I have a server running Windows Server 2008.
I do nothing on this server except run a website that uses IIS 7 and SQL Server 2005.
I keep the server current with Microsoft Updates.
I have conducted a scan for PCI Compliance which is telling me I failed because of "Vulnerabilities in GDI+ Could Allow Remote Code Execution"
When I start to look into this it is not clear what I need to do to fix my problem.
Any help and guidance would be appreciated.