Introduction
This update resolves a vulnerability that could allow remote code execution on a client system if a user opens a specially crafted document or visits a specially crafted webpage that embeds TrueType font files.
Summary
Microsoft has released security bulletin MS13-054. To view the complete security bulletin, go to one of the following Microsoft websites:
- Home users:
Skip the details: Download the updates for your home computer or laptop from the Microsoft Update website now: - IT professionals:
How to obtain help and support for this security update
Help installing updates: Support for Microsoft UpdateSecurity solutions for IT professionals: TechNet Security Troubleshooting and Support
Help protect your computer that is running Windows from viruses and malware: Virus Solution and Security Center
Local support according to your country: International Support
More information about this security update
Download information
This update is available for download from the Microsoft Download Center:Windows XP Service Pack 3 (32-bit)
Windows XP Professional Service Pack 2 (64-bit)
Windows Server 2003 Service Pack 2 (32-bit)
Windows Server 2003 Service Pack 2 (64-bit)
Windows Server 2003 Service Pack 2 (IA-64)
Windows Vista Service Pack 2 (32-bit)
Windows Vista Service Pack 2 (64-bit)
Windows Server 2008 Service Pack 2 (32-bit)
Windows Server 2008 Service Pack 2 (64-bit)
Windows Server 2008 Service Pack 2 (IA-64)
Windows Server 2008 Service Pack 2 (Server Core) (32-bit)
Windows Server 2008 Service Pack 2 (Server Core) (64-bit)
Windows 7 Service Pack 1 (32-bit)
Windows 7 Service Pack 1 (64-bit)
Windows Server 2008 R2 Service Pack 1 (64-bit)
Windows Server 2008 R2 Service Pack 1 (Server Core) (64-bit)
Windows Server 2008 R2 Service Pack 1 (IA-64)
Windows XP Professional Service Pack 2 (64-bit)
Windows Server 2003 Service Pack 2 (32-bit)
Windows Server 2003 Service Pack 2 (64-bit)
Windows Server 2003 Service Pack 2 (IA-64)
Windows Vista Service Pack 2 (32-bit)
Windows Vista Service Pack 2 (64-bit)
Windows Server 2008 Service Pack 2 (32-bit)
Windows Server 2008 Service Pack 2 (64-bit)
Windows Server 2008 Service Pack 2 (IA-64)
Windows Server 2008 Service Pack 2 (Server Core) (32-bit)
Windows Server 2008 Service Pack 2 (Server Core) (64-bit)
Windows 7 Service Pack 1 (32-bit)
Windows 7 Service Pack 1 (64-bit)
Windows Server 2008 R2 Service Pack 1 (64-bit)
Windows Server 2008 R2 Service Pack 1 (Server Core) (64-bit)
Windows Server 2008 R2 Service Pack 1 (IA-64)
Restart information
You must restart the computer after you install this security update.Removal information
Note We do not recommend that you remove any security update.For Windows XP, Windows XP Professional x64 Edition, and Windows Server 2003
To remove this security update, use the Add or Remove Programs item in Control Panel.Additionally, you can use the Spuninst.exe utility that is located in the %Windir%\$NTUninstallKB2834886$\Spuninst folder.
For Windows Vista or Windows Server 2008 and later versions
To remove an update installed by Windows Update Stand-alone Installer (Wusa.exe), use the /Uninstall setup switch or click Control Panel, click System and Security, and then under Windows Update, click View installed updates. Then, select from the list of updates.Security update replacement information
This security update replaces MS12-034: Description of the security update for Windows GDI+: May 8, 2012 .Windows XP and Windows Server 2003 file information notes
- In addition to the files that are listed in these tables, this hotfix also installs an associated security catalog file (KBnumber.cat) that is signed with a Microsoft digital signature.
For all supported x86-based versions of Windows XP
File name | File version | File size | Date | Time | Platform | SP requirement | Service branch |
---|---|---|---|---|---|---|---|
Gdiplus.dll | 5.2.6002.23084 | 1,748,992 | 10-Apr-2013 | 10:45 | x86 | None | Not Applicable |
Gdiplus.man | Not Applicable | 398 | 10-Apr-2013 | 10:46 | Not Applicable | None | Not Applicable |
Gdiplus.man | Not Applicable | 608 | 10-Apr-2013 | 10:46 | Not Applicable | None | Not Applicable |
Gdiplus.dll | 5.2.6002.23084 | 1,748,992 | 10-Apr-2013 | 10:45 | x86 | SP3 | SP3QFE\ASMS\10\MSFT\WINDOWS\GDIPLUS |
Gdiplus.man | Not Applicable | 398 | 10-Apr-2013 | 10:46 | Not Applicable | SP3 | SP3QFE\ASMS\10\MSFT\WINDOWS\GDIPLUS |
Gdiplus.man | Not Applicable | 608 | 10-Apr-2013 | 10:46 | Not Applicable | SP3 | SP3QFE\ASMS\10\POLICY\MSFT\WINDOWS\GDIPLUS |
For all supported x86-based versions of Windows Server 2003
File name | File version | File size | Date | Time | Platform | SP requirement | Service branch |
---|---|---|---|---|---|---|---|
Gdiplus.dll | 5.2.6002.23084 | 1,748,992 | 13-Apr-2013 | 02:51 | x86 | SP2 | SP2QFE\ASMS\10\MSFT\WINDOWS\GDIPLUS |
Gdiplus.man | Not Applicable | 398 | 13-Apr-2013 | 02:52 | Not Applicable | SP2 | SP2QFE\ASMS\10\MSFT\WINDOWS\GDIPLUS |
Gdiplus.man | Not Applicable | 608 | 05-Apr-2013 | 10:03 | Not Applicable | SP2 | SP2QFE\ASMS\10\POLICY\MSFT\WINDOWS\GDIPLUS |
For all supported x64-based versions of Windows Server 2003 and of Windows XP Professional x64 Edition
File name | File version | File size | Date | Time | Platform | SP requirement | Service branch |
---|---|---|---|---|---|---|---|
Gdiplus.dll | 5.2.6002.23084 | 2,193,408 | 13-Apr-2013 | 15:35 | x64 | SP2 | SP2QFE\ASMS\10\MSFT\WINDOWS\GDIPLUS |
Gdiplus.man | Not Applicable | 400 | 13-Apr-2013 | 15:35 | Not Applicable | SP2 | SP2QFE\ASMS\10\MSFT\WINDOWS\GDIPLUS |
Gdiplus.man | Not Applicable | 612 | 13-Apr-2013 | 15:35 | Not Applicable | SP2 | SP2QFE\ASMS\10\POLICY\MSFT\WINDOWS\GDIPLUS |
Gdiplus.dll | 5.2.6002.23084 | 1,748,992 | 13-Apr-2013 | 15:35 | x86 | SP2 | SP2QFE\ASMS\X86\10\MSFT\WINDOWS\GDIPLUS |
Gdiplus.man | Not Applicable | 398 | 13-Apr-2013 | 15:35 | Not Applicable | SP2 | SP2QFE\ASMS\X86\10\MSFT\WINDOWS\GDIPLUS |
Gdiplus.man | Not Applicable | 608 | 13-Apr-2013 | 15:35 | Not Applicable | SP2 | SP2QFE\ASMS\X86\10\POLICY\MSFT\WINDOWS\GDIPLUS |
For all supported IA-64-based versions of Windows Server 2003
File name | File version | File size | Date | Time | Platform | SP requirement | Service branch |
---|---|---|---|---|---|---|---|
Gdiplus.dll | 5.2.6002.23084 | 4,912,128 | 13-Apr-2013 | 15:35 | IA-64 | SP2 | SP2QFE\ASMS\10\MSFT\WINDOWS\GDIPLUS |
Gdiplus.man | Not Applicable | 399 | 13-Apr-2013 | 15:35 | Not Applicable | SP2 | SP2QFE\ASMS\10\MSFT\WINDOWS\GDIPLUS |
Gdiplus.man | Not Applicable | 610 | 13-Apr-2013 | 15:35 | Not Applicable | SP2 | SP2QFE\ASMS\10\POLICY\MSFT\WINDOWS\GDIPLUS |
Gdiplus.dll | 5.2.6002.23084 | 1,748,992 | 13-Apr-2013 | 15:35 | x86 | SP2 | SP2QFE\ASMS\X86\10\MSFT\WINDOWS\GDIPLUS |
Gdiplus.man | Not Applicable | 398 | 13-Apr-2013 | 15:35 | Not Applicable | SP2 | SP2QFE\ASMS\X86\10\MSFT\WINDOWS\GDIPLUS |
Gdiplus.man | Not Applicable | 608 | 13-Apr-2013 | 15:35 | Not Applicable | SP2 | SP2QFE\ASMS\X86\10\POLICY\MSFT\WINDOWS\GDIPLUS |
Windows Vista and Windows Server 2008 file information notes
- The files that apply to a specific product, milestone (RTM, SPn), and service branch (LDR, GDR) can be identified by examining the file version numbers as shown in the following table.
Version Product Milestone Service branch 6.0.6002.18xxx Windows Vista SP2 and Windows Server 2008 SP2 SP2 GDR 6.0.6002.23xxx Windows Vista SP2 and Windows Server 2008 SP2 SP2 LDR - Service Pack 1 is integrated into the original release version of Windows Server 2008. Therefore, RTM milestone files apply only to Windows Vista. RTM milestone files have a 6.0.0000.xxxxxx version number.
- GDR service branches contain only those fixes that are widely released to address widespread, critical issues. LDR service branches contain hotfixes in addition to widely released fixes.
- The security catalog files, for which the attributes are not listed, are signed with a Microsoft digital signature.
For all supported x86-based versions of Windows Vista and of Windows Server 2008
File name | File version | File size | Date | Time | Platform |
---|---|---|---|---|---|
Gdiplus.dll | 5.2.6002.18813 | 1,748,992 | 03-Apr-2013 | 03:56 | x86 |
Gdiplus.dll | 5.2.6002.23084 | 1,748,992 | 03-Apr-2013 | 02:27 | x86 |
Gdiplus.dll | 6.0.6002.18813 | 1,838,592 | 03-Apr-2013 | 03:56 | x86 |
Gdiplus.dll | 6.0.6002.23084 | 1,838,592 | 03-Apr-2013 | 02:27 | x86 |
For all supported x64-based versions of Windows Vista and of Windows Server 2008
File name | File version | File size | Date | Time | Platform |
---|---|---|---|---|---|
Gdiplus.dll | 5.2.6002.18813 | 2,192,896 | 03-Apr-2013 | 04:15 | x64 |
Gdiplus.dll | 5.2.6002.23084 | 2,193,408 | 03-Apr-2013 | 03:40 | x64 |
Gdiplus.dll | 6.0.6002.18813 | 2,424,320 | 03-Apr-2013 | 04:15 | x64 |
Gdiplus.dll | 6.0.6002.23084 | 2,424,320 | 03-Apr-2013 | 03:40 | x64 |
Gdiplus.dll | 5.2.6002.18813 | 1,748,992 | 03-Apr-2013 | 03:56 | x86 |
Gdiplus.dll | 5.2.6002.23084 | 1,748,992 | 03-Apr-2013 | 02:27 | x86 |
Gdiplus.dll | 6.0.6002.18813 | 1,838,592 | 03-Apr-2013 | 03:56 | x86 |
Gdiplus.dll | 6.0.6002.23084 | 1,838,592 | 03-Apr-2013 | 02:27 | x86 |
For all supported IA-64-based versions of Windows Server 2008
File name | File version | File size | Date | Time | Platform |
---|---|---|---|---|---|
Gdiplus.dll | 5.2.6002.18813 | 4,911,104 | 03-Apr-2013 | 03:32 | IA-64 |
Gdiplus.dll | 5.2.6002.23084 | 4,912,128 | 03-Apr-2013 | 02:19 | IA-64 |
Gdiplus.dll | 6.0.6002.18813 | 5,266,944 | 03-Apr-2013 | 03:32 | IA-64 |
Gdiplus.dll | 6.0.6002.23084 | 5,266,944 | 03-Apr-2013 | 02:19 | IA-64 |
Gdiplus.dll | 5.2.6002.18813 | 1,748,992 | 03-Apr-2013 | 03:56 | x86 |
Gdiplus.dll | 5.2.6002.23084 | 1,748,992 | 03-Apr-2013 | 02:27 | x86 |
Gdiplus.dll | 6.0.6002.18813 | 1,838,592 | 03-Apr-2013 | 03:56 | x86 |
Gdiplus.dll | 6.0.6002.23084 | 1,838,592 | 03-Apr-2013 | 02:27 | x86 |
Windows 7 and Windows Server 2008 R2 file information notes
- The files that apply to a specific product, milestone (RTM, SPn), and service branch (LDR, GDR) can be identified by examining the file version numbers as shown in the following table:
Version Product Milestone Service branch 6.1.7601.18xxx Windows 7 and Windows Server 2008 R2 SP1 GDR 6.1.7601.22xxx Windows 7 and Windows Server 2008 R2 SP1 LDR - The security catalog files, for which the attributes are not listed, are signed with a Microsoft digital signature.
For all supported x86-based versions of Windows 7
File name | File version | File size | Date | Time | Platform |
---|---|---|---|---|---|
Gdiplus.dll | 5.2.7601.18120 | 1,723,392 | 03-Apr-2013 | 04:50 | x86 |
Gdiplus.dll | 5.2.7601.22290 | 1,723,392 | 03-Apr-2013 | 04:25 | x86 |
Gdiplus.dll | 6.1.7601.18120 | 1,625,088 | 03-Apr-2013 | 04:50 | x86 |
Gdiplus.dll | 6.1.7601.22290 | 1,626,112 | 03-Apr-2013 | 04:25 | x86 |
For all supported x64-based versions of Windows 7 and of Windows Server 2008 R2
File name | File version | File size | Date | Time | Platform |
---|---|---|---|---|---|
Gdiplus.dll | 5.2.7601.18120 | 2,293,248 | 03-Apr-2013 | 05:46 | x64 |
Gdiplus.dll | 5.2.7601.22290 | 2,293,248 | 03-Apr-2013 | 05:16 | x64 |
Gdiplus.dll | 6.1.7601.18120 | 2,165,760 | 03-Apr-2013 | 05:46 | x64 |
Gdiplus.dll | 6.1.7601.22290 | 2,166,272 | 03-Apr-2013 | 05:16 | x64 |
Gdiplus.dll | 5.2.7601.18120 | 1,723,392 | 03-Apr-2013 | 04:50 | x86 |
Gdiplus.dll | 5.2.7601.22290 | 1,723,392 | 03-Apr-2013 | 04:25 | x86 |
Gdiplus.dll | 6.1.7601.18120 | 1,625,088 | 03-Apr-2013 | 04:50 | x86 |
Gdiplus.dll | 6.1.7601.22290 | 1,626,112 | 03-Apr-2013 | 04:25 | x86 |
For all supported IA-64-based versions of Windows Server 2008 R2
File name | File version | File size | Date | Time | Platform |
---|---|---|---|---|---|
Gdiplus.dll | 5.2.7601.18120 | 4,923,392 | 03-Apr-2013 | 04:30 | IA-64 |
Gdiplus.dll | 5.2.7601.22290 | 4,923,392 | 03-Apr-2013 | 04:23 | IA-64 |
Gdiplus.dll | 6.1.7601.18120 | 4,602,368 | 03-Apr-2013 | 04:30 | IA-64 |
Gdiplus.dll | 6.1.7601.22290 | 4,603,904 | 03-Apr-2013 | 04:23 | IA-64 |
Gdiplus.dll | 5.2.7601.18120 | 1,723,392 | 03-Apr-2013 | 04:50 | x86 |
Gdiplus.dll | 5.2.7601.22290 | 1,723,392 | 03-Apr-2013 | 04:25 | x86 |
Gdiplus.dll | 6.1.7601.18120 | 1,625,088 | 03-Apr-2013 | 04:50 | x86 |
Gdiplus.dll | 6.1.7601.22290 | 1,626,112 | 03-Apr-2013 | 04:25 | x86 |