C++ Security Update general question

[desertdad]

I currently have a C++ Security Update for 2008 hidden. The question I have is do I treat C++ Security updates sort of like the .NET updates [hidden and let the app that needs them ask for the install]? Do I just go ahead and install c++ security updates as they show up? Sorry if this isn’t the right Forum. Trying to do some cleanup.

 

Win10 Pro, Dell laptop, currently on 1909 build 18363.476

[Paul T]

Can you tell us exactly what the update is – KB?

cheers, Paul

[PKCano]

The apps will let you know which version of .NET is needed if it is not installed, but the apps do not tell you if you need to update .NET.
If you have the version of .NET installed, you should install the update Rollup if it is offered by Windows Update.

The same applies to C++. If you are being offered an update (not the installer) for a version you have installed, you should install the update or uninstall that version of C++,

[mn–]

Well it’s not impossible for application installers to check for specific patches, for .NET or C++ runtime… it’s just that usually they don’t.

[PKCano]

Third party app ask you to install a update Rollup for .NET of an update (not upgrade) for C++??

C’mon! 🙂

[mn–]

Yes, seen that happen every now and then. Was a bit of a bother when one of those didn’t recognize a superseding update, too.

Some of the financial software folks are a bit … exact… in their requirements. Oh and then there was that one timezone hassle where the timezone correction was included in a patch that wasn’t approved by the application vendor…

[PKCano]

Sorry to be the skeptic, but I’d have to see something like that for myself. 🙂

[mn–]

Oh well, can’t be helped, I’m under a NDA about the last such case and the previous one was several years earlier…

[desertdad]

Here are the details about the C++ update that drove my question. The update is KB2538243.

WU offered the update to my Win10 Pro system as part of the pending list.

Microsoft Visual C++ 2008 Service Pack 1 Redistributable Package MFC Security Update.

For all supported x64-based versions of Microsoft Visual C++ 2008 SP1 Redistributable Package [says it applies to 9.0.30729.6161, which I have installed], MS support article says last updated April 2017, Windows 10 is not listed as a supported system.

I noticed this is a ‘Package’. Does this mean it will completely replace the Redistributable -x64 package I already have installed? If I get things like this in the future, should I assume a Redistributable Package is a replacement rather than an update to something in the Package and should I just go ahead and install it? The description says Security update, but it sure seems like a ‘Replace’ to me [a rookie].

There have been numerous posts about problems with either the install failing or never finishing. I chose to hide it and see if it was included in a future Feature update or Cumulative update. No joy so far.

PKCano, thanks for the perspective on Update versus Install.

Thanks for any observations/advice. I’ll put it in my personal KB.

Win10 Pro, Dell laptop, currently on 1909 build 18363.476

[DrBonzo]

I was offered the same update on 11/28. On 11/27 I installed some Epson printer software. I noticed that Microsoft Visual 2008 C++ Redistributable – x86 9.0 30729.17 had also been installed on 11/27, although I did not install it. Is that a coincidence? I’m wondering if you (desertdad) installed some software recently that caused C++ to also be installed?

I’m not running Win 10, but rather Win 7 Pro SP1, x 64.

[Paul T]

That’s a 2012 update so DrBonzo’s suggestion about a recent install seems appropriate.

cheers, Paul

[desertdad]

Forensics, confusion and conclusion: I ended up doing the install of the update I got from the MUC. The date of the library already on my machine was 11/18/19 because that was the date of the in-place repair I did on Nov 18. The C++ update [repair] finished ok and ended with a recommendation to install the latest update for the 2008 library. The popup gave me a link to a MS Support site for the Visual C++ libraries including 2008 library in question. That site had a download for the latest [and ‘last’ since the 2008 version lost support in 2008] security update to the last pkg. Well, that download and install was the same one from KB2538243. I did what they recommended and installed what purports to be the ‘last’ update to the ‘last’ 2008 library.

Result: The C++ library shows up with a Dec 1 2019 install date on my laptop. I’m still at 9.0.30729.6161 which is where I as on Nov 18. I’m assuming that is as good as it is going to get. I’m going to stop futzing with this one. I’m easily confused.

Quirk: KB2538243 does not show up as ever being installed, is not listed as installed in the Settings list of installed updates, is not listed as a candidate for uninstall in the Uninstall Updates list. It does still show up as a hidden update [say what?] in WUSHOWHIDE.

I give up. I assume that 2008 C++ library is good and has the update applied, since I installed it using a MS download. I’m just going to ignore the ‘hidden’ update.

Thanks for your time and advice,

Dick

 

Win10 Pro, Dell laptop, currently on 1909 build 18363.476

[Author]

Posts