Hi

Davidlock, I think you did understand correctly. There are two interesting point of
views here:

Assume, a certain function in some system dll does have a security issue (vulnerability).
If an executable is linked dynamical, it will be affected by the vulnerability as long as that
system dll is not patched. A statically linked executable will "always" be vulnerable.

Assume, an API has been "hooked" by some kind of rootkit, such that a certain function
in a dll is not doing what is expected. Then, your dynamically linked executable is
affected (as in your example), however there is a chance that your static executable is not.

There are advantages and disadvantages in both cases (related in this context, the "GDI-hell"
in September 2004 might be worth mentioned).

Cheers.