Forum Thread: Microsoft Visual C++ 2008 Redistributable Package 9.0.30729.5570

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
Programs

Relating to this vendor:
Microsoft
And, this specific program:
Microsoft Visual C++ 2008 Redistributable Package

This thread has been marked as locked.
brow416 Microsoft Visual C++ 2008 Redistributable Package 9.0.30729.5570
Member 18th Apr, 2011 17:58
Ranking: 0
Posts: 3
User Since: 19th Aug, 2009
System Score: N/A
Location: N/A
This program is appearing as needing a fix even afterrunning Windows Update for Win7.

According to this MS page, http://support.microsoft.com/kb/2467174, it appears I am up to date.

The Secunia PSI Quick Facts page says: "The version detected of Microsoft Visual C++ 2008 Redistributable Package was 9.0.30729.5570 while the latest version including one or more security fixes is ."

Notice nothing but a period is given for the latest version.

I am running 64-bit Win7. Secunia is list both the 32-bit and 64-bit versions of 9.0.30729.5570 as insecure.

Thanks, Clint

---START---

Program Name:
Microsoft Visual C++ 2008 Redistributable Package

Security State:
Insecure

Download Link:
http://update.microsoft.com/microsoftupdate/

Missing Microsoft Patches (KB numbers):
KB2467175

Instances Found:
C:\Program Files (x86)\Common Files\microsoft shared\VC\msdia90.dll, version: 9.0.30729.5570

Last System Scan (localtime):
17. Apr 2011, 22:58

Operating System:
Microsoft Windows 7,

---END---

This user no longer exists RE: Microsoft Visual C++ 2008 Redistributable Package 9.0.30729.5570
Member 19th Apr, 2011 09:48
Hi,

Have you tried walking through this item of our FAQ?
http://secunia.com/vulnerability_scanning/personal...
Was this reply relevant?
+0
-0
brow416 RE: Microsoft Visual C++ 2008 Redistributable Package 9.0.30729.5570
Member 20th Apr, 2011 01:08
Score: 0
Posts: 3
User Since: 19th Aug 2009
System Score: N/A
Location: N/A
In response to E. Petersen's reply...

--- Quote ---

Have you tried walking through this item of our FAQ?
http://secunia.com/vulnerability_scanning/personal...

--- End Quote ---

I had not gone through that part of the FAQ before starting this thread. After reading it, I don't think it addresses the problem. I'm able to establish the internet connection with Secunia, and I don't want to uninstall and reinstall Windows 7 in order to make the Secunia report go away.

I think there's something missing in the Secunia DB for this particular release of the C++ package. Otherwise, there would be a superseding version number given in this message:

"The version detected of Microsoft Visual C++ 2008 Redistributable Package was 9.0.30729.5570 while the latest version including one or more security fixes is ."

Thanks, Clint
Was this reply relevant?
+0
-0
This user no longer exists RE: Microsoft Visual C++ 2008 Redistributable Package 9.0.30729.5570
Member 20th Apr, 2011 08:46
Hi,

It seems I linked you to the wrong FAQ item. You are correct, it would not have helped. My bad.

This is what I had intended to give you: http://secunia.com/vulnerability_scanning/personal...

Try this and see if it helps. :)
Was this reply relevant?
+0
-0
brow416 RE: Microsoft Visual C++ 2008 Redistributable Package 9.0.30729.5570
Member 20th Apr, 2011 17:01
Score: 0
Posts: 3
User Since: 19th Aug 2009
System Score: N/A
Location: N/A
Hello Emil,

I didn't read this FAQ earlier, but I'd already done what it asks (for the most part). I hadn't done a full scan, but had rescanned for the individual item. As I recall, since it's an item updated by Windows Update, there was a statement that said the rescan of the individual item would indeed run a full scan.

I wanted to make sure that I had worked through the FAQ steps fully, so I ran Windows Update. Only optional updates were available. I then ran a full scan. To my surprise, running a full scan cleared up the problem for both items.

Now my question becomes this: What's the difference between rescanning the individual item and performing the full scan? I would have thought the rescan of the individual item would have detected the update properly.

Thanks for pointing me to the FAQs. You've been most helpful!

Clint
Was this reply relevant?
+0
-0
Maurice Joyce RE: Microsoft Visual C++ 2008 Redistributable Package 9.0.30729.5570
Handling Contributor 21st Apr, 2011 00:00
Score: 12325
Posts: 9,575
User Since: 4th Jan 2009
System Score: N/A
Location: UK
Clint,
The programme rescan feature that you tried does work but there can be a significant delay in "registering the update" which clearly you have experienced. This has been commented on before.

Most of the regular members of the Forum find it quicker & better to run a full rescan every time rather than use that feature.

Hope this helps.



--
Maurice

Microsoft Surface 4 Intel i7 64Bit
Windows 10 Pro version 1809 Build 17763.404
16 GB RAM
IE & Edge Only
Was this reply relevant?
+1
-0
This user no longer exists RE: Microsoft Visual C++ 2008 Redistributable Package 9.0.30729.5570
Member 22nd Apr, 2011 08:40
Hi,

There are some minor differences between full and program-only rescans.
In this case, the most important one is that occasionally Microsoft Update is not asked when only the "minor" scan is run, thus the need for the full rescan (Since when scanning Microsoft Products we do not scan the actual product but check KB numbers).

Hope this helps.
Was this reply relevant?
+0
-0
mduncan177 RE: Microsoft Visual C++ 2008 Redistributable Package 9.0.30729.5570
Member 26th Apr, 2011 18:08
Score: 1
Posts: 1
User Since: 28th Feb 2008
System Score: N/A
Location: US
I have been seeing the same problem as others. But I found a simple fix. PSI was reporting an unpatched version of the program msdia90.dll in 2 folders:

c:\Program Files\Common Files\Microsoft Shared\VC and
c:\Program Files (x86)\Common Files\Microsoft Shared\VC

By deleting the msdia90.dll file from both of these folders, I was able to get a clean result after doing a full scan.

It remains to be seen if applications using Visual C++ still work.

Regards, Mike Duncan

--
Regards, Mike
Was this reply relevant?
+1
-0
grumblingtummy RE: Microsoft Visual C++ 2008 Redistributable Package 9.0.30729.5570
Member 27th Apr, 2011 12:28
Score: 2
Posts: 10
User Since: 16th Nov 2010
System Score: N/A
Location: UK
on 26th Apr, 2011 18:08, mduncan177 wrote:
I have been seeing the same problem as others. But I found a simple fix. PSI was reporting an unpatched version of the program msdia90.dll in 2 folders:

c:\Program Files\Common Files\Microsoft Shared\VC and
c:\Program Files (x86)\Common Files\Microsoft Shared\VC

By deleting the msdia90.dll file from both of these folders, I was able to get a clean result after doing a full scan.

It remains to be seen if applications using Visual C++ still work.

Regards, Mike Duncan


Seeing the same issue with PSI detecting an up to date version of msdia90.dll in the c:\Program Files\Common Files\Microsoft Shared\VC folder. Looks like there is something more to this than a simple scanning issue.

Is it safe to delete the file from the c:\Program Files\Common Files\Microsoft Shared\VC folder or is this going to cause other problems?

Computer is running Win XP Pro x32.

Thanks.

--
Regards

John
Was this reply relevant?
+0
-0
Canon09 RE: Microsoft Visual C++ 2008 Redistributable Package 9.0.30729.5570
Member 3rd May, 2011 08:14
Score: 3
Posts: 7
User Since: 25th Aug 2010
System Score: N/A
Location: N/A
Last edited on 3rd May, 2011 08:18
I have the same problem. Running the full scan again does not clear Secunia's message.

At this path:
C:\Program Files\Common Files\microsoft shared\VC

I have these 2 files:

msdia80.dll (file date Jan. 10, 2011)
msdia90.dll (file date Jan. 11, 2011)

Secunia is saying the last file (msdia90.dll) in insecure.

Secunia is also missing something in it's warning, before the period, as stated by the original poster. The message I'm seeing says:

The version detected of Microsoft Visual C++ 2008 Redistributable Package was 9.0.30729.4148 while the latest version including one or more security fixes is .

NOTICE THERE IS A WORD MISSING BEFORE THE PERIOD.

Is it safe to delete the file "msdia90.dll"?

I'm also wondering why the last file is insecure, rather than the "msdia80.dll" file.

Edited: I cannot rescan individually for this item. The only option is a full rescan. I have restarted my computer several times before running Secunia. And I have checked again and again for Windows Updates. It says I'm current.
Was this reply relevant?
+0
-0
Canon09 RE: Microsoft Visual C++ 2008 Redistributable Package 9.0.30729.5570
Member 3rd May, 2011 08:23
Score: 3
Posts: 7
User Since: 25th Aug 2010
System Score: N/A
Location: N/A
Last edited on 3rd May, 2011 08:23
I just ran yet another Secunia full scan. Now it says Microsoft Visual C++ 2008 is OK. Problem solved here. Yippee.
Was this reply relevant?
+0
-0

This thread has been marked as locked.