navigation bar left navigation bar right

Secunia CSI7
navigation left tab Advisories navigation right tab
navigation left tab Research navigation right tab
navigation left tab Forums navigation right tab
navigation left tab Create Profile navigation right tab
navigation left tab Our Commitment navigation right tab
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: claimed update to vcredist vc80

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
PSI

This thread has been marked as locked.
bonta768 claimed update to vcredist vc80
Member 20th Feb, 2011 04:56
Ranking: 0
Posts: 2
User Since: 20th Feb, 2011
System Score: N/A
Location: AU
I get this message:

"Microsoft Visual C 2005 Redistributable Package (x86) (64-bit) 1 Insecure 8.0.50727.762 8.0.50727.4053 Microsoft Update
Detected Instances:
C:\Program Files\Common Files\Microsoft Shared\VC\msdia80.dll, version 8.0.50727.762

Latest Version - patching one or more vulnerabilities:
8.0.50727.4053"

And yet when I go to Microsoft Update there is no update to download. What next?

puget1 RE: claimed update to vcredist vc80
Member 20th Feb, 2011 06:29
Score: 0
Posts: 551
User Since: 21st Dec 2007
System Score: N/A
Location: US
Last edited on 20th Feb, 2011 07:10
Here is the update information with download: http://microsoft-visual-c-2005-atl-update.updatest...
You will either have to remove the old exe/dill or label it old.

Here is additional information:http://find.searchassist.com/landing.jsf?p=cnksver...

This is actually a very old update back in 2009. May I ask what browser you are running and what O.S.?

--
Gone to Linux permanetly












Was this reply relevant?
+1
-0
Maurice Joyce RE: claimed update to vcredist vc80
Handling Contributor 20th Feb, 2011 10:40
Score: 11822
Posts: 9,071
User Since: 4th Jan 2009
System Score: N/A
Location: UK
Last edited on 20th Feb, 2011 10:45
Navigate to here:

C:\Program Files\Common Files\Microsoft Shared\VC\msdia80.dll.

Can U also see MSDIA90.DLL?

If so right click on MSDIA80.DLL & rename it MSDIA80.DLL_OLD

Complete a full PSI rescan & all will be in order.

--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 11 for Windows 7 SP1
16GB RAM
Was this reply relevant?
+1
-0
bonta768 RE: claimed update to vcredist vc80
Member 20th Feb, 2011 20:21
Score: 0
Posts: 2
User Since: 20th Feb 2011
System Score: N/A
Location: AU
I am running Windows 7 Professional 64bit, and the latest Chrome browser. It would make a bit more sense if it was a 'left over'. Ill check that.
Was this reply relevant?
+0
-0
ddmarshall RE: claimed update to vcredist vc80
Dedicated Contributor 20th Feb, 2011 21:38
Score: 1212
Posts: 968
User Since: 8th Nov 2008
System Score: 98%
Location: UK
Downloading and running vcredist_x64.exe from http://www.microsoft.com/downloads/en/details.aspx... sometimes fixes this problem.
But there is no actual vulnerability if all MS updates are applied.

--
This answer is provided “as-is.” You bear the risk of using it.
Was this reply relevant?
+0
-0
puget1 RE: claimed update to vcredist vc80
Member 20th Feb, 2011 23:19
Score: 0
Posts: 551
User Since: 21st Dec 2007
System Score: N/A
Location: US
Last edited on 20th Feb, 2011 23:28
Having no vulnerabilities, if all updates are applied is sort of what I understood. ddmarshall is correct. So, if you can match your KB's to the MS bulletin MS09-035 you should be o.k.. I assume that it is PSI that is advising you of this insecurity? If so, then you can believe that the vulnerability does exist. Pay close attention to thisAdditional Information
Please see the Knowledge Base Articles KB973544 for more information.
Top of page
Related Resources

*
Knowledge Base Article 973544

What Others Are Downloading

*
Microsoft Visual C++ 2005 SP1 Redistributable Package (x86)
*
Microsoft Visual C++ 2005 Redistributable Package (x86)
*
Microsoft Visual C++ 2010 Redistributable Package (x86)
*
Microsoft Visual C++ 2008 SP1 Redistributable Package (x86)
*
Microsoft Visual C++ 2008 Redistributable Package (x86)

Related Downloads

*
Visual Studio .NET 2003 Service Pack 1 ATL Security Update
*
Visual Studio 2008 ATL Security Update
*
Visual Studio 2008 Service Pack 1 ATL Security Update



--
Gone to Linux permanetly












Was this reply relevant?
+1
-0
ddmarshall RE: claimed update to vcredist vc80
Dedicated Contributor 20th Feb, 2011 23:50
Score: 1212
Posts: 968
User Since: 8th Nov 2008
System Score: 98%
Location: UK
Here's a quote from the security bulletin:

The full versions of the fixed Visual C++ 2005 and 2008 redistributable packages (KB973544, KB973551, and KB973552) are listed on the Microsoft Download Center only as these are full new versions of the products. The updates listed on SMS, SCCM, WSUS, and MU (KB973923, KB9739234) are updates only for customers who have previously installed vulnerable versions of the Visual C++ redistributable packages. These updates are not the versions on the download center. Microsoft does not recommend customers redistribute any version other than the full versions that can be downloaded from the Microsoft Download Center (KB973544, KB973551, and KB973552).

My interpretation of this is that you needn't bother downloading the full redistributable unless you intend to redistribute it again yourself.

Anybody with time to spare can read a lot more of Microsoft's impenetrable prose here http://www.microsoft.com/technet/security/bulletin...

--
This answer is provided “as-is.” You bear the risk of using it.
Was this reply relevant?
+1
-0
puget1 RE: claimed update to vcredist vc80
Member 21st Feb, 2011 19:23
Score: 0
Posts: 551
User Since: 21st Dec 2007
System Score: N/A
Location: US
Last edited on 21st Feb, 2011 19:38
Here is a little something that may help in ruling out possible downloads. It is from Maurice Joyce. It may also trigger MS to analyze your system and help auto-update:http://technet.microsoft.com/en-us/security/cc1849...

--
Gone to Linux permanetly












Was this reply relevant?
+0
-0

This thread has been marked as locked.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


Secunia is a member of FIRST Secunia is a member of EDUcause Secunia is a member of The Open Group Secunia is a member of FS-ISAC
 
Secunia © 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability - Disclaimer
follow Secunia on Facebook follow Secunia on Twitter follow Secunia on LinkedIn follow Secunia on YouTube follow Secunia Xing follow Secunias RSS feed follow Secunia on Google+