none
Security Update KB2467174 kills Windows 2000 compatibility of mfc90.dll RRS feed

  • Question

  • Hi,

    after installation of this new security update for Visual C++ 2008 SP1 Redistributable Package:

    http://support.microsoft.com/kb/2467174

    mfc90.dll can no longer be loaded on Windows 2000, because the new version depends on kernel32.dll exporting FindActCtxSectionStringA, which was introduced with Windows XP.

    Will this be fixed?

    Wednesday, April 13, 2011 11:00 AM

Answers

  • MS11-025 has been pulled for Win2000:

    <QP>
    Why was this bulletin rereleased on April 21, 2011?
    Microsoft rereleased this bulletin to reoffer the updates to address a known issue in which the updates were erroneously offered to Microsoft Windows 2000 systems, which are no longer in support. This is a detection change only...
    </QP>
    Source: http://www.microsoft.com/technet/security/bulletin/ms11-025.mspx


    ~Robear Dyer (PA Bear) ~ MS MVP (IE, Mail, Security, Windows & Update Services) since 2002 ~ Disclaimer: MS MVPs neither represent nor work for Microsoft
    • Marked as answer by psc161 Tuesday, April 26, 2011 10:01 AM
    Friday, April 22, 2011 2:01 PM
  • <QP>
    V3.0 (June 14, 2011): Reoffered the update for Microsoft Visual Studio 2005 Service Pack 1, Microsoft Visual Studio 2008 Service Pack 1, Microsoft Visual Studio 2010, Microsoft Visual C++ 2005 Service Pack 1 Redistributable Package, and Microsoft Visual C++ 2008 Service Pack 1 Redistributable Package. Customers who have previously installed this update should install the new packages on the affected systems.
    </QP>
    Source: http://www.microsoft.com/technet/security/bulletin/MS11-025.mspx (Revisions section, bottom of page)
    ~Robear Dyer (PA Bear) ~ MS MVP (IE, Mail, Security, Windows & Update Services) since 2002 ~ Disclaimer: MS MVPs neither represent nor work for Microsoft
    • Marked as answer by psc161 Wednesday, June 22, 2011 9:20 AM
    Tuesday, June 21, 2011 3:51 PM

All replies

  • Hmmm. As you can read in the new VCREDIST_x86 W2K isn't listed here.
    http://www.microsoft.com/downloads/en/details.aspx?familyid=05ce856d-8128-408b-96fa-5e1f57b097d8&displaylang=en

    Strange!
     From my point of view now, you cannot use this files from this security fix to ship them on a W2K system.

    I just contacted the product group about this...


    Martin Richter -- MVP for VC++ [Germany] -- http://blog.m-ri.de
    Wednesday, April 13, 2011 12:03 PM
    Moderator
  • Well, why is it then automatically installed by Windows Update?
    Wednesday, April 13, 2011 12:19 PM
  • Well, why is it then automatically installed by Windows Update?

    On Windows 2000?
    Uhhh... this is a bug for sure!


    Martin Richter -- MVP for VC++ [Germany] -- http://blog.m-ri.de
    Wednesday, April 13, 2011 12:21 PM
    Moderator
  • This appears to have disabled all of our clients on Windows 2000. Wonderful.
    Adzm
    Wednesday, April 13, 2011 1:14 PM
  • I just contacted MS via the C++ product group and via another channel for us MVPs.

    There is nothing more I can do.
    I am sorry for that, and I can feel with you imaging that my companies support get called with:
    "Your application is not running any longer! I did nothing! It worked yesterday and now it is broken..."

    I am so happy that we stopped support for W2K long time ago. But this didn't help you. Again I am sorry!


    Martin Richter -- MVP for VC++ [Germany] -- http://blog.m-ri.de
    Wednesday, April 13, 2011 1:20 PM
    Moderator
  • As a workaround you can place the old mfc90.dll in the application path so it can load instead.

    This may be a blessing in disguise so we have a reason to start dropping support for Windows 2000 without taking all the blame!


    Adzm
    Wednesday, April 13, 2011 1:37 PM
  • Hi guys, I'm Diego Dagum from the Visual C++. We are looking into options to resolve this now.
    Best Regards, Diegum
    Wednesday, April 13, 2011 4:52 PM
  • I don't have a confirmation now, but it seams that they removed the files from the MS download section.
    http://www.microsoft.com/downloads/en/details.aspx?familyid=4149f21c-37f7-4516-83e1-d70c738d612b&displaylang=en
    It shows again the one from November 2010.

    And I have to ad the information that also VS-2005 is effected!
    Same problem in the runtimes.


    Martin Richter -- MVP for VC++ [Germany] -- http://blog.m-ri.de
    Wednesday, April 13, 2011 7:12 PM
    Moderator
  • I'm encountering this same issue on a mission critical production machine. If anyone resolves it, please post the answer here.
    Thursday, April 14, 2011 3:21 PM
  • You may try to deinstall this update and install an older version, for example:

    http://www.microsoft.com/downloads/en/details.aspx?FamilyID=2051a0c1-c9b5-4b0a-a8f5-770a549fd78c

    • Proposed as answer by a141695 Thursday, April 14, 2011 7:32 PM
    Thursday, April 14, 2011 3:26 PM
  • Visual C++ 2008 wasn't installed on this machine, only 2005. I've tried uninstalling the problem patch, the service pack and the main redistributable and then reinstalled. No success.
    Thursday, April 14, 2011 3:38 PM
  • We've resolved our issue. We retrieved an mfc80.dll from an unpatched Windows 7 23-bit machine and dropped it into %WINDOWS%\system32. (We backed up the one that was in there first for safety's sake.)
    Thursday, April 14, 2011 4:14 PM
  • Thank you for this post everyone! We performed the following and problem was resolved (no reboots required)

    Removed KB2467174

    Installed Microsoft Visual C++ 2008 Service Pack 1 Redistributable Package ATL Security Update (vcrdist_x86.exe) downloaded from this post the following link provided in this post:

     

    http://www.microsoft.com/downloads/en/details.aspx?FamilyID=2051a0c1-c9b5-4b0a-a8f5-770a549fd78c

     

     

    • Proposed as answer by deavy Thursday, April 14, 2011 8:49 PM
    Thursday, April 14, 2011 8:48 PM
  • But you will probably have to turn off Automatic Windows Updates or otherwise the KB2467174 update will install itself again?!
    Friday, April 15, 2011 6:43 AM
  • But you will probably have to turn off Automatic Windows Updates or otherwise the KB2467174 update will install itself again?!

    No. You can disable this Update.


    Martin Richter -- MVP for VC++ [Germany] -- http://blog.m-ri.de
    Friday, April 15, 2011 7:53 AM
    Moderator
  • But you will probably have to turn off Automatic Windows Updates or otherwise the KB2467174 update will install itself again?!

    No. You can disable this Update.


    Martin Richter -- MVP for VC++ [Germany] -- http://blog.m-ri.de
    Any updates on this on how to fix this? Where can we download whatever to fix this problem? :(
    Ant @ Ant's Quality Foraged Links (http://aqfl.net) and The Ant Farm (http://antfarm.ma.cx).
    Tuesday, April 19, 2011 6:44 PM
  • I have a German article hot to fix the problem.
    Sorry but I didn't had time to translate it up to now.

    Using google translate should help you.
    It is easy.

    http://blog.m-ri.de/index.php/2011/04/14/workaround-fur-patchday-bug-vom-12-04-2011-wenn-unter-windows-2000-der-einsprungpunkt-findactctxsectionstringa-nicht-gefunden-wird/


    Martin Richter -- MVP for VC++ [Germany] -- http://blog.m-ri.de
    Tuesday, April 19, 2011 7:19 PM
    Moderator
  • The problem comes from the appcore.cpp file line 74 that uses the FindActCtxSectionString function in static mode, for my the the solution is use this function in dynamics because this function is not on all OS.

    If you change this code, how can you make a compilation with the hotfix?
    Wednesday, April 20, 2011 8:06 AM
  • The problem comes from the appcore.cpp file line 74 that uses the FindActCtxSectionString function in static mode, for my the the solution is use this function in dynamics because this function is not on all OS.

    If you change this code, how can you make a compilation with the hotfix?

    If you look into my blog you can see that I know every detail about the problem.

    You cannot fix it by yourself. VS-2008 has no longer makefiles available to create a private build of the MFC.

    Uninstall the VS security fix. Use the last one!
    Wait until MS fixes the problem.


    Martin Richter -- MVP for VC++ [Germany] -- http://blog.m-ri.de
    Wednesday, April 20, 2011 9:07 AM
    Moderator
  • I have tried to uninstall the patch from add / remove programs but I am then getting an "MSIEXEC.EXE" programme error, meaning I can not use add / remove programmes to uninstall the patch!!! I appear to be stuck with it (for the time being)

    I have an NTFS Driver for Dgood old fashioned DOS, so that I can get at the Windows subdirectories from a dos boot disk and if necessary access the CD to copy across any files to manually roll back to a pre-bad-patched state. The thing is: Can anyone tell me what files I need to remove and from which sub directories? And does anyone actually have working files to replace the affected files with? I have tried everything I can think of to resolve this. I have replaced Kernel32.dll with an older version which I have found on the hard disk - but if I do that then the machine won't boot - it just blue screens momentarily on loading then rolls over (even in "safe mode").

    Because the machinewon't let me unistall (due to the error above), I am desperate for a list of what files were replaced and where they were on the hard disk.... And whether someone can give me copies of the pre-affected files and I will do this manually.

    I can not practicably use the machine, my beloved Outlook Express (as supplied with the OS) doesn't work - and I don't just want to do a format & reload because I have loads of accumulated stuff on the machine.

    I just can not believe it when I think that it's actually Micro$oft that have done this.

    Help, please! Anyone !!!

    Friday, April 22, 2011 1:01 AM
  • MS11-025 has been pulled for Win2000:

    <QP>
    Why was this bulletin rereleased on April 21, 2011?
    Microsoft rereleased this bulletin to reoffer the updates to address a known issue in which the updates were erroneously offered to Microsoft Windows 2000 systems, which are no longer in support. This is a detection change only...
    </QP>
    Source: http://www.microsoft.com/technet/security/bulletin/ms11-025.mspx


    ~Robear Dyer (PA Bear) ~ MS MVP (IE, Mail, Security, Windows & Update Services) since 2002 ~ Disclaimer: MS MVPs neither represent nor work for Microsoft
    • Marked as answer by psc161 Tuesday, April 26, 2011 10:01 AM
    Friday, April 22, 2011 2:01 PM
  • Microsoft has re-released this security update yesterday: http://support.microsoft.com/kb/2538243 Will this new version again break Windows 2000 compatibility?
    Wednesday, June 15, 2011 7:19 AM
  • <QP>
    V3.0 (June 14, 2011): Reoffered the update for Microsoft Visual Studio 2005 Service Pack 1, Microsoft Visual Studio 2008 Service Pack 1, Microsoft Visual Studio 2010, Microsoft Visual C++ 2005 Service Pack 1 Redistributable Package, and Microsoft Visual C++ 2008 Service Pack 1 Redistributable Package. Customers who have previously installed this update should install the new packages on the affected systems.
    </QP>
    Source: http://www.microsoft.com/technet/security/bulletin/MS11-025.mspx (Revisions section, bottom of page)
    ~Robear Dyer (PA Bear) ~ MS MVP (IE, Mail, Security, Windows & Update Services) since 2002 ~ Disclaimer: MS MVPs neither represent nor work for Microsoft
    • Marked as answer by psc161 Wednesday, June 22, 2011 9:20 AM
    Tuesday, June 21, 2011 3:51 PM
  • asp.net msdn help center
    Tuesday, July 12, 2011 8:37 AM
  • I think

    Its Microsoft Functionality………….

    Use Always Original Windows………….. 

    Wednesday, July 13, 2011 12:53 PM