MS08-070 Visual Basic Vulnerability

Hi all,

Firstly, apologies if I've posted in the wrong area or get my terminology wrong. The person who dealt with our SolarWinds system has left and I'm trying to resolve security issues.

We had a critical log4j vulnerability, which I'd read was in SAM. Yesterday, I installed a hotfix for SAM using the online installer, which also updated 2 other components. Unfortunately, the ticket that I added the screenshot to seems to have lost it, so I can't confirm which components were included.

The log4j vulnerability has now gone, but MS08-070 has resurfaced. The full title is:

MS08-070: Vulnerabilities in Visual Basic 6.0 ActiveX Controls Could Allow Remote Code Execution (932349)

The description for this (in italics) is:

The remote host contains a version of the ActiveX control for Visual Basic 6.0 Runtime Extended Files that may allow an attacker to execute arbitrary code on the remote host by constructing a malicious web page and enticing a victim to visit it.

Note that this control may have been included with Visual Studio or FoxPro or as part of a third-party application created by one of those products.

I've tried to install KB2708437, the CU that contains the fix, and KB926857, the security update. Both fail to install, saying something like:

In order to Cumulative Update for Microsoft Visual Basic 6.0 SP6 (KB2708437), you must have Microsoft Visual Basic 6.0 SP6 Product Installed.

I assume the hotfixes have reset some files containing this vulnerability, but is there any way to update them?