DetailPage-MSS-KB

Microsoft small business knowledge base

Article ID: 939043 - Last Review: September 30, 2011 - Revision: 2.0

SYMPTOMS

Consider the following scenario:
  • You install an update on a computer that has more than one edition or SKU of any version of Microsoft Visual Studio installed.
  • The update updates shared files, and it is applied to all SKUs.
  • Later, you uninstall the update for one of the editions or SKUs by using the Add or Remove Programs item in Control Panel.
In this scenario, the update is uninstalled only for the single edition or SKU. However, the shared files are rolled back. This process leaves the computer in a potentially vulnerable state.

CAUSE

This issue occurs because of a problem with the update uninstall wrapper.

Updates for all versions of Visual Studio have an intelligent update install wrapper. When you install an update that is potentially applicable to more than one edition or SKU of any version of Visual Studio, the update wrapper checks whether you have multiple SKUs installed on the computer at the same time. (For example, the update wrapper checks whether you have the SKUs for Visual Studio 2005 Professional Edition and Visual Studio 2005 Team Edition installed on the computer.) In this case, the update wrapper installs the update only one time. However, the update wrapper adds metadata in the Currently installed programs list in the Add or Remove Programs item in Control Panel to indicate that the update is separately installed for each applicable SKU. You can verify that this is the case by using the Add or Remove Programs item in Control Panel. There, you see that the update was installed separately under each SKU for which the update is applicable.

When you later try to uninstall the update for only one SKU, the update metadata is removed for that particular SKU, and the files are rolled back to the earlier version. The files are rolled back even though they are shared across multiple SKUs. This behavior occurs because of a bug in Windows Installer. Because of this bug, Windows Installer does not keep a reference count for the number of updates that reference a single shared file. If the update in question is a security update, this behavior may leave the computer in a vulnerable state.

All updates for all versions of Visual Studio that target more than one SKU will experience this issue.

WORKAROUND

So that you do not leave the computer in a vulnerable state, make sure that all applicable SKUs of Visual Studio have the update installed. Also, do not uninstall the update from only one SKU. You can verify that this is the case by using the Add or Remove Programs item in Control Panel.

Additionally, customers can use Microsoft Update to obtain updates for Microsoft Visual Studio 2005. We recommend that you select to receive updates for Visual Studio by using Microsoft Update. When you have selected to do this, you always are offered updates for Visual Studio 2005. You are offered these updates even if you have installed an update for multiple editions or SKUs of Visual Studio 2005 and then have uninstalled the update for only one SKU. Therefore, this is the best way to reduce the possibility that the computer will be left in a vulnerable state after you uninstall a security update for Visual Studio 2005.

Note Updates for Visual Studio 2005 are available on Microsoft Update. However, updates for Microsoft Visual Studio .NET 2003 and for Microsoft Visual Studio .NET 2002 are not available on Microsoft Update. For those versions of Visual Studio, you must download the update in question from the Microsoft Download Center and then manually install the update.

MORE INFORMATION

To visit the Microsoft Update Web site, click the following link:
http://update.microsoft.com/microsoftupdate/v6/default.aspx?ln=en-us (http://update.microsoft.com/microsoftupdate/v6/default.aspx?ln=en-us)

APPLIES TO
  • Microsoft Visual Studio 2005 Team Suite
  • Microsoft Visual Studio 2005 Team Edition for Software Architects
  • Microsoft Visual Studio 2005 Team Edition for Software Developers
  • Microsoft Visual Studio 2005 Team Edition for Software Testers
  • Microsoft Visual Studio 2005 Professional Edition
  • Microsoft Visual Studio .NET 2003 Professional Edition
  • Microsoft Visual Studio .NET 2003 Enterprise Architect
  • Microsoft Visual Studio .NET 2003 Enterprise Developer
  • Microsoft Visual Studio .NET 2002 Professional Edition
  • Microsoft Visual Studio .NET 2002 Enterprise Architect
  • Microsoft Visual Studio .NET 2002 Enterprise Developer
Keywords: 
kbtshoot kbexpertiseinter kbsecurity kbbug KB939043
Share
Additional support options
Ask The Microsoft Small Business Support Community
Contact Microsoft Small Business Support
Find Microsoft Small Business Support Certified Partner
Find a Microsoft Store For In-Person Small Business Support