We are in the process of setting up Service Desk and xFlow in AWS and are currently undergoing a security vulnerability scan.  These CVE IDs came up:

CVE-2009-2495
CVE-2009-2493
CVE-2009-0901

They are all related to vulnerabilities with Microsoft Visual Studio C++ Redistributable Package MS090-035.  Does Service Desk Manager and xFlow need this installed in order to function?  I could just uninstall it.  If it is needed, please advise on what the next steps are.

Service Desk Manager 17.3 and higher

 Any files housed under the C:\Windows\WinSxS (Windows Side by Side) folder are dumped there every time Windows updates are implemented and the old files are backed up. Since those are backup files and Microsoft's security updates have already addressed the vulnerability issue in 2009/2010 via sec update/SP, no actions are needed. While removing these files does not impact the functionality of Service Desk Manager or xFlow, we will caution against deleting files from the WinSxS folder because it may impact the functionality of your Windows including the system boot-up process more than the applications themselves.

What is WinSxS folder in Windows 11/10?