[German]A brief question for the administrators among the blog readers who manage updates with WSUS. Has the current version of the update KB2565063 (Microsoft Visual C++ 2010 SP1 Redistributable Package) been deployed on WSUS? Or did Microsoft simply forget about it or does not roll out security updates anymore?
Visual C++ 2010 SP1 Update KB2565063
Update KB2565063 is the updated version of the Microsoft Visual C++ 2010 SP1 Redistributable Package. It is needed to run applications created with Visual Studio 2010 in Visual C++ on Windows. A security issue has recently been identified. This leads to a security vulnerability in MFC applications that were created with Visual Studio 2010 and contain the Microsoft Visual C++ 2010 Service Pack 1 Redistributable Package.
Microsoft has therefore released the Microsoft Visual C++ 2010 Service Pack 1 Redistributable Package MFC Security Update (Update KB2565063) on May 12, 2021. The package can be downloaded here.
And this makes things a bit opaque, because in the Microsoft Update Catalog there is only the April 4, 2012 version, which causes problems.
Feedback from a WSUS administrator
Blog reader Markus K. emailed me with the following note about the problem (thanks for that).
I forward the following mail, because we noticed the thing because of software we have to use, but also only when the software could not be installed anymore, because a corresponding vclib was not available.
Markus refers to a discussion in the patchmanagement.org mailing list where an administrator raises the whole thing in the following comment.
maybe someone can enlighten me:
- WSUS Server 2019 has KB2565063 which was released March 2012 which seems a bit old.
- My search finds the MS-page with a pretty new publishing date (5/12/2021).
Looks to me like the package gets updated on the Website but not on WSUS which leaves me with a big question-mark over my head how to get this mess sorted out. How do I stay patched?
Markus K. wrote:
The corresponding C++ KB2565063 is of course released on WSUS, which is why I didn’t think anything bad about it.
Can it really be that Microsoft forgot the stuff at WSUS (I honestly didn’t check against WindowsUpdate (MS-Update)), or have I successfully overlooked so far that the deployment of the patches at WSUS have been stopped?
I’m just putting this out there now since I don’t know the answer. Since the update in the Microsoft Update Catalog is also an ancient version, I assume that Microsoft simply stopped distributing the update via Windows Update and WSUS. Some discussion may be found within my German blog. Does anyone know more about this?
Vulnerabilities in Microsoft Visual C++ Runtime
Cookies helps to fund this blog: Cookie settings