Is Microsoft Visual C++ required for BigFix version 9.5.5?

iamshelly 2023-05-15 03:05:41 UTC #1

On our BigFix Root server, Visual C++ is installed and has a critical vulnerability, but the patch is currently unavailable in the console.

Can you help me on the following:

a. Where can we find this patch in BigFix console?

b. Is it possible to uninstall the Visual C++ 2010 component from the BigFix Root Server+MS SQL Database Server and the BigFix Web Report Server+BigFix Compliance Server without impacting the functioning of the BigFix services?

c. Is it possible to manually install the VC_redist.x64.exe, downloaded from https://learn.microsoft.com/en-us/cpp/windows/latest-supported-vc-redist?view=msvc-170, on the BigFix Root Server+MS SQL Database Server and the BigFix Web Report Server+BigFix Compliance Server?

Thank you in advance!

JasonWalker 2023-05-15 03:18:56 UTC #2

I wanted to verify that version - BigFix 9.5.5 ? That’s quite an old version.

You’d also need to consider SQL Server’s dependencies, and I don’t see which version of SQL you’re running.

You likely cannot uninstall VC++ 2010 without breaking functionality.

You can likely download and install the latest patch of Visual C++ 2010 runtime, but you’ll need to stick to 2010 for either the SQL Server or BigFix itself.

I’d also strongly suggest planning to upgrade your BigFix installation to a current supported version as well. There are many more vulnerabilities besides the VC++ runtime to worry about.

I’ll check at the office tomorrow, I expect we had Fixlets for Visual C++ 2010 but they might have been removed - the runtime has been unsupported by Microsoft for almost three years now.