We just realized we are not able to push this out using BigFix. The fixlet states: “Note: Due to the complexity of this patch, it must be completed manually”.
I dunno, seems kinda funny. I just applied the patch manually to a test system and all it took was this:
“ReportViewer.exe” /q
“VS90-KB952241-x86.exe” /q /norestart
Looks like the only prereq is .net 3.5 and installer 3.
Now upper manangement is asking why our patch management solution can’t patch our environment. We are created a custom fixlet, but this seems like a big omission by BigFix. If MS can patch it via windows update, BigFix should be able to do it as well.
There are 54 Fixlets for all different applications associated with this bulletin. It looks like only the Visual Studio Fixlets can’t be installed. I will check with the Fixlet team, but usually this means that there is a significant problem with patch deployment that can cause problems.
I am also intrigued that the Visual Studio Patches are rated as a “Security Rating” of “None”…
From what I understand, the vulnerability does not lie in Visual Studio itself, but the applications that it creates. From the
Security Bulletin
FAQ:
Customers are potentially at risk if third party applications do not follow the recommended best practices and instead redistribute an old version of gdiplus.dll with their application.
BigFix tested this Fixlet several times and found that in almost all cases it failed with a “Hotfix Installer Error,” indicating to us that the patch was not reliable and should not be able to be deployed through our published content. However, you are welcome to attempt to deploy the patch through a Fixlet, just please be aware that you do so at your own risk. I’ve uploaded a Fixlet with action included
here
. Please let us know if you have any other questions.