Forum Thread: Microsoft Visual C++ Redistributable Package (x86) (64-bit)

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:

This thread has been marked as locked.
ColdWind Microsoft Visual C++ Redistributable Package (x86) (64-bit)
Member 25th Feb, 2011 01:37
Ranking: 0
Posts: 2
User Since: 25th Feb, 2011
System Score: N/A
Location: CA
I just set up a Laptop for a Customer.
Windows 7 Home Premium 64 bit.
Installed Windows 7 SP1.
Installed Office 2003.
Installed Office 2003 SP3.
Installed (23) Updates for Office 2003.
Installed approximately 14 More updates for Windows.

Installed Secunia PSI.
Results: 99%

It's showing an entry for:
"Microsoft Visual C++ Redistributable Package (x86) (64-bit)"
{how could a file be both (x86) and 64 bit?}
is Version 8.0.50727.762
and that it should be Version 8.0.50727.4053 (msdia80.dll)
(C:\Program Files (x86)\Common Files\microsoft shared\VC\msdia80.dll)

I check my computer (Windows 7 Professional 64 bit)
and the file version for "Microsoft Visual C++ Redistributable Package (x86)" is the same as the one on the customers Laptop (8.0.50727.762).
I check the file "msdia.dll" and version there is also (8.0.50727.762)
So I run a fresh new PSI scan on my computer and I get 100%.

What gives??

I've gone to Windows update Several times and downloaded the Package and installed, and no joy..
I've Googled the exact file name:
"Microsoft Visual C++ Redistributable Package (x86) (64-bit) 8.0.50727.4053" and got right back to Windows Updates and tried it several more times. Still no joy..
I also made sure (KB973923) was installed..
Rebooted & Re-scanned at least 5 times now..

Any Clues anyone?

I hate returning a computer to a customer and have to show them that
they're score is not 100%.

ddmarshall RE: Microsoft Visual C++ Redistributable Package (x86) (64-bit)
Dedicated Contributor 25th Feb, 2011 02:39
Score: 1250
Posts: 992
User Since: 8th Nov 2008
System Score: 98%
Location: UK
This is a recurring problem caused by PSI being overcautious. If you have KB973923 installed you are not vulnerable.

You may be able to clear it by installing the full redistributable from the download center. Links to the latest version are maintained in this article:

An explanation of why Windows Update and the Download Center differ can be found in the FAQs of the Security Bulletin

If that doesn't work, restore your 100% rating by renaming the DLL. It's only used in debugging.

Was this reply relevant?
ColdWind RE: Microsoft Visual C++ Redistributable Package (x86) (64-bit)
Member 25th Feb, 2011 03:21
Score: 0
Posts: 2
User Since: 25th Feb 2011
System Score: N/A
Location: CA
Yeah, saw another post on the subject after doing a quick Google search on the Vulnerable DLL (msdia80.dll) in these forums..

I ended up doing the following:

1st - uninstall all instances of "Microsoft Visual C++ 2005 Redistributable Packages"
2nd - Reboot Computer
3rd - Search for "msdia80.dll" > then Delete
4th - Install the two packages downloaded from Microsoft > (Link Below)

Re-scan, Lots of JOY !!

Thanks for the quick reply any way...
Was this reply relevant?

This thread has been marked as locked.