Forum Thread: claimed update to vcredist vc80

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
PSI

This thread has been marked as locked.
bonta768 claimed update to vcredist vc80
Member 20th Feb, 2011 04:56
Ranking: 0
Posts: 2
User Since: 20th Feb, 2011
System Score: N/A
Location: AU
I get this message:

"Microsoft Visual C 2005 Redistributable Package (x86) (64-bit) 1 Insecure 8.0.50727.762 8.0.50727.4053 Microsoft Update
Detected Instances:
C:\Program Files\Common Files\Microsoft Shared\VC\msdia80.dll, version 8.0.50727.762

Latest Version - patching one or more vulnerabilities:
8.0.50727.4053"

And yet when I go to Microsoft Update there is no update to download. What next?

puget1 RE: claimed update to vcredist vc80
Member 20th Feb, 2011 06:29
Score:
Posts: 583
User Since: 21st Dec 2007
System Score: N/A
Location: US
Last edited on 20th Feb, 2011 07:10
Here is the update information with download: http://microsoft-visual-c-2005-atl-update.updatest...
You will either have to remove the old exe/dill or label it old.

Here is additional information:http://find.searchassist.com/landing.jsf?p=cnksver...

This is actually a very old update back in 2009. May I ask what browser you are running and what O.S.?

--
Windows 10 64bit

There is No magic bullet in computing; only work a rounds.
















Was this reply relevant?
+1
-0
Maurice Joyce RE: claimed update to vcredist vc80
Handling Contributor 20th Feb, 2011 10:40
Score: 12086
Posts: 9,372
User Since: 4th Jan 2009
System Score: N/A
Location: UK
Last edited on 20th Feb, 2011 10:45
Navigate to here:

C:\Program Files\Common Files\Microsoft Shared\VC\msdia80.dll.

Can U also see MSDIA90.DLL?

If so right click on MSDIA80.DLL & rename it MSDIA80.DLL_OLD

Complete a full PSI rescan & all will be in order.

--
Maurice

Microsoft Surface 4 Intel i7 64Bit
Windows 10 Pro version 1607
16 GB RAM
IE & Edge Only
Was this reply relevant?
+1
-0
bonta768 RE: claimed update to vcredist vc80
Member 20th Feb, 2011 20:21
Score: 0
Posts: 2
User Since: 20th Feb 2011
System Score: N/A
Location: AU
I am running Windows 7 Professional 64bit, and the latest Chrome browser. It would make a bit more sense if it was a 'left over'. Ill check that.
Was this reply relevant?
+0
-0
ddmarshall RE: claimed update to vcredist vc80
Dedicated Contributor 20th Feb, 2011 21:38
Score: 1250
Posts: 992
User Since: 8th Nov 2008
System Score: 98%
Location: UK
Downloading and running vcredist_x64.exe from http://www.microsoft.com/downloads/en/details.aspx... sometimes fixes this problem.
But there is no actual vulnerability if all MS updates are applied.

--
Was this reply relevant?
+0
-0
puget1 RE: claimed update to vcredist vc80
Member 20th Feb, 2011 23:19
Score:
Posts: 583
User Since: 21st Dec 2007
System Score: N/A
Location: US
Last edited on 20th Feb, 2011 23:28
Having no vulnerabilities, if all updates are applied is sort of what I understood. ddmarshall is correct. So, if you can match your KB's to the MS bulletin MS09-035 you should be o.k.. I assume that it is PSI that is advising you of this insecurity? If so, then you can believe that the vulnerability does exist. Pay close attention to thisAdditional Information
Please see the Knowledge Base Articles KB973544 for more information.
Top of page
Related Resources

*
Knowledge Base Article 973544

What Others Are Downloading

*
Microsoft Visual C++ 2005 SP1 Redistributable Package (x86)
*
Microsoft Visual C++ 2005 Redistributable Package (x86)
*
Microsoft Visual C++ 2010 Redistributable Package (x86)
*
Microsoft Visual C++ 2008 SP1 Redistributable Package (x86)
*
Microsoft Visual C++ 2008 Redistributable Package (x86)

Related Downloads

*
Visual Studio .NET 2003 Service Pack 1 ATL Security Update
*
Visual Studio 2008 ATL Security Update
*
Visual Studio 2008 Service Pack 1 ATL Security Update



--
Windows 10 64bit

There is No magic bullet in computing; only work a rounds.
















Was this reply relevant?
+1
-0
ddmarshall RE: claimed update to vcredist vc80
Dedicated Contributor 20th Feb, 2011 23:50
Score: 1250
Posts: 992
User Since: 8th Nov 2008
System Score: 98%
Location: UK
Here's a quote from the security bulletin:

The full versions of the fixed Visual C++ 2005 and 2008 redistributable packages (KB973544, KB973551, and KB973552) are listed on the Microsoft Download Center only as these are full new versions of the products. The updates listed on SMS, SCCM, WSUS, and MU (KB973923, KB9739234) are updates only for customers who have previously installed vulnerable versions of the Visual C++ redistributable packages. These updates are not the versions on the download center. Microsoft does not recommend customers redistribute any version other than the full versions that can be downloaded from the Microsoft Download Center (KB973544, KB973551, and KB973552).

My interpretation of this is that you needn't bother downloading the full redistributable unless you intend to redistribute it again yourself.

Anybody with time to spare can read a lot more of Microsoft's impenetrable prose here http://www.microsoft.com/technet/security/bulletin...

--
Was this reply relevant?
+1
-0
puget1 RE: claimed update to vcredist vc80
Member 21st Feb, 2011 19:23
Score:
Posts: 583
User Since: 21st Dec 2007
System Score: N/A
Location: US
Last edited on 21st Feb, 2011 19:38
Here is a little something that may help in ruling out possible downloads. It is from Maurice Joyce. It may also trigger MS to analyze your system and help auto-update:http://technet.microsoft.com/en-us/security/cc1849...

--
Windows 10 64bit

There is No magic bullet in computing; only work a rounds.
















Was this reply relevant?
+0
-0

This thread has been marked as locked.