For those of you who have not yet moved to Visual Studio 2010 Service Pack 1, be aware that the April 2011 Security Bulletin MS11-025 includes a security fix to Microsoft Foundation Classes (MFC) runtime for Visual Studio 2005 Service Pack 1, Visual Studio 2008 Service Pack 1, and Visual Studio 2010 RTM. There are new CRT redistribution packages available for each of these that include the fix.
Some developers had problems when the last such update was rolled out, the ATL security fix MS09-35, because of the impact it had on developers building code after applying the Windows Update. For Visual Studio 2005 SP1, the default behavior is for the Side-By-Side manifest system to default to the 'most current' version on the system. For Visual Studio 2008 SP1 this was changed to bind to the RTM version unless the code is compiled with a 'bind to latest' control define. Be sure to review this blog entry on Visual Studio CRT binding if you are still using Visual Studio 2005 or Visual Studio 2008. > Visual Studio 2010 and later do not make use of the Side-By-Side technology. Review the Visual Studio 2010 CRT deployment documentation for more details. Note: Due to some issues in the original Visual Studio 2010 CRT REDIST package, the updated VS 2010 CRT files can cause problems when trying to install the DirectX SDK (June 2010) or the Windows SDK 7.1 that requires a workaround.