Security update for Microsoft Visual C++ 2008 (vcredist_x86.exe)

["Axel.Pettinger" <Axel.Pettinger () t-online de>]

Hi,

After installing Nmap's vcredist_x86.exe (v9.0.30729.17) on Windows 7 
I noticed that Windows Update wanted to install a security update:

Microsoft Visual C++ 2008 Redistributable Package (KB973924)
http://go.microsoft.com/fwlink/?LinkID=158264 redirects to

MS09-035: Description of the ATL for Smart Devices security update for 
Visual Studio 2008: August 11, 2009
http://support.microsoft.com/kb/973674

The KB article points to:
Microsoft Security Bulletin MS09-035 - Moderate
Vulnerabilities in Visual Studio Active Template Library Could Allow 
Remote Code Execution (969706)
http://www.microsoft.com/technet/security/bulletin/ms09-035.mspx

According to the security bulletin KB973924 belongs to:
Visual Studio 2008 ATL for Smart Devices Security Update
http://www.microsoft.com/downloads/details.aspx?familyid=e3bb6602-b7f4-4614-9999-77f5c6f66ccd&displaylang=en

That update is a big one, my computer only downloaded a small file:
http://download.windowsupdate.com/msdownload/update/software/secu/2009/07/atl90sp1-kb973924-x86_80b879911be205de69d7c59ea97f8169ff7b882e.exe

Maybe the vcredist_x86.exe in the Nmap 5.21 archive should be replaced 
with the latest version (v9.0.30729.4148) to avoid the notification 
about the missing security update:

Microsoft Visual C++ 2008 Service Pack 1 Redistributable Package ATL 
Security Update
http://www.microsoft.com/downloads/details.aspx?familyid=2051a0c1-c9b5-4b0a-a8f5-770a549fd78c&displaylang=en
->
http://download.microsoft.com/download/9/7/7/977B481A-7BA6-4E30-AC40-ED51EB2028F2/vcredist_x86.exe

Regards
Axel Pettinger
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/