Was Microsoft Visual C++ 2010 SP1 Update KB2565063 forgotten in WSUS?

Windows Update[German]A brief question for the administrators among the blog readers who manage updates with WSUS. Has the current version of the update KB2565063 (Microsoft Visual C++ 2010 SP1 Redistributable Package) been deployed on WSUS? Or did Microsoft simply forget about it or does not roll out security updates anymore?

Visual C++ 2010 SP1 Update KB2565063

Update KB2565063 is the updated version of the Microsoft Visual C++ 2010 SP1 Redistributable Package. It is needed to run applications created with Visual Studio 2010 in Visual C++ on Windows. A security issue has recently been identified. This leads to a security vulnerability in MFC applications that were created with Visual Studio 2010 and contain the Microsoft Visual C++ 2010 Service Pack 1 Redistributable Package.

Microsoft has therefore released the Microsoft Visual C++ 2010 Service Pack 1 Redistributable Package MFC Security Update (Update KB2565063) on May 12, 2021. The package can be downloaded here

Visual C++ 2010 SP1 Update KB2565063

And this makes things a bit opaque, because in the Microsoft Update Catalog there is only the April 4, 2012 version, which causes problems.   

Feedback from a WSUS administrator

Blog reader Markus K. emailed me with the following note about the problem (thanks for that).

I forward the following mail, because we noticed the thing because of software we have to use, but also only when the software could not be installed anymore, because a corresponding vclib was not available.

Markus refers to a discussion in the patchmanagement.org mailing list where an administrator raises the whole thing in the following comment.

Hi all,
maybe someone can enlighten me:

  • WSUS Server 2019 has KB2565063 which was released March 2012 which seems a bit old.
  • My search finds the MS-page with a pretty new publishing date (5/12/2021).

Looks to me like the package gets updated on the Website but not on WSUS which leaves me with a big question-mark over my head how to get this mess sorted out. How do I stay patched?

Markus K. wrote:

The corresponding C++ KB2565063 is of course released on WSUS, which is why I didn't think anything bad about it.

Can it really be that Microsoft forgot the stuff at WSUS (I honestly didn't check against WindowsUpdate (MS-Update)), or have I successfully overlooked so far that the deployment of the patches at WSUS have been stopped?

I'm just putting this out there now since I don't know the answer. Since the update in the Microsoft Update Catalog is also an ancient version, I assume that Microsoft simply stopped distributing the update via Windows Update and WSUS. Some discussion may be found within my German blog. Does anyone know more about this?

Similar articles:
Vulnerabilities in Microsoft Visual C++ Runtime

This entry was posted in Security, Software, Update and tagged , , , , , . Bookmark the permalink.

3 Responses to Was Microsoft Visual C++ 2010 SP1 Update KB2565063 forgotten in WSUS?

  1. Yanta says:

    I am not seeing it in WSUS, but then I haven't seen 1809 ( for LTSC) patches in WSUS since April either -Server 2012 R2

  2. yoo says:

    KB2565063 is indeed dates 2011.
    MS re-signed the same package with SHA-256 instead of SHA-1 in May 2021.

    • guenni says:

      Within the German blog there are some comments, that the SHA-2 signing has been already made a few years before. The size of the packages are also different – and Microsoft wrote about a security issue within it's KB article. Confusion at all …

Leave a Reply

Your email address will not be published. Required fields are marked *

Note: Please note the rules for commenting on the blog (first comments and linked posts end up in moderation, I release them every few hours, I rigorously delete SEO posts/SPAM).