Secunia CSI7
Advisories
Research
Forums
Create Profile
Our Commitment
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: Microsoft Visual C++ 2008 Redistributable Package 9.0.21022.218 s...

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
Programs

Relating to this vendor:
Microsoft
And, this specific program:
Microsoft Visual C++ 2008 Redistributable Package

This thread has been marked as locked.
Minkus Microsoft Visual C++ 2008 Redistributable Package 9.0.21022.218 showing as 'Vulnerable' when it is not
Member 12th Aug, 2010 14:13
Ranking: 0
Posts: 2
User Since: 27th Jul, 2010
System Score: N/A
Location: UK
Hi,

I am receiving the following error on Secunia PSI:

Microsoft Visual C++ 2008 Redistributable Package 9.0.21022.218

This installation of Microsoft Visual C++ 2008 Redistributable Package is insecure and potentially exposes your system to security threats!

Installation Path: C:\Program Files (x86)\Common Files\Microsoft Shared\VC\msdia90.dll

The 'fix' section sends me to the following site:
http://www.microsoft.com/downloads/details.aspx?fa...
which contains 'Microsoft Visual C++ 2008 Service Pack 1 Redistributable Package ATL Security Update'.

However on installing this package, the issue remains. I have all the latest Windows Updates installed.

Having done some investigation, I believe that this may be because there are *two* VS 2008 updates available for MS09-035 - KB973551 and KB973552. The first is for Visual Studio 2008 RTM, and the second is for Visual Studio 2008 SP1. According to KB973551, the file version I have installed is secure (msdia90.dll 9.0.21022.218 668,992 12-Jul-2009 0:5 2), but Secunia is not detecting it as so. Please could you update the rules so that this file version is detected as secure, as well as the SP1 version (msdia90.dll 9.0.30729.4148 670,016 12-Jul-2009 12 :11)

Kind regards,
Chris Hill

This user no longer exists RE: Microsoft Visual C++ 2008 Redistributable Package 9.0.21022.218 showing as 'Vulnerable' when it is not
Member 12th Aug, 2010 14:40
Hi,

Most Microsoft updates don't "kick in" (Including changes in version numbers) before a reboot. Therefore, the best procedure when having problems with Microsoft Updates is to:

1) Install all available patches from Microsoft Update (click the solution button in the PSI)
2) Reboot
3) If any patches were installed, check Microsoft update again.
4) If any patches was installed this time, restart from step 2.
5) Rescan with the PSI

Hope this helps.
Was this reply relevant?
+0
-0
Anthony Wells RE: Microsoft Visual C++ 2008 Redistributable Package 9.0.21022.218 showing as 'Vulnerable' when it is not
Expert Contributor 12th Aug, 2010 16:31
Score: 2445
Posts: 3,337
User Since: 19th Dec 2007
System Score: N/A
Location: N/A
Last edited on 12th Aug, 2010 16:34

Hello Chris ,

If Emil's suggestions do not work for you , then if you click on the Microsoft Visual C++ .... link at the top right of this page , just above the heading to your thread you will find all the other threads dealing with your topic .

It may not be so simple as asking Emil to change the detection rules . You will need to browse trough to find an example which corresponds to your situation and the required response/solution (?) .

After perusal ,If you are sure it is a simple rule problem , come back here .

Take care

Anthony

--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+0
-0

This thread has been marked as locked.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


 
© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability - Disclaimer