Greetings, I’m Raman Sharma, Program Manager with the Visual C++ team.

 

As part of the April Security Bulletin Release, Microsoft released security bulletin MS11-025. Since then, we became aware of some issues with this bulletin that impact some users on Windows 2000 and a subset of developers using Visual C++. Our team has identified the cause of these issues and is currently testing the fix. The update will be publicly available once testing is complete, and we will update this blog. As customer protection is a top priority for Microsoft, we are providing some workarounds for the impacted customers.


 

MFC applications running on Windows 2000

Issue

We discovered that the redistributable packages for Visual Studio 2005 and Visual Studio 2008 were propagated through Microsoft Update to Windows 2000, which is no longer a supported platform.

Developers who use Visual Studio 2005 and Visual Studio 2008 to produce applications for use on Windows 2000 machines are expected to distribute the appropriate redistributable package themselves. As a result of this automatic update, some applications dynamically linking to the MFC libraries on Windows 2000 were broken, as the updated MFC binaries happened to use an API unsupported on Windows 2000.

As soon as we became aware of this issue, we stopped automatically offering these updates on Windows 2000. We believe the exposure is fairly limited as this impacts only those applications that are dynamically linked to MFC.

 

Workaround

  • For those Windows 2000 users who were impacted, the process to remove the updates is as follows:

Windows 2000 users with “Microsoft Visual C++ 2005 Service Pack 1 Redistributable Package”

To recover a machine:

  1. Uninstall the “Microsoft Visual C++ 2005 Service Pack 1 Redistributable” from Add/Remove Programs.

  2. Install the “Microsoft Visual C++ 2005 Service Pack 1 Redistributable” from:
    http://www.microsoft.com/downloads/en/details.aspx?familyid=766a6af7-ec73-40ff-b072-9112bab119c2&displaylang=en

 

Windows 2000 users with “Microsoft Visual C++ 2008 Service Pack 1 Redistributable Package”

To recover a machine:

  1. Uninstall the “Microsoft Visual C++ 2008 Service Pack 1 Redistributable” from Add/Remove Programs.
  2. If you are on Windows 2000:
    1. Install the “Microsoft Visual C++ 2008 Service Pack 1 Redistributable Package” from:
      http://www.microsoft.com/downloads/en/details.aspx?familyid=2051a0c1-c9b5-4b0a-a8f5-770a549fd78c&displaylang=en
    2. If you rely on any of the following KBs, re-install the “Microsoft Visual C++ 2008 Service Pack 1 Redistributable Package” that came with these KBs:
      KB974479, KB979335, KB980848, KB982062, KB982107, KB982637, KB2435853, KB2465361, KB2495003

 

  • For developers the problem is slightly more complex. Visual Studio had specific updates that make the above changes to the files used to create applications so any application built on a machine, whether statically or dynamically linked will exhibit the problem. If you are currently building applications that you expect to deploy to Windows 2000 machines then you will need to do the following:

 

Developers with Visual Studio 2005

To recover a developer machine that has KB2465367 (Visual Studio 2005):

  1. Go to the Add/Remove Programs
  2. Make sure ‘Show Updates’ is checked.

  3. Under the “Visual Studio 2005” product node, there should be a KB2465367 entry. Select and uninstall.

 

Developers with Visual Studio 2008

To recover a developer machine that has KB2465361 (Visual Studio 2008):

  1. Go to the Add/Remove Programs
  2. Make sure ‘Show Updates’ is checked.
  3. Under the “Visual Studio 2008” product node, there should be a KB2465361 entry. Select and uninstall.
  4. Uninstall “Microsoft Visual C++ Runtimes for x86
  5. Uninstall “Microsoft Visual C++ Runtimes for x64


 

Visual Studio 2010 RTM with Windows SDK

Issue

If you have Visual Studio 2010 RTM and Windows SDK 7.1 installed on an x64 machine, then the Visual Studio 2010 update (KB2455033) fails to install on your machine.

 

Workaround

The workaround for this issue:

  1. Go to Add/Remove Programs and uninstall the package “Microsoft Visual C++ compilers 2010 Standard – enu – x64
  2. Try installing KB2455033 again.


 

Please note that the above workaround will not actually remove the compiler bits from your machine and you should still be able to use the x64 compilers. The workaround just addresses some incorrect definitions in the patch.

We hope to release the permanent fix for these issues soon. In the meantime, customers who follow the guidance above should not be affected.

If you have any questions please let us know.

 

 

Thank you,

Raman Sharma
Microsoft Visual C++ Team