Consider the following scenario:
- You install an update on a computer that has more than one edition or SKU of any version of Microsoft Visual Studio installed.
- The update updates shared files, and it is applied to all SKUs.
- Later, you uninstall the update for one of the editions or SKUs by using the Add or Remove Programs item in Control Panel.
In this scenario, the update is uninstalled only for the single edition or SKU. However, the shared files are rolled back. This process leaves the computer in a potentially vulnerable state.
This issue occurs because of a problem with the update uninstall wrapper.
Updates for all versions of Visual Studio have an intelligent update install wrapper. When you install an update that is potentially applicable to more than one edition or SKU of any version of Visual Studio, the update wrapper checks whether you have multiple SKUs installed on the computer at the same time. (For example, the update wrapper checks whether you have the SKUs for Visual Studio 2005 Professional Edition and Visual Studio 2005 Team Edition installed on the computer.) In this case, the update wrapper installs the update only one time. However, the update wrapper adds metadata in the Currently installed programs
list in the Add or Remove Programs
item in Control Panel to indicate that the update is separately installed for each applicable SKU. You can verify that this is the case by using the Add or Remove Programs
item in Control Panel. There, you see that the update was installed separately under each SKU for which the update is applicable.
When you later try to uninstall the update for only one SKU, the update metadata is removed for that particular SKU, and the files are rolled back to the earlier version. The files are rolled back even though they are shared across multiple SKUs. This behavior occurs because of a bug in Windows Installer. Because of this bug, Windows Installer does not keep a reference count for the number of updates that reference a single shared file. If the update in question is a security update, this behavior may leave the computer in a vulnerable state.
All updates for all versions of Visual Studio that target more than one SKU will experience this issue.
So that you do not leave the computer in a vulnerable state, make sure that all applicable SKUs of Visual Studio have the update installed. Also, do not uninstall the update from only one SKU. You can verify that this is the case by using the Add or Remove Programs
item in Control Panel.
Additionally, customers can use Microsoft Update to obtain updates for Microsoft Visual Studio 2005. We recommend that you select to receive updates for Visual Studio by using Microsoft Update. When you have selected to do this, you always are offered updates for Visual Studio 2005. You are offered these updates even if you have installed an update for multiple editions or SKUs of Visual Studio 2005 and then have uninstalled the update for only one SKU. Therefore, this is the best way to reduce the possibility that the computer will be left in a vulnerable state after you uninstall a security update for Visual Studio 2005.Note
Updates for Visual Studio 2005 are available on Microsoft Update. However, updates for Microsoft Visual Studio .NET 2003 and for Microsoft Visual Studio .NET 2002 are not available on Microsoft Update. For those versions of Visual Studio, you must download the update in question from the Microsoft Download Center and then manually install the update.
To visit the Microsoft Update Web site, click the following link: