Visual Studio 2005 security updates and CRT DLL versions in manifest

Question

Recent Visual Studio 2005 security updates may be causing problems for us.

We build and internally distribute SDKs written in C++. These SDKs are a collection of he

Answer 1

1) Yes it means the runtime is using both versions - something you never want to happen. It should only ever reference a single version of the DLL(s)

2) There is a method that I've developed to force the version to be the SP1 version (without the security update). I've outlined it here

3) You could disable manifests entirely and do them by hand, but I don't recommend this, as it's a pain to maintain different manifests for your debug and release, and it's an error-prone way of dealing with the problem. It would be better to use the workaround I mentioned in (2) above.