Consider the following scenario. You develop an application that uses Microsoft Windows GDI+ API functions. You use the application in Windows Server 2008, in Windows Vista, in Windows Server 2003, or in Windows XP. In this scenario, when you use the application to display or to print Japanese full-width (zenkaku) characters, the Unicode hyphen character (U+2010) is not drawn.

For example, you use a hyphen (-) to separate some digits as follows:

1-2-3A

However, when the characters are displayed or printed by the application that uses GDI+ API functions, you see the following string:

123A

Note: This problem does not occur when the application uses Graphics Device Interface (GDI) API functions.

Description: This security update resolves several privately reported vulnerabilities in Microsoft Windows GDI+. These vulnerabilities could allow remote code execution if a user viewed a specially crafted image file using affected software or browsed a Web site that contains specially crafted content. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. The security update addresses the vulnerabilities by modifying the way that GDI+ handles viewing malformed images. Keep reading →

Consider the following scenario:

1. An application uses GDI+ to print images to a color printer in one of the following Microsoft operating systems:
   • Windows Server 2003
   • Windows Vista
   • Windows Server 2008
2. The printer uses an Image Color Matching (ICM) color profile for color matching.

In this scenario, the color profile is not applied to the output. This may cause the colors of the image that is printed to differ from your expectations.

Note: This problem does not occur on Windows XP-based computers.

Description: This security update resolves two privately reported vulnerabilities in GDI. Exploitation of either of these vulnerabilities could allow remote code execution if a user opens a specially crafted EMF or WMF image file. An attacker who successfully exploited these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Keep reading →

Graphics Device Interface: A Microsoft Windows interface for representing graphical objects and transmitting them to output devices such as monitors and printers.

On a computer that is running Microsoft Windows XP, Microsoft Windows Server 2003, or Windows Vista, you use an exclusionary clipping region in a Graphics Device Interface (GDI+) application. In the application, the right edge or the lower edge of the region can be drawn. However, you expect that these edges cannot be drawn.

This problem occurs if the following conditions are true:

• The Pen class has an alpha component
• The value of the alpha component is less than 255.

This problem does not occur when the value of the alpha component is 255.

Note: An exclusionary clipping region is a region that cannot be drawn. You can only draw in the area that is outside this region.

Description: A security issue has been identified that could allow an attacker to compromise your Windows-based system and gain control over it. You can help protect your computer by installing this update from Microsoft. After you install this item, you may have to restart your computer.
Keep reading →

Microsoft today released an update for the recently popular ‘animated cursor’ vulnerability. The update was originally scheduled for April 10th, but due to recent exploits, was rushed out today. The update wasn’t just for this one vulnerability though, in Vista, it addressed two others, and in all covered seven vulnerabilities in Vista, XP and 2000. Keep reading →