Symantec helps consumers and organizations secure and manage their information-driven world. Our software and services protect against more risks at more points, more completely and efficiently, enabling confidence wherever information is used or stored. Belerc Advisor keeps telling me that Q2538243 update is missing, while the Microsoft update website says I'm up to date. The 'details' link says that code refers to MS11-025: Description of the. Bulletin ID MS11-025 Title Vulnerability in Microsoft Foundation Class (MFC) Library Could Allow Remote Code Execution (2500212) Summary This security update resolves a publicly disclosed vulnerability in certain applications built using the Microsoft Foundation Class (MFC) Library. Knowledgebase List of Patches S.No Patch Name Severity 1 Important 2 Important 3 Important 4 Important 5 Important 6 Important 7 Important 8 Important 9 Important 10 Important 11 Important 12 Important Disclaimer: This webpage is intended to provide you information about patch announcement for certain specific software products. The information is provided 'As Is' without warranty of any kind. The links provided point to pages on the vendors websites. You can get more information by clicking the links to visit the relevant pages on the vendors website. A vulnerability scan revealed that several Windows 7 machines on my network needed security update MS11-025 (Visual C++ Redistributable). In my case we are: 1. WSUS is setup to synchronize Windows updates 2. None of these machines are running Visual Studio (ie only the VC++ redistributable is installed) 3. WSUS does not show any patches for the security update MS11-025 unless the Visual Studio 2008 is synchronized. Unfortunately even if Visual Studio 2008 is selected for synchronization the MS11-025 security update that WSUS imports not the one applicable to a Windows 7 only install of Visual C++. Why is this happening? What is the solution and if an update does not appear in WSUS after synchronization is it possible to manually import it and select applicable machines for install? But the VC++ redistributable can exist without Visual Studio. Yes, it can; which has absolutely nothing to do with how you get the udpate package(s) synchronized into your WSUS Server. Your list of patches specifically states that the redist is found in Visual Studio. What it says is that you must have the appropriate Visual Studio PRODUCT CATEGORY selected for synchronization in order to get those updates. I had a server 2008 R2 OS that needed the update according to Nessus and I manually confirmed that Nessus was correct. This is the patch/update. It is meant for the standalone VC++ redistributable without an installation of Visual Studio. In order to get the Microsoft Visual C++ 2008 Service Pack 1 Security Update, you must be synchronizing the Visual Studio product category that provides that security update. That product category (as noted above, in both your original post, as well as my reply) is Visual Studio 2008. This update does not synchronize in WSUS. I had to apply it manually. In fact I believe this update is not detected by the Windows Update agent because I had to apply it manually to machines that were updating directly from Mircrosoft. The WUAgent can only 'detect' updates that have been synchronized to the WSUS Server. If you have not synchronized the update, the WUAgent can't tell you squat about the need, or lack thereof, for that update (until you go to Microsoft Update) -- at which point the WUAgent now has access to ALL product categories and ALL update classifications and what you've synced (or not) to the WSUS server is totally irrelevant. Without Nessus I would not have known that this component was out of date. This is a great testimony to why an independent security vulnerability scanner should always be used: Because you cannot possibly know about missing updates if the updates aren't on the WSUS server in the first place. Lawrence Garvin, M.S., MCSA, MCITP:EA, MCDBA SolarWinds Head Geek Microsoft MVP - Software Packaging, Deployment & Servicing (2005-2014) My MVP Profile: The views expressed on this post are mine and do not necessarily reflect the views of SolarWinds. A vulnerability scan revealed that several Windows 7 machines on my network needed security update MS11-025 (Visual C++ Redistributable). There are actually FOUR packages for MS11-025 that are each applicable to four separate instances of a Visual C++ Redistributable, and any one, some, or all can be installed onto any given operating system.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
January 2019
Categories |