Secunia CSI7
Advisories
Research
Forums
Create Profile
Our Commitment
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: Unable to detect upgrade to Visual Studio 2010 SP1

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
Programs

Relating to this vendor:
Microsoft
And, this specific program:
Microsoft Visual Studio 2010

This thread has been marked as resolved.
tillo Unable to detect upgrade to Visual Studio 2010 SP1
Member 30th Oct, 2011 10:28
Ranking: 1
Posts: 2
User Since: 7th Jul, 2009
System Score: N/A
Location: N/A
Hello,

I have Windows 7 Ultimate. PSI detected Visual Studio 2010 and flagged it Insecure because of Secunia Advisory SA44912.

After upgrade with Windows Update to 2010 SP1, PSI still detects 2010 because it looks for the following executable : C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\devenv.exe .
While the executable shows version 10.0.40219.1 and names it "Visual Studio 2010", that version corresponds to release 2010 SP1.

Am I wrong?

Post "RE: Unable to detect upgrade to Visual Studio 2010 SP1" has been selected as an answer.
mogs RE: Unable to detect upgrade to Visual Studio 2010 SP1
Expert Contributor 30th Oct, 2011 11:11
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Hello tillo !

It may be that detection rules need to be amended.....if that is the case it's likely to be tomorrow before a member of Support looks at it.
Meanwhile it may be worth following this procedure, if not already done so :-
When updating Microsoft Applications, it is a good idea to keep in mind that some Microsoft Updates do not "kick in" until after a reboot. Therefore, it is recommended to try following this procedure when installing Microsoft Updates:

1) Check Microsoft Update: install all security-related patches
2) Reboot
3) Repeat step 1: repeat step 2 if anything was installed at this step
4) Run a full rescan with the PSI


You could also format your request for help using the following :-
http://secunia.com/products/consumer/psi/faq/#q18
Troubleshoot Report

Hope the foregoing is of some help....regards,

--
Was this reply relevant?
+1
-0
tillo RE: Unable to detect upgrade to Visual Studio 2010 SP1
Member 30th Oct, 2011 13:50
Score: 1
Posts: 2
User Since: 7th Jul 2009
System Score: N/A
Location: N/A
I didn't realize there was a Troubleshoot Report, here it is :

----

Program Name:
Microsoft Visual Studio 2010

Security State:
Insecure

Download Link:
http://update.microsoft.com/microsoftupdate/

Missing Microsoft Patches (KB numbers):
KB2565057

Instances Found:
C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\devenv.exe, version: 10.0.40219.1

Last System Scan (localtime):
30. Oct 2011, 10:36

Operating System:
Microsoft Windows 7, Microsoft Windows 7

----

It doesn't add much, besides the fact that it mentions a MS patch : KB2565057. And that's the key.

I looked up for it, and found out that it's a security patch that I was missing. Because of the way Windows Update works, the security update appeared only a few moments ago, a while after the upgrade to 2010 SP1.

Anyway, now this case can be considered close, and thank you mogs for your help.

Just a little message to Secunia: I love how PSI can be used by people with little knowledge, but when I look at the details of the "failing" object I see the following message :

"The version detected of Microsoft Visual Studio 2010 was 10.0.40219.1 while the latest version including one or more security fixes is ."

The graphical engine was obviously not made to show an instance where the version is the same one, but a MS security patch (not modifying the version) is needed. This should be fixed, to shown something like:

"The version detected of Microsoft Visual Studio 2010 was the latest, but the following Microsoft Patches are missing: (KB numbers) KB2565057 .

What do you think?
Was this reply relevant?
+1
-0

This thread has been marked as locked.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


 
© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability