Microsoft Security Bulletin MS04-028 was updated today. We also published a new piece titled GDI+ 1.0 Security Update Overview. To help track the new and upcoming content around this issue, we created a new page on the Security Developer Center. This page links to any articles and information we publish around the issue and I'll add any new resources that I can find. This page also contains a short FAQ about the issue and about side by side deployment. You can get to the page here:
All About GDI+
This page contains information about a newly-discovered, privately reported vulnerability in GDI+. A buffer overrun vulnerability exists in the processing of JPEG image formats that could allow remote code execution on an affected system. This page contains information and links for developers who need to better understand this issue.
I'll probably add more stuff to this page over the next couple of days. If there's anything specific you would like to see, just drop me a note.