Two days ago a security update was released by Microsoft for Visual Studio SP1. Full information is available here but it essentially states it is an issue with Crystal Reports for VS.
Since I don’t generally install that bloatware it would seem reasonable that I shouldn’t have to download and install the update. Well not only does it come down as an Important update, it also won’t install properly. Actually that is slightly incorrect, it installs fine but then appears a few minutes later as a required update. This has been documented by Jason Nadrowski and I suspect that Jamshed from Microsoft was going to contribute but his post has mysteriously disappeared (original link was http://blogs.msdn.com/jamshedd/archive/2007/09/12/seurity-update-ms07-052-is-constantly-reoffered-on-microsoft-update.aspx – sounds like sensorship to me!)
Update: There is a newsgroup thread (http://groups.google.com/group/microsoft.public.windowsupdate/browse_thread/thread/9e0660e486d4d595/6f799a41c761f959?#6f799a41c761f959) that talks about this where a Microsoft representative acknowledges this as a known issue that they are working on. Me thinks some better testing is in order as this update issues seems to be affecting almost all users that don’t have Crystal Reports installed (including a University where they have rolled out VS2005 to 90 machines, which all now claim there is a missing update!).