How to pass a vulnerabilty scan for GDI+

I have a server running Windows Server 2008.
I do nothing on this server except run a website that uses IIS 7 and SQL Server 2005.
I keep the server current with Microsoft Updates.
I have conducted a scan for PCI Compliance which is telling me I failed because of "Vulnerabilities in GDI+ Could Allow Remote Code Execution"

When I start to look into this it is not clear what I need to do to fix my problem.

Any help and guidance would be appreciated.
GenesisTechAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

McKnifeCommented:
If you google "Vulnerabilities in GDI+ Could Allow Remote Code Execution" you'll find that this is the title of more than one security advisory by microsoft. This simply means, that the scanning software thinks, you need to install some patches against that vulnerability. Do that. Best would be to install all patches there are, simply by running windows update.
GenesisTechAuthor Commented:
McKnife - As I stated in my question, I have already run Windows Update and all updates have been installed.

So, why does it fail the scan and how do I know what I need to install?
it_saigeDeveloperCommented:
Which PCI scanner are you using?

-saige-
GenesisTechAuthor Commented:
Trustwave
McKnifeCommented:
Maybe the scan is just faulty. It might detect absent patches because it itself is outdated.
Let me explain: Some detection software that was engineered in august 2015 might not be able to detect the presence/absence of patches that are newer than august 2015. It might just "say": I don't know that file version that I have detected (which might be newer=higher), but my catalogue says, if the version is not 1.1, it is insecure, so it must be.

You should ask the support of the scanner what that behavior could mean.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
OS Security

From novice to tech pro — start learning today.