MS13-054: Description of the security update for Windows GDI+: July 9, 2013


View products that this article applies to.

Introduction

This update resolves a vulnerability that could allow remote code execution on a client system if a user opens a specially crafted document or visits a specially crafted webpage that embeds TrueType font files.

Summary

Microsoft has released security bulletin MS13-054. To view the complete security bulletin, go to one of the following Microsoft websites:

How to obtain help and support for this security update

Help installing updates: Support for Microsoft Update

Security solutions for IT professionals: TechNet Security Troubleshooting and Support

Help protect your computer that is running Windows from viruses and malware: Virus Solution and Security Center

Local support according to your country: International Support

More information about this security update

Download information

This update is available for download from the Microsoft Download Center:
Windows XP Service Pack 3 (32-bit)

Windows XP Professional Service Pack 2 (64-bit)

Windows Server 2003 Service Pack 2 (32-bit)

Windows Server 2003 Service Pack 2 (64-bit)

Windows Server 2003 Service Pack 2 (IA-64)

Windows Vista Service Pack 2 (32-bit)

Windows Vista Service Pack 2 (64-bit)

Windows Server 2008 Service Pack 2 (32-bit)

Windows Server 2008 Service Pack 2 (64-bit)

Windows Server 2008 Service Pack 2 (IA-64)

Windows Server 2008 Service Pack 2 (Server Core) (32-bit)

Windows Server 2008 Service Pack 2 (Server Core) (64-bit)

Windows 7 Service Pack 1 (32-bit)

Windows 7 Service Pack 1 (64-bit)

Windows Server 2008 R2 Service Pack 1 (64-bit)

Windows Server 2008 R2 Service Pack 1 (Server Core) (64-bit)

Windows Server 2008 R2 Service Pack 1 (IA-64)


Restart information

You must restart the computer after you install this security update.

Removal information

Note We do not recommend that you remove any security update.
For Windows XP, Windows XP Professional x64 Edition, and Windows Server 2003
To remove this security update, use the Add or Remove Programs item in Control Panel.

Additionally, you can use the Spuninst.exe utility that is located in the %Windir%\$NTUninstallKB2834886$\Spuninst folder.
For Windows Vista or Windows Server 2008 and later versions
To remove an update installed by Windows Update Stand-alone Installer (Wusa.exe), use the /Uninstall setup switch or click Control Panel, click System and Security, and then under Windows Update, click View installed updates. Then, select from the list of updates.

Security update replacement information

This security update replaces MS12-034: Description of the security update for Windows GDI+: May 8, 2012 .
Windows XP and Windows Server 2003 file information notes
  • In addition to the files that are listed in these tables, this hotfix also installs an associated security catalog file (KBnumber.cat) that is signed with a Microsoft digital signature.

For all supported x86-based versions of Windows XP
File nameFile versionFile sizeDateTimePlatformSP requirementService branch
Gdiplus.dll5.2.6002.230841,748,99210-Apr-201310:45x86NoneNot Applicable
Gdiplus.manNot Applicable39810-Apr-201310:46Not ApplicableNoneNot Applicable
Gdiplus.manNot Applicable60810-Apr-201310:46Not ApplicableNoneNot Applicable
Gdiplus.dll5.2.6002.230841,748,99210-Apr-201310:45x86SP3SP3QFE\ASMS\10\MSFT\WINDOWS\GDIPLUS
Gdiplus.manNot Applicable39810-Apr-201310:46Not ApplicableSP3SP3QFE\ASMS\10\MSFT\WINDOWS\GDIPLUS
Gdiplus.manNot Applicable60810-Apr-201310:46Not ApplicableSP3SP3QFE\ASMS\10\POLICY\MSFT\WINDOWS\GDIPLUS
For all supported x86-based versions of Windows Server 2003
File nameFile versionFile sizeDateTimePlatformSP requirementService branch
Gdiplus.dll5.2.6002.230841,748,99213-Apr-201302:51x86SP2SP2QFE\ASMS\10\MSFT\WINDOWS\GDIPLUS
Gdiplus.manNot Applicable39813-Apr-201302:52Not ApplicableSP2SP2QFE\ASMS\10\MSFT\WINDOWS\GDIPLUS
Gdiplus.manNot Applicable60805-Apr-201310:03Not ApplicableSP2SP2QFE\ASMS\10\POLICY\MSFT\WINDOWS\GDIPLUS
For all supported x64-based versions of Windows Server 2003 and of Windows XP Professional x64 Edition
File nameFile versionFile sizeDateTimePlatformSP requirementService branch
Gdiplus.dll5.2.6002.230842,193,40813-Apr-201315:35x64SP2SP2QFE\ASMS\10\MSFT\WINDOWS\GDIPLUS
Gdiplus.manNot Applicable40013-Apr-201315:35Not ApplicableSP2SP2QFE\ASMS\10\MSFT\WINDOWS\GDIPLUS
Gdiplus.manNot Applicable61213-Apr-201315:35Not ApplicableSP2SP2QFE\ASMS\10\POLICY\MSFT\WINDOWS\GDIPLUS
Gdiplus.dll5.2.6002.230841,748,99213-Apr-201315:35x86SP2SP2QFE\ASMS\X86\10\MSFT\WINDOWS\GDIPLUS
Gdiplus.manNot Applicable39813-Apr-201315:35Not ApplicableSP2SP2QFE\ASMS\X86\10\MSFT\WINDOWS\GDIPLUS
Gdiplus.manNot Applicable60813-Apr-201315:35Not ApplicableSP2SP2QFE\ASMS\X86\10\POLICY\MSFT\WINDOWS\GDIPLUS
For all supported IA-64-based versions of Windows Server 2003
File nameFile versionFile sizeDateTimePlatformSP requirementService branch
Gdiplus.dll5.2.6002.230844,912,12813-Apr-201315:35IA-64SP2SP2QFE\ASMS\10\MSFT\WINDOWS\GDIPLUS
Gdiplus.manNot Applicable39913-Apr-201315:35Not ApplicableSP2SP2QFE\ASMS\10\MSFT\WINDOWS\GDIPLUS
Gdiplus.manNot Applicable61013-Apr-201315:35Not ApplicableSP2SP2QFE\ASMS\10\POLICY\MSFT\WINDOWS\GDIPLUS
Gdiplus.dll5.2.6002.230841,748,99213-Apr-201315:35x86SP2SP2QFE\ASMS\X86\10\MSFT\WINDOWS\GDIPLUS
Gdiplus.manNot Applicable39813-Apr-201315:35Not ApplicableSP2SP2QFE\ASMS\X86\10\MSFT\WINDOWS\GDIPLUS
Gdiplus.manNot Applicable60813-Apr-201315:35Not ApplicableSP2SP2QFE\ASMS\X86\10\POLICY\MSFT\WINDOWS\GDIPLUS
Windows Vista and Windows Server 2008 file information notes
  • The files that apply to a specific product, milestone (RTM, SPn), and service branch (LDR, GDR) can be identified by examining the file version numbers as shown in the following table.

    VersionProductMilestoneService branch
    6.0.6002.18xxxWindows Vista SP2 and Windows Server 2008 SP2SP2GDR
    6.0.6002.23xxxWindows Vista SP2 and Windows Server 2008 SP2SP2LDR
  • Service Pack 1 is integrated into the original release version of Windows Server 2008. Therefore, RTM milestone files apply only to Windows Vista. RTM milestone files have a 6.0.0000.xxxxxx version number.
  • GDR service branches contain only those fixes that are widely released to address widespread, critical issues. LDR service branches contain hotfixes in addition to widely released fixes.
  • The security catalog files, for which the attributes are not listed, are signed with a Microsoft digital signature.

For all supported x86-based versions of Windows Vista and of Windows Server 2008
File nameFile versionFile sizeDateTimePlatform
Gdiplus.dll5.2.6002.188131,748,99203-Apr-201303:56x86
Gdiplus.dll5.2.6002.230841,748,99203-Apr-201302:27x86
Gdiplus.dll6.0.6002.188131,838,59203-Apr-201303:56x86
Gdiplus.dll6.0.6002.230841,838,59203-Apr-201302:27x86
For all supported x64-based versions of Windows Vista and of Windows Server 2008
File nameFile versionFile sizeDateTimePlatform
Gdiplus.dll5.2.6002.188132,192,89603-Apr-201304:15x64
Gdiplus.dll5.2.6002.230842,193,40803-Apr-201303:40x64
Gdiplus.dll6.0.6002.188132,424,32003-Apr-201304:15x64
Gdiplus.dll6.0.6002.230842,424,32003-Apr-201303:40x64
Gdiplus.dll5.2.6002.188131,748,99203-Apr-201303:56x86
Gdiplus.dll5.2.6002.230841,748,99203-Apr-201302:27x86
Gdiplus.dll6.0.6002.188131,838,59203-Apr-201303:56x86
Gdiplus.dll6.0.6002.230841,838,59203-Apr-201302:27x86
For all supported IA-64-based versions of Windows Server 2008
File nameFile versionFile sizeDateTimePlatform
Gdiplus.dll5.2.6002.188134,911,10403-Apr-201303:32IA-64
Gdiplus.dll5.2.6002.230844,912,12803-Apr-201302:19IA-64
Gdiplus.dll6.0.6002.188135,266,94403-Apr-201303:32IA-64
Gdiplus.dll6.0.6002.230845,266,94403-Apr-201302:19IA-64
Gdiplus.dll5.2.6002.188131,748,99203-Apr-201303:56x86
Gdiplus.dll5.2.6002.230841,748,99203-Apr-201302:27x86
Gdiplus.dll6.0.6002.188131,838,59203-Apr-201303:56x86
Gdiplus.dll6.0.6002.230841,838,59203-Apr-201302:27x86
Windows 7 and Windows Server 2008 R2 file information notes
  • The files that apply to a specific product, milestone (RTM, SPn), and service branch (LDR, GDR) can be identified by examining the file version numbers as shown in the following table:

    VersionProductMilestoneService branch
    6.1.7601.18xxxWindows 7 and Windows Server 2008 R2 SP1GDR
    6.1.7601.22xxxWindows 7 and Windows Server 2008 R2SP1LDR

  • The security catalog files, for which the attributes are not listed, are signed with a Microsoft digital signature.

For all supported x86-based versions of Windows 7
File nameFile versionFile sizeDateTimePlatform
Gdiplus.dll5.2.7601.181201,723,39203-Apr-201304:50x86
Gdiplus.dll5.2.7601.222901,723,39203-Apr-201304:25x86
Gdiplus.dll6.1.7601.181201,625,08803-Apr-201304:50x86
Gdiplus.dll6.1.7601.222901,626,11203-Apr-201304:25x86
For all supported x64-based versions of Windows 7 and of Windows Server 2008 R2
File nameFile versionFile sizeDateTimePlatform
Gdiplus.dll5.2.7601.181202,293,24803-Apr-201305:46x64
Gdiplus.dll5.2.7601.222902,293,24803-Apr-201305:16x64
Gdiplus.dll6.1.7601.181202,165,76003-Apr-201305:46x64
Gdiplus.dll6.1.7601.222902,166,27203-Apr-201305:16x64
Gdiplus.dll5.2.7601.181201,723,39203-Apr-201304:50x86
Gdiplus.dll5.2.7601.222901,723,39203-Apr-201304:25x86
Gdiplus.dll6.1.7601.181201,625,08803-Apr-201304:50x86
Gdiplus.dll6.1.7601.222901,626,11203-Apr-201304:25x86
For all supported IA-64-based versions of Windows Server 2008 R2
File nameFile versionFile sizeDateTimePlatform
Gdiplus.dll5.2.7601.181204,923,39203-Apr-201304:30IA-64
Gdiplus.dll5.2.7601.222904,923,39203-Apr-201304:23IA-64
Gdiplus.dll6.1.7601.181204,602,36803-Apr-201304:30IA-64
Gdiplus.dll6.1.7601.222904,603,90403-Apr-201304:23IA-64
Gdiplus.dll5.2.7601.181201,723,39203-Apr-201304:50x86
Gdiplus.dll5.2.7601.222901,723,39203-Apr-201304:25x86
Gdiplus.dll6.1.7601.181201,625,08803-Apr-201304:50x86
Gdiplus.dll6.1.7601.222901,626,11203-Apr-201304:25x86


Applies to

This article applies to the following:
  • Windows 7 Service Pack 1
  • Windows Server 2008 R2 Service Pack 1
  • Windows Vista Service Pack 2
  • Windows Server 2008 Service Pack 2
  • Windows XP Service Pack 3
  • Windows XP Professional x64 Edition Service Pack 2
  • Windows Server 2003 Service Pack 2