MS09-062 fixes several vulnerabilities in GDI+ related to image parsing. It also includes a feature which allows administrators to disable parsing for each of the different image formats. This feature was publicly released early this year in an optional GDI+ update available on the Microsoft Download Center, but is now being release as part of this bulletin.
After installing this update, you can selectively turn off each of the image parsers in GDI+. This can be helpful in reducing the attack surface of your computer. For example, if you have no need to display TIFF files on a computer, you can disable just the TIFF parsing in GDI+, reducing your attack surface and susceptibility to any future vulnerabilities in the GDI+ TIFF parsing code.
Below is a table of the parsers in GDI+ that can be disabled, and the registry keys used to disable them:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Gdiplus\DisableBMPCodec (DWORD) == 1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Gdiplus\DisableGIFCodec (DWORD) == 1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Gdiplus\DisablePNGCodec (DWORD) == 1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Gdiplus\DisableICOCodec (DWORD) == 1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Gdiplus\DisableTIFFCodec (DWORD) == 1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Gdiplus\DisableJPEGCodec (DWORD) == 1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles (DWORD) == 1
* The disable switch for WMF and EMF was present before this update (included for completeness)
When one of these disable switches is activated, any attempts to parse a file of that particular format will return an error, just like the parser would normally return an error if the image file was corrupted.
Some applications might assume that parsing will always succeed, particularly when parsing images installed as part of the application. These applications may not gracefully recover when GDI+ returns the error. For this reason, if you want to use this feature to reduce your attack surface, we recommend first disabling the parsers you don’t plan to use, and then testing the applications you use frequently to make sure they are not adversely affected.
Also note that this feature reduces your attack surface by disabling the GDI+ parser for a particular image format, not all parsers for that image format on your computer. Some applications, including Microsoft applications, do not use GDI+ for image parsing. Those other parsers would not be disabled by these registry keys.
We hope you find this feature, and this post, helpful!
-Kevin Brown, MSRC Engineering
Special thanks to Christopher Leung and Ryan Becker from the Windows Sustained Engineering team.