MS04-028 - may require more than a Windows Update

You may see a message, that more products were detected that need updating besides Windows, esp. if you have MS Offfice installed.

One complicating factor on this security update is that many folks don't update Office or other products as closely as we're used to doing with Windows. Microsoft Office, IE, Visual Studio, and other products can process JPEG files. So it's important to update these products in case a malicious JPEG in an email or a website exploits this vulnerability. This is an issue of a vulnerable DLL being used multiple times on the same PC (so Windows, Office, IE, and other products could need patching).

RECOMMENDATIONS:

1. Windows Update - It's recommend you install the latest SP for your OS

http://www.microsoft.com/windowsupdate/

2. Office Security Update - It's recommend you install the latest SP for your version of Office. Also, the Office update could require the original CD, hard drive, or network location to be authenticated.

http://www.microsoft.com/officeupdate

3. Manually patch Individual products as needed (e.g., Visual Studio Net)

You can eventually work these in over time, as there is no current threat I'm aware of. Still, JPEGs or graphics might be a better method of tricking folks than email?

Most of us will only need a Windows and Office update. But you might need SP updates on Office if you've not done this in the past. This one will take more work for home and corporate users to achieve complete safety. It wasn't bad for me, as I keep everything as up-to-date as possible, but the Office Update might be new to some folks.