KB971092 won’t install (Visual Studio 2008 Security Fix)

From Microsoft Connect:
(https://connect.microsoft.com/VisualStudio/feedback/ViewFeedback.aspx?FeedbackID=478117)

Until Microsoft come up with an official solution there is a working workaround for this problem.

This problem only appears to affect people who have not got Visual C++ Installed.

1.) Download VS90SP1-KB971092-x86.exe from here …
http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=294de390-3c94-49fb-a014-9a38580e64cb
2.) Start the installation VS90SP1-KB971092-x86.exe
3.) Wait for the error message to come up – DO NOT CLOSE THE WINDOW!
4.) Copy the temp. folder where the patch has been unpacked to a new folder, for example onto your desktop.
5.) Close VS90SP1-KB971092-x86.exe that you started in 2.)
6.) Navigate to <drive>:\Program Files\Microsoft Visual Studio 9.0\Common7\Tools and find vsvars32.bat.
7.) Change the permissions on the file to allow everyone to edit it.
8.) Start VS90SP1-KB971092-x86.msp from within the saved folder and the process should complete.

Drupal Installation: Turn off register_globals on 1&1 Hosting

Update: If you’re having other trouble with your 1&1 Drupal setup, such as the “500 Server Error” or problems with clean URLs, try this post on Drupal.org:
http://drupal.org/node/232773


Thank you, thank you, thank you! This was bugging the hell out of me, and the link from the Drupal installer is less than helpful for sorting the register_globals issue out:

I run a couple of Drupal sites on 1and1 for historical reasons (3 years free). A while ago, I dutifully upgraded them to Drupal 5.7. And was surprised to find that PHP’s register_globals was enabled.

All this time, I’ve been running with a .htaccess file which explicitly disabled that setting — if 1and1’s Apache was running mod_php only, it turns out. Apparently, such PHP settings in .htaccess files don’t do anything if running PHP in CGI mode.

Since Drupal 5.7 warns you if register_globals is enabled, it became glaringly obvious that they were. Not a happy situation at all. Drupal is coded intelligently and securely in general, but register_globals is inherently a security risk. It should never be enabled. But worse, in many versions of PHP, there is a bug which allows even more exploits to be used when register_globals is enabled. This bug has been fixed in recent versions of PHP, but hosting companies like 1and1 are notorious for not upgrading their PHP, MySQL, etc. versions.

(via Making 1and1 More Secure | Web node for Chris Johnson, Drupal developer.)

For reference, the site above suggests to create a .htaccess file at the root of your hosting directory (~/) and add the following line to it:

AddType x-mapp-php5 .php

This helps with MediaWiki as well, but MediaWiki does have a workaround that auto-forwards the .php file to it’s corresponding .php5 file if it detects that it is running under php4.