Explorer09 Posted May 13, 2012 Share Posted May 13, 2012 (edited) There is one update replacement that Kurt_Aust did not find.KB960803 (MS09-013) WinHTTP - Replaced by KB2638806 (MS12-006). Edited May 13, 2012 by Explorer09 Link to comment Share on other sites More sharing options...
Guest Posted May 13, 2012 Share Posted May 13, 2012 (edited) He knows about it, Explorer09. However, the Microsoft Update site checks for the following registry entry:HKLM,"SOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\KB960803","Installed",0x10001,1If it doesn't exist in the registry then MU will insist that KB960803 be installed. One sure way to get that registry entry is to install the update; the other is to add the entry manually. Edited May 13, 2012 by 5eraph Link to comment Share on other sites More sharing options...
Explorer09 Posted May 13, 2012 Share Posted May 13, 2012 He knows about it, Explorer09. However, the Microsoft Update site checks for the following registry entry:HKLM,"SOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\KB960803","Installed",0x10001,1Does Windows Update checks about this registry entry?HKLM,"SOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\KB2638806","Installed",0x10001,1I can guess the reason. KB960803 and KB2638806 patch no files in the Windows directory. What the installer was doing is copying the Winhttp.dll into a cache folder (%windir%\WinSxS). Since Windows Update cannot tell the exact path where the file is copied, it will check the "Installed" registry entry.The same problem should happen with KB2659262, am I right? Link to comment Share on other sites More sharing options...
Guest Posted May 14, 2012 Share Posted May 14, 2012 (edited) The update site does indeed check for the KB2638806 and KB2659262 related "Installed" values without checking the installed files; adding the entries alone will fool the update site into believing they are installed (and is obviously not a good idea to do at this time as it will leave you vulnerable ).The reason it doesn't check the files is unknown to me. But I can tell you that the site can tell the exact path where the files are copied, as it did with KB938464-v2 due to the fact that v1 of the update package had an installation issue. Edited May 14, 2012 by 5eraph Link to comment Share on other sites More sharing options...
Kurt_Aust Posted May 14, 2012 Author Share Posted May 14, 2012 Glad that 5eraph has cleared that up, I'm sure I'm not alone in not always being impressed with how Windows Update handles things. Link to comment Share on other sites More sharing options...
Explorer09 Posted May 14, 2012 Share Posted May 14, 2012 Okay, may you guys help me try this thing?Keep the KB2638806's "Installed" registry entry and remove the KB960803 one. Then check Windows Update and see if it still offers KB960803.I think the answer would be no, but I don't have the time and hardware to try that out. Link to comment Share on other sites More sharing options...
Guest Posted May 14, 2012 Share Posted May 14, 2012 The answer is yes, it still offers KB960803. I told you that already.It's not hard to test on a running system. And it's easy to add the registry entry in RegEdit after it's been removed for testing. It should take no more than a couple minutes to remove the registry entry using RegEdit, check the update website, then add the entry back and check again. Link to comment Share on other sites More sharing options...
Explorer09 Posted May 16, 2012 Share Posted May 16, 2012 (edited) Yes, I get it. Time to blame Microsoft.(Tested today on a freshly-installed Win XP x64 on VirtualBox) Edited May 16, 2012 by Explorer09 Link to comment Share on other sites More sharing options...
Explorer09 Posted May 30, 2012 Share Posted May 30, 2012 Oh no, nLite did not directly integrate these updates completely.KB960803KB2296011KB2638806KB2659262Did anyone notice that? Link to comment Share on other sites More sharing options...
Kurt_Aust Posted June 2, 2012 Author Share Posted June 2, 2012 nLite bug fix and optional updatesDeletion:Hotfix\084-WindowsServer2003.WindowsXP-KB946026-x64-ENU.exeMove and Rename:Hotfix\528-WindowsServer2003.WindowsXP-KB2296011-x64-ENU.exe to RunOnce\WindowsServer2003.WindowsXP-KB2296011-x64-ENU.exeHotfix\776-WindowsServer2003.WindowsXP-KB2638806-x64-ENU.exe to RunOnce\WindowsServer2003.WindowsXP-KB2638806-x64-ENU.exeHotfix\820-WindowsServer2003.WindowsXP-KB2659262-x64-ENU.exe to RunOnce\WindowsServer2003.WindowsXP-KB2659262-x64-ENU.exeReplace (optional):# ▼. RunOnce\WindowsUpdateAgent30-x64.exe 7,740,264Additions (all at Hotfix):@ . . . 440-WindowsServer2003.WindowsXP-KB982666-x64-ENU.exe . . . 1,637,248 . MS10-040 - Internet Information Services (IIS)@ ▼ 608-WindowsServer2003.WindowsXP-KB2478953-x64-ENU.exe . . 5,054,336 . MS11-005 - Active Directory@ . . . 068-WindowsServer2003.WindowsXP-KB925066-x64-ENU.exe .. . . . 764,808 . Distributed File System (DFS)@ . . . 108-WindowsServer2003.WindowsXP-KB955417-x64-ENU.exe .. . . . 763,440 . Don't trust the French with your secrets# ▼. 260-WindowsServer2003.WindowsXP-KB955704-x64-ENU.exe . . 13,240,192 . exFAT file system@ . . . 172-WindowsServer2003.WindowsXP-KB960680-v2-x64-ENU.exe . . 715,640 . Currency Symbols@ . . . 256-WindowsServer2003.WindowsXP-KB971314-x64-ENU.exe .. . . . 895,888 . PCL Inbox Printer Drivers@ . . . 488-WindowsServer2003.WindowsXP-KB2264107-x64-ENU.exe . . 2,261,376 . External Libraries Load ControlThank you Explorer09 for reporting that nLite bug, I'll have to keep an eye out in future for that ASMS folder.I've also taken a look at the optional updates that 5eraph includes and added those that aren't Hotfix by Request (HBRs), I already had most of them, the most significant addition being exFAT partition support. Link to comment Share on other sites More sharing options...
Guest Posted June 3, 2012 Share Posted June 3, 2012 LOL @ KB955417. Caught me off guard. Link to comment Share on other sites More sharing options...
Explorer09 Posted June 4, 2012 Share Posted June 4, 2012 (edited) Additions (all at Hotfix):@ . . . 440-WindowsServer2003.WindowsXP-KB982666-x64-ENU.exe . . . 1,637,248 . MS10-040 - Internet Information Services (IIS)@ ▼ 608-WindowsServer2003.WindowsXP-KB2478953-x64-ENU.exe . . 5,054,336 . MS11-005 - Active Directory@ . . . 068-WindowsServer2003.WindowsXP-KB925066-x64-ENU.exe .. . . . 764,808 . Distributed File System (DFS)@ . . . 108-WindowsServer2003.WindowsXP-KB955417-x64-ENU.exe .. . . . 763,440 . Don't trust the French with your secrets# ▼. 260-WindowsServer2003.WindowsXP-KB955704-x64-ENU.exe . . 13,240,192 . exFAT file system@ . . . 172-WindowsServer2003.WindowsXP-KB960680-v2-x64-ENU.exe . . 715,640 . Currency Symbols@ . . . 256-WindowsServer2003.WindowsXP-KB971314-x64-ENU.exe .. . . . 895,888 . PCL Inbox Printer Drivers@ . . . 488-WindowsServer2003.WindowsXP-KB2264107-x64-ENU.exe . . 2,261,376 . External Libraries Load ControlIn the MS security bulletin, it say that Windows XP x64 does not need the MS10-040 (KB982666) update, andhttp://technet.microsoft.com/en-us/security/Bulletin/MS10-040[1]This operating system [Windows 2003/Vista/2008] is only affected when Extended Protection for Authentication has been installed.Also KB2478953 is unnecessary because Active Directory Application Mode (ADAM) is not part of the standard installation of Windows XP x64. Edited June 4, 2012 by Explorer09 Link to comment Share on other sites More sharing options...
Guest Posted June 4, 2012 Share Posted June 4, 2012 The affected component described in KB982666 is Internet Information Services 6, which is included in the x64 versions of both WinXP and Win2003. If you check the Applies To section of KB973917 you'll see that "Extended Protection for Authentication in Internet Information Services (IIS)" does apply to Windows XP x64, which strongly suggests that KB982666 should apply as well. KB982666 installs in Windows XP x64. It's better to be safe than sorry.KB2478953 still applies to Windows XP x64 and directly replaces NetLogon.dll and wNetLogon.dll in the source. ADAM need not be present to slipstream with nLite. When slipstreamed it's one less update that needs to be installed later if the machine needs access to a network where Active Directory is in use. Link to comment Share on other sites More sharing options...
Kurt_Aust Posted June 5, 2012 Author Share Posted June 5, 2012 5eraph: You've got to admit, the KB955417 note accurately describes what in fact is fixed and is less obscure about it than most such notes.Explorer09: Yes I did read the description on KB982666 and KB2478953 when they first came out which is why they weren't included at that time. As you might note they are now included only as optional updates, as indicated by the green description note. Link to comment Share on other sites More sharing options...
Explorer09 Posted June 7, 2012 Share Posted June 7, 2012 (edited) Explorer09: Yes I did read the description on KB982666 and KB2478953 when they first came out which is why they weren't included at that time. As you might note they are now included only as optional updates, as indicated by the green description note.Yes, I see. But my problem is that neither of these updates have been offered to me by Windows Update, and MS has clearly said that Windows XP x64 is not affected.I think you would better write a footnote about the reason why you include them. Something like this:"Although Windows XP x64 is not affected by the vulnerability described in MS10-040 and MS11-005, these two updates patch some Windows XP x64 files and provides optional extended protection."By the way, KB982666 replaces KB973917, and KB973917 replaces KB970430. So would you also remove KB970430 from the list? Edited June 7, 2012 by Explorer09 Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now