Redistributable Visual Studio 2019 X64

[Henrietta Naughton]

TheVisual C++ Redistributable installs Microsoft C and C++ (MSVC) runtime libraries. Many applications built using Microsoft C and C++ tools require these libraries. If your app uses those libraries, a Microsoft Visual C++ Redistributable package must be installed on the target system before you install your app. The Redistributable package architecture must match your app's target architecture. The Redistributable version must be at least as recent as the MSVC build toolset used to build your app. We recommend you use the latest Redistributable available for your version of Visual Studio, with some exceptions noted later in this article.

Unlike older versions of Visual Studio, which have infrequent redist updates, the version number isn't listed in the following table for Visual Studio 2015-2022 because the redist is updated frequently. To find the version number of the latest redist, download the redist you're interested in using one of the following links. Then, look at its properties using Windows File Explorer. In the Details pane, the File version contains the version of the redist.

Some of the downloads that are mentioned in this article are currently available on my.visualstudio.com. Log in using a Visual Studio Subscription account so that you can access the download links. If you're asked for credentials, use your existing Visual Studio subscription account. Or, create a free account by choosing the No account? Create one! link.

Visual Studio versions since Visual Studio 2015 share the same Redistributable files. For example, any apps built by the Visual Studio 2015, 2017, 2019, or 2022 toolsets can use the latest Microsoft Visual C++ Redistributable. However, the version of the Microsoft Visual C++ Redistributable installed on the machine must be the same or higher than the version of the Visual C++ toolset used to create your application. For more information about which version of the Redistributable to install, see Determining which DLLs to redistribute. For more information about binary compatibility, see C++ binary compatibility between Visual Studio versions.

These links download the latest available en-US Microsoft Visual C++ Redistributable packages for Visual Studio 2013.You can download other versions and languages from Update for Visual C++ 2013 Redistributable Package or from my.visualstudio.com.

These links download the latest available en-US Microsoft Visual C++ Redistributable packages for Visual Studio 2012 Update 4. You can download other versions and languages from Microsoft Visual C++ Redistributable Packages for Visual Studio 2012 Update 4 or from my.visualstudio.com.

I have read the documents and have never found anything other than the visual studio must be the community version which I installed. Can you pleas tell me where I need to go to get the correct version and which version that is?

I am trying to install CUDA 10.0 for windows 10 (64-bit). Cuda installer says no supported version of Visual Studio was found.

However, I have already installed Visual Studio 2017 Community (v15.9.17). In addition, I have Windows 10 SDK (Version 10.0.15063.0) also installed. Can somebody help me how to get going with Cuda installation?

I am trying to use Visual Studio 2022 to successfully load and build an SSIS package that targets SQL Server 2016. Documentation suggests that this is indeed supported. Per the online docs ( -us/sql/ssdt/download-sql-server-data-tools-ssdt?view=sql-server-ver16), I have used the visual studio installer to add in the SQL Server Data Tools. Then I have installed the SSIS extension. I am getting an error about OLEDB.

More research suggests that I need the msoledbsql driver installed. However, the installer for that complains that I need a visual c++ redistributable. I downloaded that from here and installed it without issue: -us/cpp/windows/latest-supported-vc-redist?view=msvc-170

I have in fact installed that as shown in my add/remove programs list. However, the msoledbsql installer refuses to install. It still insists that I need to install the visual c++. Can anyone advise a way forward?

Q: After applying MS09-035 will end users see any changes to their user interface that would be unusual or different to normal when working with ActiveX controls in Internet Explorer? For example, unusual dialog boxes?

A: We are aware of active attacks on the msvidctl ActiveX component (see MS09-032). We are aware of a demonstration video available. However, we have seen no full PoC regarding the issues we released today.

A: Disabling ActiveX controls will mitigate the issues discussed in MS09-035. See Security Advisory 973882 for a full list of mitigations and workarounds. If ActiveX controls are disabled, then there is no risk to our customers.

A: No, installing the redistributable updates will only make the update available to runtime use and not design time. This means that the developer will still be using an unpatched version of ATL even though the runtime experience is patched

A: MS09-032 is specific to msvidctl, the OOB update takes care of the other issues in ATL vulnerabilities. Furthermore, the msvidctl was using a private version of the ATL which was not publicly available.

Q: This is specific to the Visual Studio patch. After the patch is installed (IDE update or C++ runtime updates), is the old version, which still has the vulnerability, be installed on the workstation? Or will it be replaced?

A: We recommend that you apply both the runtime and design-time patches for a developer machine running Visual studio. If you install both then the old bits will be replaced, if you install one or the other of the run/design-time updates then the other patch will not be applied and affected components will still be the old versions

Q: If a developer has a control that is vulnerable and does not recompile the control and someone who is using Internet Explorer has MS09-034 installed, will they be blocked from using the control in general or only from malicious code injection etc?

A: While the MS09-032 addresses known exploits, other components and controls are still vulnerable. MS09-034 provides mitigation in Internet Explorer to protect from potential attacks, and MS09-035 allows developers to correct their components and controls

A: MS09-034 is a Cumulative update and contains the fixes contained in MS09-019. Microsoft encourages customers to apply the latest cumulative critical update as soon as possible to protect customers.

A: As long as the MS09-034 update is installed then there are not specific problems in updating to Internet Explorer 8. That said, it is worth highlighting the fact that Internet Explorer 8 provides further security improvements (as it is the latest version)

Q: Can Microsoft provide info about current and future ActiveX controls that are being killbitted so Webmasters can scan their sites to see if they are in use? This will be a critical issue if Microsoft issues a killbit for an orphaned control without an owner.

Q: If a machine does not have the affected (or any) version of Visual Studio, does the MS09-034 patch still apply? If I understood correctly, they both address two different attack vectors for the same underlying issue within the ATL library.

A: The catalogs for WSUS have already been published (they are always released at the same time as the bulletins). If you are experiencing any delays you may wish to investigate possible proxy caching latency between you and microsoft.com.

A: The scenario you describe should not happen because the updated version of the Microsoft Visual C++ 2008 Redistributable (KB973551) contains the fixed version of the binaries so a scan should not flag the security update as required. Please call Customer Support Services at 1-800-MICROSOFT from free support for security updates.

A: MS09-034 includes other security fixes (unrelated to ATL), so we encourage everyone to apply the update. If Internet Explorer is not used on your environment you should assess the risk based on the binaries being updated.

Q: Since very little web browsing is performed on data center servers, is it critical to get these patches applied to our servers, or can this wait a few weeks until our standard maintenance window?

A: MS09-034 includes other security fixes not related to the Internet Explorer mitigations that will block ATL. Based on this you should evaluate how the impacted binaries are used in your specific scenario to assess the risk. That said, we highly encourage all our customers to apply the update to avoid being vulnerable.

Q: Killbits are trustworthy again after the MS09-034 update, right? So, MS09-034 also includes killbits for all vulnerable ActiveX controls whitelisted by default in Internet Explorer 7 and 8?

A: ActiveX security policy, such as killbits, work as expected after the Internet Explorer mitigation release with MS09-034 is applied on the system. Also, MS09-034 does not include killbits, but instead defense-in-depth fixes were introduced to block all known ATL vulnerabilities. As our investigation continues, further killbits might be released.

Q: So, assuming that I have probably currently installed several vulnerable ActiveX controls, how can an attacker exploit this? Does he just have to call them? And if so, is the user prompted about this again?

A: At this time we are not aware of an exploit that can take advantage of arbitrary controls. For example, regarding msvidctl which was fixed as part of MS09-032 update two weeks ago (in the July release) further code was needed to trigger the vulnerability. At this time we are not aware of any generic way of exploiting ActiveX controls. In order to understand whether your controls are vulnerable please submit them to

3a8082e126