To function appropriately, the Forefront Client Security anti-malware agent requires that GDI+ is installed. However, GDI+ is not present on Microsoft Windows 2000 Service Pack 4. For this is reason, Forefront Client Security client setup installs Gdiplus.dll into the anti-malware subdirectory on a Windows 2000 SP4-based computer. Bulletin MS08-052 states that Windows 2000 Service Pack 4 is non-affected software. Therefore, this security update is required to resolve the vulnerabilities that are introduced by the deployment of Forefront Client Security in Windows 2000 Service Pack 4.
This update only applies to Windows 2000 Service Pack 4, and this update only updates the Gdiplus.dll that is deployed by the Forefront Client Security client setup. If a Windows 2000-based computer together with Forefront Client Security has additional vulnerable GDI+ libraries that other software packages install, this installation does not update those GDI+ libraries.
The English (United States) version of this security update has the file attributes (or later file attributes) that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time item in Control Panel.
update security_patch security_update security bug flaw vulnerability malicious attacker exploit registry unauthenticated buffer overrun overflow specially-formed scope specially-crafted denial of service DoS TSE WinNT Win2000