What is NetIQ's recommendation with regards to the GDIPlus.DLL vulnerability in Security Manager 5.0?
Security Manager 5.00
Security Manager 5.0 SP1
GDIPlus.DLL (GDI+) version 5.1.3097.0 in Security Manager 5.0
The NetIQ Security Manager (SM) install contains a GDIPlus.DLL (GDI+) version 5.1.3097.0 in the following locations:
<installfolder>\OnePoint\InstallService (Central computers only)
Although the SM copy of GDI+ should not cause any vulnerability in your environment, you can safely replace it with GDIPlus.DLLversion 5.1.3102.1355 as recommended by Microsoft. Future versions of SM will only contain the 5.1.3102.1355 or higher version of this DLL.
For more information about this vulnerability and access to the security update, please visit Microsoft TechNet: http://www.microsoft.com/technet/security/bulletin/MS04-028.mspx