Good News - May 13th Updates for Windows XP

[darkrats]

Here are the May 13th security updates, ported to work with Windows XP.
You'll notice an update for IE6. That's because the original updates were
for POSReady 2009, which came with IE6.

http://filepost.com/files/5a3c3me2/UpdatesXP.rar/

These have been installed, tested and verified to work (the updates also
show up under installed programs).
For those of you running Symantec products, you will have to completely shut
down those products prior to installing the updates, including the non-Plug
& Play driver NAVEX15.
Otherwise, you'll get a BSOD, followed by a Memory Dump and Disk Checks
before rebooting. It won't hurt your system, but it's a pain to wait thru
the process before trying again.

Now that these updates are available for Windows XP, we can be confident
other monthly updates will follow.

Good news for Windows XP users.

 

[XP Guy]

Here are the May 13th security updates, ported to work with
Windows XP.

For those of you running Symantec products, you will have to
completely shut down those products prior to installing the
updates,

Good news for Windows XP users.

I think these files should be submitted directly to Ikarus - assuming
they have an on-line file submission option.

It *probably* is a false-positive by Ikaraus. Many of these seem date
to 02/24/2005 unless the "Compilation time" is not relavent or accurate.

-------------

File name: WindowsXP-KB2953522-IE8.exe Detection ratio: 1 / 52

https://www.virustotal.com/en/file/...e06e08385f50178ca73d8039/analysis/1400330910/

Compilation timestamp 2005-02-24 19:44:38

Ikarus Virus.Win32.Virut

Analysis Report for WindowsXP-KB2953522-IE8.exe

https://anubis.iseclab.org/?action=result&task_id=17d2e8605737cd264a12be34fb0e4baad&format=html

-------------

Product Microsoft .NET Framework 4.0
Original name NDP40-KB2931365-x86.exe
Internal name NDP40-KB2931365-x86.exe
File version 10.0.30319.1023
Description Security Update for Microsoft .NET Framework 4.0 (KB2931365)
Signature verification Signed file, verified signature
Signing date 1:01 AM 2/27/2014

Detection ratio: 0/53

-------------

File name: WindowsXP-PostSP4-KB2926765.exe Detection ratio: 1 / 53

Ikarus Virus.Win32.Virut

https://www.virustotal.com/en/file/...0c3d1854ff72990ef1b7efe8323a231df2a/analysis/

Compilation timestamp 2005-02-24 19:44:38

-------------

File name: WindowsXP-KB2931352-netfx11-x86.exe Detection ratio: 0/53

Compilation timestamp 2011-01-24 19:44:38

https://www.virustotal.com/en/file/...9384a8faf9b23558adf45dc5/analysis/1400332545/

-------------

File name: WindowsXP-PostSP4-kb2953522-ie6.exe
Detection ratio: 1/52

Ikarus Virus.Win32.Virut

Compilation timestamp 2005-02-24 19:44:38

https://www.virustotal.com/en/file/...7bb8806fc8f62c0ece5bb993764427aaa9f/analysis/

-------------

File name: WindowsXP-PostSP4-kb2953522-ie7.exe Detection ratio: 1/52

Ikarus Virus.Win32.Virut

Compilation timestamp 2005-02-24 19:44:38

https://www.virustotal.com/en/file/...60588abca019a965c76970265ddf570ab29/analysis/

-------------

File name: WindowsXP-KB2953522-IE8.exe Detection ratio: 1/52

Ikarus Virus.Win32.Virut

Compilation timestamp 2005-02-24 19:44:38

https://www.virustotal.com/en/file/...ef5d1e879dfe06e08385f50178ca73d8039/analysis/

--------------

 

[Bert]

In "darkrats"

Good news for Windows XP users.

I always download and install OS security updates from anonymous
Canadians without question.

 

[darkrats]

Not saying you shouldn't post the results, but with only 1 out of 55
reporting a "positive", it should be pretty clear to most users that the
files are clean. The problem is with Ikaraus. All the other products appear
to give them a pass. But users can click through and judge for themselves.
The files are authentic and the source is reliable. That's my last word )I
think) on this.

 

[VanguardLH]

Here are the May 13th security updates, ported to work with Windows XP.

Why would Microsoft updates for Windows XP have to be "ported" to
Windows XP?

You'll notice an update for IE6. That's because the original updates were
for POSReady 2009, which came with IE6.

h**p:// filepost. c*m/ files/ 5a3c3me2/ UpdatesXP. rar/

If these updates originally came from Microsoft, aren't the OLD updates
still available from the Windows Update site? That Microsoft dropped
support for Windows XP does not mean updates are no longer available
from the WU site for it. Not generating new updates doesn't mandate
that old updates become inaccessible.

From what I've read, the Windows update will not function for Windows
XP at less than service pack 2. You can get SP2 from the source
(Microsoft) at:
http://www.microsoft.com/en-us/download/details.aspx?id=28

If you have an non-Intel CPU (AMD) and you have a pre-SP3
installation of Windows XP that you want to upgrade to SP3, you must
first install KB953356, Microsoft Windows Update Utility Package for
non-intel Processors, to prevent getting stuck in a reboot loop.
It's available from the source (Microsoft) at:
http://www.microsoft.com/en-us/download/details.aspx?id=23751

Windows XP SP3 is available from the source (Microsoft) at:
http://www.microsoft.com/en-us/download/details.aspx?id=24
SP3 won't install into an existing instance of Windows XP unless it
is already at SP-1a or SP-2. It is recommended to uninstall IE8
before installing SP3. This is to allow uninstalling IE8 at a later
time, if needed or wanted, after installing SP3. If you don't
already have an SP3 level of the Windows XP installation CD, you can
use nLite to streamline it (and any drivers you need) into a new CD
image. You'll need to first slipstream in SP2 and then SP3 since SP3
is *not* a cumulative update. Or go buy, like at eBay, a Windows XP
SP-3 install CD with a key (don't get the Dell reinstallation CDs
unless you have a Dell).

Why would anyone get updates to the OS from an unknown source? This is
filepost.com, not a Microsoft site. Anyone can upload whatever they
want to there. Taking off the filename parameter from the URL gives a
web page but nothing of the uploader is identified; however, it's
unlikely that whomever did the upload is a known and reputable source
that can be verified. Yeah, no thanks.

Then there's the bandwidth throttling at that public and anonymous file
storage site. Unless a user has a premium account (premium = money) at
filepost.com, downloads are throttled so they are 15 times slower. The
button for the low-speed download triggers a new popup tab/window from
fttp://ad.directrev.com/RealMedia/ads/adstream_sx.ads/... No thanks.
My ad and tracking blocker stops that in its tracks. You have to go
back to the original page to enter a CAPTCHA string. You'll probably
have to cycle through several CAPTCHA images before you get one that is
legible and doesn't mash letters together (so "cl" looks like "d").
Each failed attempt results in the ad popup tab/window again. When you
get the CAPTCHA correct, nothing happens. No download starts. Instead
you have to notice a "Start downloading now" link appeared on the page.
The site's estimate for download time was 59 seconds (compared to 4
seconds for the high-speed connection). Instead, for me, the download
took 213 seconds over a 28 Mbps Internet connection. The file from an
unknown and untrusted source was immediately deleted thereafter.

A .rar file for Windows users? The more common .zip format was the same
size (actually 11 bytes smaller).

These have been installed, tested and verified to work (the updates also
show up under installed programs).

By who? You, an unknown that is posting anonymously in Usenet? Uh huh,
yeah, that's real assurance.

It doesn't matter how long you've been posting in Usenet. I've been
here since 1998 and probably have over 15K posts. All that means is
that I've had a consistent nym (although it's been modified 3 times due
to Google's crappy search algorithms that discard punctuation characters
and now Google destroyed decent searching of their Usenet archive), not
that anyone knows who *I* am. My Usenet nym is not my legal identity
and neither is yours. I would expect no one to trust some download I
pointed at that is on a general-use publicly accessible file storage
site. Same goes for any other OS update upload by some anonymous
source. Maybe you went to the dark side. Maybe you're a forger. At a
minimum, you only have a (possibly long-lived) Usenet nym. We don't
even know that file was uploaded by you. The uploader was never
identified.

For those of you running Symantec products, you will have to completely shut
down those products prior to installing the updates, including the non-Plug
& Play driver NAVEX15.
Otherwise, you'll get a BSOD, followed by a Memory Dump and Disk Checks
before rebooting. It won't hurt your system, but it's a pain to wait thru
the process before trying again.

So you want users to disable their security while they install software
from an unknown source that uploaded to an open file storage site and is
claimed to work by an anonymous poster in Usenet. Oh yeah, sure.

Now that these updates are available for Windows XP, we can be confident
other monthly updates will follow.

From WHO? What is this known, reputable, and non-anonymous source of OS
updates that isn't Microsoft? Since Microsoft isn't updating Windows XP
anymore, just what would these monthly updates from an unknown source be
for?

This "update" is only 14.8 MB in size so obviously it is not a
cumulative update. I used WSUSoffline to capture the Windows XP
updates. Individually the update files amass to 537 MB (and that's just
for Windows XP and does not include .Net updates, C runtimes, etc). The
..iso file that merges all the updates for Windows XP is 936 MB in size.

Good news for Windows XP users.

Yup, let's all jump to an unknown source for OS updates.

 

[darkrats]

Okay. The updates have been removed from Filepost.
Other links can be found on some Windows XP forums, if you search for them.

 

[XP Guy]

Why would Microsoft updates for Windows XP have to be "ported" to
Windows XP?

They could have been supplied for other versions of Windoze (Vista or 7)
and have been found to work on XP as-is, or perhaps with some
modification.

If these updates originally came from Microsoft, aren't the OLD
updates still available from the Windows Update site?

These could be paid-support hotfix files, and if so then it makes sense
you wouldn't be able to download them from Macro$haft. So hosting them
on a file-locker makes sense.

Why would anyone get updates to the OS from an unknown source?

If these are contained within an update stream for Vista or 7 then they
wouldn't normally be accessible to people running XP without a lot of
legwork navigating and exploring Milkro$oft's website.

If these were paid-support hot-fixes, then again who-ever is
distributing them to the public will necessarily have to be an unknown
source.

A .rar file for Windows users? The more common .zip format was the
same size (actually 11 bytes smaller).

File-locker users overwhelmingly use .rar compression when storing files
on file-lockers. I've downloaded gigabytes worth of stuff over the
years from file lockers and 99.99% of the files have been .rar.

Winrar has been hacked and license keys widely circulated. Even old
versions of Winrar can decompress rar files compressed by newer
versions. The same CAN NOT be said for 7zip, for example.

Ever since the great file-locker shake up a few years ago (remember when
Mega Upload was shut down and Kim DotCom was arrested in New Zealand?)
many file-lockers either went bust or closed, but File Post has remained
and is one of a handful of primary lockers used today.

By who? You, an unknown that is posting anonymously in Usenet?
Uh huh, yeah, that's real assurance.

It should be a simple matter to do a web search on the file-names and
see where-else they can be found - especially if they are found and can
be downloaded from Macro$haft itself.

This "update" is only 14.8 MB in size so obviously it is not a
cumulative update.

The idea here (I think) is that these are from the last "patch tuesday"
(May 12) issued by MS, and as such would have been the first to
officially not include anything for XP. Of the May 12 WU dump, I
presume these are the ones that have been found to actually work on a
win-XP system, but that an XP user would not be able to download using
the WU mechanism.

So I would not expect cumulative updates (official or unofficial) for XP
at this point.

I used WSUSoffline to capture the Windows XP updates. Individually
the update files amass to 537 MB (and that's just for Windows XP and
does not include .Net updates, C runtimes, etc).

That may be for all updates, fixes and patches ever issued for XP-SP2
for the past what - 10 years? We're not talking about that here.

 

[darkrats]

Thanks XP Guy for taking the time to address many of the comments by
VanguardLH. Much appreciated.

 

[VanguardLH]

Okay. The updates have been removed from Filepost.
Other links can be found on some Windows XP forums, if you search for them.

They aren't available at the Windows Update site (if you note the
requirements for SP2 noted in my prior post for getting Windows XP to
work with the WU site)?

 

[darkrats]

The original untouched updates are available only to customers who run
POSReady 2009 (Windows XP Embedded). If you're not running that operating
system, you will not see those updates.

 

[XP Guy]

The original untouched updates are available only to customers who
run POSReady 2009 (Windows XP Embedded). If you're not running that
operating system, you will not see those updates.

POS - Point Of Sale (ie - cash registers, bank teller consoles, etc)

http://www.msfn.org/board/topic/171814-posready-2009-updates-ported-to-windows-xp-sp3-enu/

But before you get too excited, read post #20 (and beyond) in that
thread.

This might not be ready for prime time - yet.

I told you that there would be a way for these XP updates to be modded
and leaked to the web. Every PatchTuesday this is going to happen.

=================

The latest Patch tuesday updates have been easily ported to a Windows XP
virtual system - fully updated until April 2014.

The constraints are entirely artificial. Porting is easy as 1-2-3:

1. Modify update.inf file and remove the

condition=CompositeOp,OrOp,Prereq.XPInstallEmbedded.Section line from
the Prerequisite section.

2. Use a patched update.exe version 6.3.13.0 or later to accept the
modified update.inf file.

3. Compress to SFX EXE file. Delta compression optional.

I have already uploaded the files at RyanVM.net...

So Windows XP can have semi-official support until 2019! :w00t:

The update is applicable to Windows XP x64 SP2 if you remove the:

Condition=AndOp,Prereq.XPAMDInstallBlock.Section

line from the [Prerequisite] section and patch the update.exe file to
accept the modified update.inf. Instructions can be found here:

http://www.ryanvm.net/forum/viewtopic.php?p=115464#115464

The shlwapi.dll file is not an exclusive Server 2003 x64 component. In
addition there are registry keys in the INF file specific for XP
Professional x64:

[ProductInstall.ProfessionalFiles]
AddReg=Product.Add.Reg.Professional

[Save.Reg.For.Uninstall]

HKLM,SOFTWARE\Microsoft\Updates\Windows XP Version
2003\SP%SERVICE_PACK_NUMBER%\%SP_SHORT_TITLE%

[Product.Add.Reg.Professional]
HKLM,SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Hotfix\%SP_SHORT_TITLE%,"Comments",0,%SP_TITLE_XP%
HKLM,SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Hotfix\%SP_SHORT_TITLE%,"Fix
Description",0,%SP_TITLE_XP%

HKLM,SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\%SP_SHORT_TITLE%,"RegistryLocation",0,"HKLM\SOFTWARE\Microsoft\Updates\Windows
XP Version 2003\SP%SERVICE_PACK_NUMBER%\%SP_SHORT_TITLE%"

HKLM,SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\%SP_SHORT_TITLE%,"ParentDisplayName",0,"%PARENT_DISPLAY_NAME_XP%"
HKLM,SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\%SP_SHORT_TITLE%,"DisplayName",0,"%SP_TITLE_XP%"
HKLM,SOFTWARE\Microsoft\Updates\Windows XP Version
2003\SP%SERVICE_PACK_NUMBER%\%SP_SHORT_TITLE%,"Description",,%SP_TITLE_XP%

and the relevant strings.

All these observations indicate that the update is applicable to XP x64
without any issues (It's not proved completely - that would require an
analysis of the patch itself, something rather difficult and not
required in this scenario).

One final note: Because these updates have been deployed on a relatively
limited number of machines (XP support has officially ended and most
users ignore the existance of these updates) testing any of them in VM
before deploying to real hardware is strongly recommended.

-----------------

With reference to this:
http://www.microsoft.com/en-us/download/details.aspx?id=42774

which is related to this kb:
http://support.microsoft.com/kb/2932079

This update resolves a vulnerability in the Microsoft .NET Framework
that could allow elevation of privilege if an unauthenticated attacker
sends specially crafted data to an affected workstation or server that
has the .NET Framework Remoting feature enabled.

it is IMHO not a patch for a vulnerability, it is a patch for generic
stupidity.

-----------------

First of all, thank you *very much* harkaz, this is beyond cool! Heading
home from work yesterday I was almost a bit giddy seeing these
semi-official patches and thinking of all the future ones that
could/will be coming our way through 2019!

Let the idiots on neowin storm off in a huff! Tell them to come back in
2019.

For myself, I only get 1 patch out of the deal (I don't have IE or any
version of "dontnet" installed). Hmm, I didn't think about POS not
having IE6. Looks like we won't get any IE 6 patches unless somebody
ports them from 2003.

Jaclaz, I agree it's a patch for general stupidity-let's hope MS
doesn;'t start patching for that, as we'll all need petabyte sized
drives.

(Seriously though, the link to the bulletin 42774 that you posted; under
'System Requirements' it states that Windows XP is a "supported
operating system" along with Windows Server 2003. But the title at the
top of the page for 42774 just says Windows Server 2003.)

Rest assured the IE6 and the IE7 patches for POSReady 2009 also exist!
I'm sure harkaz'll release modded versions of them soon, too.

----------------

The patched update.exe seems to have done the trick. The update
installed and is actually listed in my list of updates as a "Windows XP"
update! I guess Microsoft isn't going to let anyone on XP x64 install it
the easy way unless they have paid support, though. I know there's a
risk to doing this, but this isn't a mission-critical machine, anyway.
Just a laptop I use when I'm away from the big iron, to go online and
stuff with. If it were, I'd just update it to 7. Guess I'll just keep
doing this once a month until July of next year. Thanks for the help!

There is also the older WEPOS/XPe which comes with IE6 and is supported
until I think 2016 and also uses the same patches.

 

[darkrats]

Good information. It's true, some might find it problematic installing these
updates. I had touble because I run a Symantec product on my system. But I
found a way around it, I think I've seen the patched updates now on 4 or 5
different forums. There are slight differences in some of the downloads, so
more than one person is working on them. Sad to say, I'm not one of those
talented people. Good to know about the updates anyway. As time goes by,
they will likely become better able to work with more system variations.
It's exciting to me, even though it's early in the game.

The original untouched updates are available only to customers who
run POSReady 2009 (Windows XP Embedded). If you're not running that
operating system, you will not see those updates.

POS - Point Of Sale (ie - cash registers, bank teller consoles, etc)

http://www.msfn.org/board/topic/171814-posready-2009-updates-ported-to-windows-xp-sp3-enu/

But before you get too excited, read post #20 (and beyond) in that
thread.

This might not be ready for prime time - yet.

I told you that there would be a way for these XP updates to be modded
and leaked to the web. Every PatchTuesday this is going to happen.

=================

The latest Patch tuesday updates have been easily ported to a Windows XP
virtual system - fully updated until April 2014.

The constraints are entirely artificial. Porting is easy as 1-2-3:

1. Modify update.inf file and remove the

condition=CompositeOp,OrOp,Prereq.XPInstallEmbedded.Section line from
the Prerequisite section.

2. Use a patched update.exe version 6.3.13.0 or later to accept the
modified update.inf file.

3. Compress to SFX EXE file. Delta compression optional.

I have already uploaded the files at RyanVM.net...

So Windows XP can have semi-official support until 2019! :w00t:

The update is applicable to Windows XP x64 SP2 if you remove the:

Condition=AndOp,Prereq.XPAMDInstallBlock.Section

line from the [Prerequisite] section and patch the update.exe file to
accept the modified update.inf. Instructions can be found here:

http://www.ryanvm.net/forum/viewtopic.php?p=115464#115464

The shlwapi.dll file is not an exclusive Server 2003 x64 component. In
addition there are registry keys in the INF file specific for XP
Professional x64:

[ProductInstall.ProfessionalFiles]
AddReg=Product.Add.Reg.Professional

[Save.Reg.For.Uninstall]

HKLM,SOFTWARE\Microsoft\Updates\Windows XP Version
2003\SP%SERVICE_PACK_NUMBER%\%SP_SHORT_TITLE%

[Product.Add.Reg.Professional]
HKLM,SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Hotfix\%SP_SHORT_TITLE%,"Comments",0,%SP_TITLE_XP%
HKLM,SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Hotfix\%SP_SHORT_TITLE%,"Fix
Description",0,%SP_TITLE_XP%

HKLM,SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\%SP_SHORT_TITLE%,"RegistryLocation",0,"HKLM\SOFTWARE\Microsoft\Updates\Windows
XP Version 2003\SP%SERVICE_PACK_NUMBER%\%SP_SHORT_TITLE%"

HKLM,SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\%SP_SHORT_TITLE%,"ParentDisplayName",0,"%PARENT_DISPLAY_NAME_XP%"
HKLM,SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\%SP_SHORT_TITLE%,"DisplayName",0,"%SP_TITLE_XP%"
HKLM,SOFTWARE\Microsoft\Updates\Windows XP Version
2003\SP%SERVICE_PACK_NUMBER%\%SP_SHORT_TITLE%,"Description",,%SP_TITLE_XP%

and the relevant strings.

All these observations indicate that the update is applicable to XP x64
without any issues (It's not proved completely - that would require an
analysis of the patch itself, something rather difficult and not
required in this scenario).

One final note: Because these updates have been deployed on a relatively
limited number of machines (XP support has officially ended and most
users ignore the existance of these updates) testing any of them in VM
before deploying to real hardware is strongly recommended.

-----------------

With reference to this:
http://www.microsoft.com/en-us/download/details.aspx?id=42774

which is related to this kb:
http://support.microsoft.com/kb/2932079

This update resolves a vulnerability in the Microsoft .NET Framework
that could allow elevation of privilege if an unauthenticated attacker
sends specially crafted data to an affected workstation or server that
has the .NET Framework Remoting feature enabled.

it is IMHO not a patch for a vulnerability, it is a patch for generic
stupidity.

-----------------

First of all, thank you *very much* harkaz, this is beyond cool! Heading
home from work yesterday I was almost a bit giddy seeing these
semi-official patches and thinking of all the future ones that
could/will be coming our way through 2019!

Let the idiots on neowin storm off in a huff! Tell them to come back in
2019.

For myself, I only get 1 patch out of the deal (I don't have IE or any
version of "dontnet" installed). Hmm, I didn't think about POS not
having IE6. Looks like we won't get any IE 6 patches unless somebody
ports them from 2003.

Jaclaz, I agree it's a patch for general stupidity-let's hope MS
doesn;'t start patching for that, as we'll all need petabyte sized
drives.

(Seriously though, the link to the bulletin 42774 that you posted; under
'System Requirements' it states that Windows XP is a "supported
operating system" along with Windows Server 2003. But the title at the
top of the page for 42774 just says Windows Server 2003.)

Rest assured the IE6 and the IE7 patches for POSReady 2009 also exist!
I'm sure harkaz'll release modded versions of them soon, too.

----------------

The patched update.exe seems to have done the trick. The update
installed and is actually listed in my list of updates as a "Windows XP"
update! I guess Microsoft isn't going to let anyone on XP x64 install it
the easy way unless they have paid support, though. I know there's a
risk to doing this, but this isn't a mission-critical machine, anyway.
Just a laptop I use when I'm away from the big iron, to go online and
stuff with. If it were, I'd just update it to 7. Guess I'll just keep
doing this once a month until July of next year. Thanks for the help!

There is also the older WEPOS/XPe which comes with IE6 and is supported
until I think 2016 and also uses the same patches.

 

[VanguardLH]

The original untouched updates are available only to customers who run
POSReady 2009 (Windows XP Embedded). If you're not running that operating
system, you will not see those updates.

Windows XP Embedded (XPe) extended support doesn't end until Jan 1,
2016. Since it is still a supported product then it should see any
updates available for Windows XP.

http://support.microsoft.com/lifecycle/?p1=3220
Lifecycle started: 1/20/2002
mainstream ended: 1/11/2011
extended ends: 1/12/2016

Windows Embedded POSready 2009 must be a different product because it is
a separate listing under the Lifecycle page plus its support didn't even
start until over 7 years later 3/10/2009. Updates will be available for
this product until 2019.

http://support.microsoft.com/lifecycle/?p1=14086
Lifecycle started: 3/10/09
mainstream ended: 4/8/2014
extended ends: 4/9/2019

I didn't think Microsoft was going to yank the availablility of *old*
updates from their WU site just because extended support ended for that
product. I no longer have an instance of Windows XP to test if the WU
site does or does not offer the old XP updates anymore.

I'm not talking about the local updater client (wupdmgr.exe) but going
to the WU site (and using the required updater AX control in IE) to see
if old updates for Windows XP are still available or not.

 

[XP Guy]

UPDATE [22/5/2014]:

A simple registry tweak is enough for WU to show the latest POSReady
updates on Windows XP. This method has been tested and works on any XP
build.

Add the following registry keys (INF Format):

HKLM,"System\CurrentControlSet\Control\WindowsEmbedded\ProductVersion","FeaturePackVersion",0x00000000,"SP3"

HKLM,"SYSTEM\WPA\WEPOS","Installed",0x10001,0

HKLM,"SYSTEM\WPA\WES","Installed",0x10001,0

HKLM,"SYSTEM\WPA\POSReady","Installed",0x10001,1

Or use notepad to copy the following and save as .reg file and run it:

==========
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WindowsEmbedded\ProductVersion]
"FeaturePackVersion"="SP3"

[HKEY_LOCAL_MACHINE\SYSTEM\WPA\WEPOS]
"Installed"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\WPA\WES]
"Installed"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\WPA\PosReady]
"Installed"=dword:00000001
===========

Restart your computer, and make sure WindozeUpdate service is running.
You will see there are updates for you to install! And your XP PC will
continue to recieve MS patches until the year 2019.

This is for 32-bit XP. There is a different method for 64-bit version
of XP (by spoofing Windows 2003 server).

This trick works because for the purposes of WindowsUpdate, it makes WU
think you're running POS2009 (Point Of Service 2009) which is basically
XP for cash registers and other "point-of-service" PC's. Microsoft
provides update support for POS2009 until 2019.

 

[DK]

UPDATE [22/5/2014]:

A simple registry tweak is enough for WU to show the latest POSReady
updates on Windows XP. This method has been tested and works on any XP
build.

I tested it today. I work just fine. "POSReady" updates show up
in WU and after they get installed, the uninstall displays them
as "Security update for Windows XP".

The exact content of the *.inf file:
**********************************************************************
[Version]
Signature=$CHICAGO$

[DefaultInstall]
AddReg=Add.Settings

[Add.Settings]
HKLM,"System\CurrentControlSet\Control\WindowsEmbedded\ProductVersion","FeaturePackVersion",0x00000000,"SP3"
HKLM,"SYSTEM\WPA\WEPOS","Installed",0x10001,0
HKLM,"SYSTEM\WPA\WES","Installed",0x10001,0
HKLM,"SYSTEM\WPA\POSReady","Installed",0x10001,1
*********************************************************************

This probably will not last because MS will soon realize that there is
surprising number of cash registers connecting in from residential
addresses

DK

Add the following registry keys (INF Format):

HKLM,"System\CurrentControlSet\Control\WindowsEmbedded\ProductVersion","Feature
PackVersion",0x00000000,"SP3"

HKLM,"SYSTEM\WPA\WEPOS","Installed",0x10001,0

HKLM,"SYSTEM\WPA\WES","Installed",0x10001,0

HKLM,"SYSTEM\WPA\POSReady","Installed",0x10001,1

Or use notepad to copy the following and save as .reg file and run it:

==========
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WindowsEmbedded\ProductVer
sion]
"FeaturePackVersion"="SP3"

[HKEY_LOCAL_MACHINE\SYSTEM\WPA\WEPOS]
"Installed"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\WPA\WES]
"Installed"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\WPA\PosReady]
"Installed"=dword:00000001
===========

Restart your computer, and make sure WindozeUpdate service is running.
You will see there are updates for you to install! And your XP PC will
continue to recieve MS patches until the year 2019.

This is for 32-bit XP. There is a different method for 64-bit version
of XP (by spoofing Windows 2003 server).

This trick works because for the purposes of WindowsUpdate, it makes WU
think you're running POS2009 (Point Of Service 2009) which is basically
XP for cash registers and other "point-of-service" PC's. Microsoft
provides update support for POS2009 until 2019.

 

[Todd]

This probably will not last because MS will soon realize that there is
surprising number of cash registers connecting in from residential
addresses

DK

So M$ actually has the updates, but is withholding
them from the general public.

Oh well, that is what is bound to happen when
the same folks that own the roads also sells the
cars that run on it.

If Linux ever takes off, it will put an end to
this scurrilous behavior.

Now a regular business would just sell a subscription,
but ...

 

[Paul]

If Linux ever takes off, it will put an end to
this scurrilous behavior.

Actually, no it won't.

Linux is perfectly capable of
exactly the same scurrilous behavior.

That's why the package manager for my 7.04 copy
of Ubuntu, doesn't do anything. The servers are
turned off. I wanted to do a simple thing, like
get a copy of GCC for that distro, and compile
a package from source, and I couldn't even do that.
The disc doesn't have enough dev tools on it,
to bootstrap an environment in it.

*******

In Linux, there is a slight difference in
how distros distribute things.

In Gentoo, you do everything from source.
The distro is a "rolling" distro, meaning you never
have to reinstall the OS. The packages in the OS evolve,
you download updates, do another "build" of the World,
and you're up to date. This idea has rough edges,
and I've had to abandon Gentoo installations, when I
could no longer "move forward" or "move backward"
because something in the source tree broke. Basically,
to easily maintain Gentoo, you must to maintenance
regularly (weekly). Allowing too many changes to accumulate,
things could break and only an expert can get you
out of it. I left my distro for around nine months,
and when I tried to do maintenance, I was stuck.

In such an environment, if you downloaded all the source
(many gigabytes), you could basically do anything you
want with it. Since you have all the source, no one
can hold you hostage.

Other Linux setups (like Ubuntu), are binary distros.
They use a package manager, and you just download
pre-compiled code to the desktop. The lifecycle policy
on the Ubuntu web site, tells you how long the
servers will provide packages for that version of OS.
After that date, you can't get anything.

Since Gentoo is a source based distro, the source is
easy to get from a mirror site. With Ubuntu, they don't
exactly make all the source easy to get (they don't put
the source for all 15,000 Debian programs onto a giant
ISO for you).

With a binary distro, you're accepting the convenience
of pre-compiled binaries, with the understanding
of a strict lifecycle and cutoff date. Just like
WinXP had.

While POS2009 may have WinXP-like updates, it will
only have been tested on whatever constitutes POS2009
equipment and configurations. You could download one
of those updates, and discover it bricks some subsystem
on your WinXP. You don't have the assurance of as
broad a test plan. And certainly, someone manning the
phone line at Microsoft, for Windows Update, will tell
you to piss off, if you approach them with a POS2009
bug when it is applied to WinXP Desktop.

Paul

 

[Todd]

Actually, no it won't.

I am afraid you are right. Vista would have
done the trick, but people just suffered.
Folks are just suffering with Frankenstein
(W8) too. No one wants to be "different".
Getting a Windows user off of Windows is like
trying to get q drug addict off of crack cocaine.

Linux is perfectly capable of
exactly the same scurrilous behavior.

That is just wishful thinking on the part of
folks that like M$.

You can not run as an administrator and a user at the
same time. M$ makes it too easy.

You would never believe the crap on Windows I stop when I
take a user's administrator rights away.

Also, if you have time, take a look at this (SE Linux):
http://en.wikipedia.org/wiki/Security-Enhanced_Linux
Just try and hack that!

-T

 

[Paul]

Just try and hack that!

Never under-estimate the impact a user can have.

I could pop up a window that looks like
the Package Manager, get you to type in
the root password when prompted, then use
that password to do what I wanted. Phishing
is good enough.

When it comes to hacking things, it doesn't
have to be elegant. It just has to work.

Paul

 

[Todd]

Never under-estimate the impact a user can have.

You have a point there. The bad guys are looking
for "low hanging fruit". The user will never
cease to provide them with bushels and bushels.

I doubt that many of the bad guys will bother trying
to hack a system much any more. Just to easy to
trick the user. Just look at all the junkware the
users fall for!

I have clean off buckets of junkware from a computer and
had the same kind of crap (not necessarily the same ones)
back on their computer in a week. Yikes! The solution
is to take away their administrator's rights, like is
done on OSx and Linux. There is definitely a personality
involved with junkware.

I could pop up a window that looks like
the Package Manager, get you to type in
the root password when prompted, then use
that password to do what I wanted.

And when they call me to ask what their
root password is, I will shut them down.
Uses have the damnedest time remembering their
passwords (especially their wireless ones).

But, you do have a point. So far they haven't
employed this method with OSx and Linux yet.

Phishing
is good enough.

When it comes to hacking things, it doesn't
have to be elegant. It just has to work.

Paul

Here is a nice article from Security Focus on Linux
vs Windows and viruses.

http://www.securityfocus.com/columnists/188

Love the tag line:
To mess up a Linux box, you need to work at it;
to mess up your Windows box, you just need to
work on it.

-T