MS11-025 Visual C++ Update Issue
Greetings, I’m Raman Sharma, Program Manager with the Visual C++ team.
As part of the April Security Bulletin Release, Microsoft released security bulletin MS11-025. Since then, we became aware of some issues with this bulletin that impact some users on Windows 2000 and a subset of developers using Visual C++. Our team has identified the cause of these issues and is currently testing the fix. The update will be publicly available once testing is complete, and we will update this blog. As customer protection is a top priority for Microsoft, we are providing some workarounds for the impacted customers.
MFC applications running on Windows 2000
We discovered that the redistributable packages for Visual Studio 2005 and Visual Studio 2008 were propagated through Microsoft Update to Windows 2000, which is no longer a supported platform.
Developers who use Visual Studio 2005 and Visual Studio 2008 to produce applications for use on Windows 2000 machines are expected to distribute the appropriate redistributable package themselves. As a result of this automatic update, some applications dynamically linking to the MFC libraries on Windows 2000 were broken, as the updated MFC binaries happened to use an API unsupported on Windows 2000.
As soon as we became aware of this issue, we stopped automatically offering these updates on Windows 2000. We believe the exposure is fairly limited as this impacts only those applications that are dynamically linked to MFC.
Windows 2000 users with “Microsoft Visual C++ 2005 Service Pack 1 Redistributable Package”
Windows 2000 users with “Microsoft Visual C++ 2008 Service Pack 1 Redistributable Package”
Developers with Visual Studio 2005
Developers with Visual Studio 2008
Visual Studio 2010 RTM with Windows SDK
If you have Visual Studio 2010 RTM and Windows SDK 7.1 installed on an x64 machine, then the Visual Studio 2010 update (KB2455033) fails to install on your machine.
Please note that the above workaround will not actually remove the compiler bits from your machine and you should still be able to use the x64 compilers. The workaround just addresses some incorrect definitions in the patch.
We hope to release the permanent fix for these issues soon. In the meantime, customers who follow the guidance above should not be affected.
If you have any questions please let us know.
Microsoft Visual C++ Team