .NET 2003 Standard Edition
Microsoft Visual C# .NET 2003 Standard Edition
Microsoft Visual J# .NET 2003 Standard Edition

Microsoft Report Viewer Redistributable 2005 Service Pack 1
Microsoft Report Viewer Redistributable 2008
Microsoft .NET Framework 2.0 Service Pack 1 (x86)
Microsoft .NET Framework 1.1 Service Pack 1
Microsoft Visual FoxPro 9.0 Service Pack 2
Microsoft SQL Server 2005 Service Pack 3, when used with:

Microsoft SQL Server 2005 Standard Edition
Microsoft SQL Server 2005 Enterprise Edition
Microsoft SQL Server 2005 Express Edition
Microsoft SQL Server 2005 Express Edition with Advanced Services
Microsoft SQL Server 2005 Developer Edition
Microsoft SQL Server 2005 Standard X64 Edition
Microsoft SQL Server 2005 Enterprise X64 Edition
Microsoft SQL Server 2005 Enterprise Edition for Itanium-based Systems

Microsoft SQL Server 2005 Service Pack 2, when used with:

Microsoft SQL Server 2005 Developer Edition
Microsoft SQL Server 2005 Enterprise Edition
Microsoft SQL Server 2005 Enterprise Edition for Itanium-based Systems
Microsoft SQL Server 2005 Enterprise X64 Edition
Microsoft SQL Server 2005 Express Edition
Microsoft SQL Server 2005 Standard Edition
Microsoft SQL Server 2005 Standard X64 Edition
Microsoft SQL Server 2005 Developer Edition Community Technology Preview
Microsoft SQL Server 2005 Developer x64 Edition Community Technology Preview
Microsoft SQL Server 2005 Enterprise Edition Community Technology Preview
Microsoft SQL Server 2005 Standard Edition Community Technology Preview
Microsoft SQL Server 2005 Standard Edition for Itanium-based Systems Community Technology Preview
Microsoft SQL Server 2005 Standard x64 Edition Community Technology Preview
Microsoft SQL Server 2005 Workgroup Edition
Microsoft SQL Server 2005 Workgroup Edition Community Technology Preview

Microsoft SQL Server 2000 Service Pack 4

2007 Microsoft Office Suite Service Pack 2, when used with:

Microsoft Office Basic 2007
Microsoft Office Standard 2007
Microsoft Office Professional 2007
Microsoft Office Small Business 2007
Microsoft Office Home and Student 2007
Microsoft Office Enterprise 2007
Microsoft Office Ultimate 2007
Microsoft Office Access 2007
Microsoft Office Excel 2007
Microsoft Office Excel 2007 (Home and Student version)
Microsoft Office Excel Viewer 2007
Microsoft Office InfoPath 2007
Microsoft Office OneNote 2007
Microsoft Office OneNote 2007 (Home and Student version)
Microsoft Office Outlook 2007
Microsoft Office PowerPoint 2007
Microsoft Office PowerPoint 2007 (Home and Student version)
Microsoft Office PowerPoint Viewer 2007
Microsoft Office Project Professional 2007
Microsoft Office Project Standard 2007
Microsoft Office Publisher 2007
Microsoft Office Visio Professional 2007
Microsoft Office Visio Standard 2007
Microsoft Office Word 2007
Microsoft Office Word 2007 (Home and Student version)
Word Viewer
Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats
Microsoft Office Groove 2007