|Websafe||MS Visual C++ 2005 Redistr. Package vulnerable?|
|17th Dec, 2010 20:34|
User Since: 24th May, 2009
System Score: 100%
Just did a full PSI scan (PSI 22.214.171.12401) and under “scan results” Microsoft Visual C++ 2005 Redistributable Package (x86) shows as insecure.
Under “install solution” PSI shows: “Microsoft Update”. However Microsoft Update only gave me an update for Silverlight.
Double clicking brings me to the quick facts which tells me version 8.0.50727.762 is installed and version 8.0.50727.4053 should be installed.
The installation path: C:\Program Files\Common Files\Microsoft Shared\VC brings me to msdia80.dll which is (indeed) version 8.0.50727.762
As online reference PSI links to: http://secunia.com/advisories/35967/ Secunia Advisory SA35967; Release Date 2009-07-28 Last Update 2010-01-12.
In this advisory is also a link to a Microsoft Bulletin Published: July 28, 2009 | Updated: January 12, 2010 link: http://www.microsoft.com/technet/security/Bulletin...
The date of this vulnerability gives me the impression the PSI should have alerted me much earlier (which it didn't) if this is a real vulnerability. In other words I think this is a false-positive.
Anyone else having this issue or someone an idea what this “vulnerability” means?
Have a nice weekend,
|ddmarshall||RE: MS Visual C++ 2005 Redistr. Package vulnerable?|
|17th Dec, 2010 22:08|
User Since: 8th Nov 2008
System Score: 98%
|There was a lot of traffic earlier in the year with a similar problem in the 2008 version. I can't remember 2005 coming up then so I don't know why you've suddenly been notified.
The solution is to install the full version from the Download Center
You won't get that through Windows Update. Microsoft provided an update back in 2009 which didn't replace the whole thing, but as far as I know fixes the vulnerability. You need to do the whole thing to stop PSI bugging you.
This answer is provided “as-is.” You bear the risk of using it.
|Websafe||RE: MS Visual C++ 2005 Redistr. Package vulnerable?|
|18th Dec, 2010 00:02|
User Since: 24th May 2009
System Score: 100%
Thanks for your reply. The download you linked to (Microsoft Visual C++ 2005 Service Pack 1 Redistributable) is already on my hard-disk. De-installed from add/remove program and did a new install of this Service Pack 1.
With success! PSI now shows the MS Visual C++ 2005 Redistr. Package as secure.
Also checked the path: C:\Program Files\Common Files\Microsoft Shared\VC where msdia80.dll now shows up as version 8.0.50727.4053
In fact the PSI was right. Don't understand why I had an outdated version on my machine.
Anyway, many thanks for helping me,