• Security issue: vulnerable shared Visual C++ code is not automatically removed

    Home » Forums » Cyber Security Information and Advisories » Code Red – Security/Privacy advisories » Security issue: vulnerable shared Visual C++ code is not automatically removed

    Author
    Topic
    #154002

    This is a security problem that could affect the many programs that are built with Microsoft’s Visual C++: The problem with C++ Redists & 3rd Party security patches (part 1 of 3).

    Background info: From Microsoft Visual C++ Redistributable information:

    “TL;DR

    1. Visual C++ Redistributable files get installed when you install a program that requires them, when you install or update Windows, or when you install them directly.
    2. They are used by programmers who use standard libraries in Visual Studio.
    3. Programs require specific versions, and may not run when these versions are removed (if older or newer versions of the same year are still available).”

    Viewing 4 reply threads
    Author
    Replies
    • #154006

      I haven’t yet tried the program recommended in part 3.

    • #154014
      3 users thanked author for this post.
    • #172440

      Does anyone have personal experience with this issue?

    • #212405

      Unfortunately the initial post isn’t the end – see:

      Vulnerabilities in Microsoft Visual C++ Runtime

      I don’t know, what’s going on at Microsoft.

       

      Ex Microsoft Windows (Insider) MVP, Microsoft Answers Community Moderator, Blogger, Book author

      https://www.borncity.com/win/

      1 user thanked author for this post.
    • #212421

      Any version of Windows, all versions, none of the above?

      Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

      MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
      Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
      macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

      • #212574

        At least most versions of VC redistributable (all versions) für all Windows versions

        Ex Microsoft Windows (Insider) MVP, Microsoft Answers Community Moderator, Blogger, Book author

        https://www.borncity.com/win/

        1 user thanked author for this post.
        • #212576

          gborn: Well, thanks. This cannot be good…

          The excerpt above also shows that the installer depends on a bunch of DLLs. These DLLs are not considered as ‘known DLLs’ by Windows. This means: During installation, malware could replace these files in the directory with the installation files and latch into the installation.

          MrBrian #154002 has commented on this. Still, I wonder if this particular Visual C++ compiler/environment is used for more than what he has already listed. Things like being used in often run existing applications, or if it is even part and parcel of the OS software that runs the computers. Because it is my understanding that C++ (with no “V” attached?) is definitely all of that.

           

          Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

          MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
          Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
          macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

    Viewing 4 reply threads
    Reply To: Security issue: vulnerable shared Visual C++ code is not automatically removed

    You can use BBCodes to format your content.
    Your account can't use all available BBCodes, they will be stripped before saving.

    Your information: