Jump to content
Strawberry Orange Banana Lime Leaf Slate Sky Blueberry Grape Watermelon Chocolate Marble
Strawberry Orange Banana Lime Leaf Slate Sky Blueberry Grape Watermelon Chocolate Marble

MSFN is made available via donations, subscriptions and advertising revenue. The use of ad-blocking software hurts the site. Please disable ad-blocking software or set an exception for MSFN. Alternatively, register and become a site sponsor/subscriber and ads will be disabled automatically. 



Kurt_Aust

HOWTO create a fully up to date XP x64 DVD (EoL Feb 2016)

Recommended Posts

Explorer09    4

There is one update replacement that Kurt_Aust did not find.

KB960803 (MS09-013) WinHTTP - Replaced by KB2638806 (MS12-006).

Edited by Explorer09

Share this post


Link to post
Share on other sites

Guest   
Guest

He knows about it, Explorer09. However, the Microsoft Update site checks for the following registry entry:

HKLM,"SOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\KB960803","Installed",0x10001,1

If it doesn't exist in the registry then MU will insist that KB960803 be installed. One sure way to get that registry entry is to install the update; the other is to add the entry manually.

Edited by 5eraph

Share this post


Link to post
Share on other sites
Explorer09    4

He knows about it, Explorer09. However, the Microsoft Update site checks for the following registry entry:

HKLM,"SOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\KB960803","Installed",0x10001,1

Does Windows Update checks about this registry entry?

HKLM,"SOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\KB2638806","Installed",0x10001,1

I can guess the reason. KB960803 and KB2638806 patch no files in the Windows directory. What the installer was doing is copying the Winhttp.dll into a cache folder (%windir%\WinSxS). Since Windows Update cannot tell the exact path where the file is copied, it will check the "Installed" registry entry.

The same problem should happen with KB2659262, am I right?

Share this post


Link to post
Share on other sites
Guest   
Guest

The update site does indeed check for the KB2638806 and KB2659262 related "Installed" values without checking the installed files; adding the entries alone will fool the update site into believing they are installed (and is obviously not a good idea to do at this time as it will leave you vulnerable ;)).

The reason it doesn't check the files is unknown to me. But I can tell you that the site can tell the exact path where the files are copied, as it did with KB938464-v2 due to the fact that v1 of the update package had an installation issue.

Edited by 5eraph

Share this post


Link to post
Share on other sites
Kurt_Aust    6

Glad that 5eraph has cleared that up, I'm sure I'm not alone in not always being impressed with how Windows Update handles things.

Share this post


Link to post
Share on other sites
Explorer09    4

Okay, may you guys help me try this thing?

Keep the KB2638806's "Installed" registry entry and remove the KB960803 one. Then check Windows Update and see if it still offers KB960803.

I think the answer would be no, but I don't have the time and hardware to try that out.

Share this post


Link to post
Share on other sites
Guest   
Guest

The answer is yes, it still offers KB960803. I told you that already.

It's not hard to test on a running system. And it's easy to add the registry entry in RegEdit after it's been removed for testing. It should take no more than a couple minutes to remove the registry entry using RegEdit, check the update website, then add the entry back and check again.

Share this post


Link to post
Share on other sites
Kurt_Aust    6

nLite bug fix and optional updates

Deletion:

Hotfix\084-WindowsServer2003.WindowsXP-KB946026-x64-ENU.exe

Move and Rename:

Hotfix\528-WindowsServer2003.WindowsXP-KB2296011-x64-ENU.exe to RunOnce\WindowsServer2003.WindowsXP-KB2296011-x64-ENU.exe

Hotfix\776-WindowsServer2003.WindowsXP-KB2638806-x64-ENU.exe to RunOnce\WindowsServer2003.WindowsXP-KB2638806-x64-ENU.exe

Hotfix\820-WindowsServer2003.WindowsXP-KB2659262-x64-ENU.exe to RunOnce\WindowsServer2003.WindowsXP-KB2659262-x64-ENU.exe

Replace (optional):

# . RunOnce\WindowsUpdateAgent30-x64.exe 7,740,264

Additions (all at Hotfix):

@ . . . 440-WindowsServer2003.WindowsXP-KB982666-x64-ENU.exe . . . 1,637,248 . MS10-040 - Internet Information Services (IIS)

@ 608-WindowsServer2003.WindowsXP-KB2478953-x64-ENU.exe . . 5,054,336 . MS11-005 - Active Directory

@ . . . 068-WindowsServer2003.WindowsXP-KB925066-x64-ENU.exe .. . . . 764,808 . Distributed File System (DFS)

@ . . . 108-WindowsServer2003.WindowsXP-KB955417-x64-ENU.exe .. . . . 763,440 . Don't trust the French with your secrets

# . 260-WindowsServer2003.WindowsXP-KB955704-x64-ENU.exe . . 13,240,192 . exFAT file system

@ . . . 172-WindowsServer2003.WindowsXP-KB960680-v2-x64-ENU.exe . . 715,640 . Currency Symbols

@ . . . 256-WindowsServer2003.WindowsXP-KB971314-x64-ENU.exe .. . . . 895,888 . PCL Inbox Printer Drivers

@ . . . 488-WindowsServer2003.WindowsXP-KB2264107-x64-ENU.exe . . 2,261,376 . External Libraries Load Control

Thank you Explorer09 for reporting that nLite bug, I'll have to keep an eye out in future for that ASMS folder.

I've also taken a look at the optional updates that 5eraph includes and added those that aren't Hotfix by Request (HBRs), I already had most of them, the most significant addition being exFAT partition support.

Share this post


Link to post
Share on other sites
Explorer09    4

Additions (all at Hotfix):

@ . . . 440-WindowsServer2003.WindowsXP-KB982666-x64-ENU.exe . . . 1,637,248 . MS10-040 - Internet Information Services (IIS)

@ 608-WindowsServer2003.WindowsXP-KB2478953-x64-ENU.exe . . 5,054,336 . MS11-005 - Active Directory

@ . . . 068-WindowsServer2003.WindowsXP-KB925066-x64-ENU.exe .. . . . 764,808 . Distributed File System (DFS)

@ . . . 108-WindowsServer2003.WindowsXP-KB955417-x64-ENU.exe .. . . . 763,440 . Don't trust the French with your secrets

# . 260-WindowsServer2003.WindowsXP-KB955704-x64-ENU.exe . . 13,240,192 . exFAT file system

@ . . . 172-WindowsServer2003.WindowsXP-KB960680-v2-x64-ENU.exe . . 715,640 . Currency Symbols

@ . . . 256-WindowsServer2003.WindowsXP-KB971314-x64-ENU.exe .. . . . 895,888 . PCL Inbox Printer Drivers

@ . . . 488-WindowsServer2003.WindowsXP-KB2264107-x64-ENU.exe . . 2,261,376 . External Libraries Load Control

In the MS security bulletin, it say that Windows XP x64 does not need the MS10-040 (KB982666) update, and

http://technet.microsoft.com/en-us/security/Bulletin/MS10-040

[1]This operating system [Windows 2003/Vista/2008] is only affected when Extended Protection for Authentication has been installed.

Also KB2478953 is unnecessary because Active Directory Application Mode (ADAM) is not part of the standard installation of Windows XP x64.

Edited by Explorer09

Share this post


Link to post
Share on other sites
Guest   
Guest

The affected component described in KB982666 is Internet Information Services 6, which is included in the x64 versions of both WinXP and Win2003. If you check the Applies To section of KB973917 you'll see that "Extended Protection for Authentication in Internet Information Services (IIS)" does apply to Windows XP x64, which strongly suggests that KB982666 should apply as well. KB982666 installs in Windows XP x64. It's better to be safe than sorry.

KB2478953 still applies to Windows XP x64 and directly replaces NetLogon.dll and wNetLogon.dll in the source. ADAM need not be present to slipstream with nLite. When slipstreamed it's one less update that needs to be installed later if the machine needs access to a network where Active Directory is in use.

Share this post


Link to post
Share on other sites
Kurt_Aust    6

5eraph: You've got to admit, the KB955417 note accurately describes what in fact is fixed and is less obscure about it than most such notes.

Explorer09: Yes I did read the description on KB982666 and KB2478953 when they first came out which is why they weren't included at that time. As you might note they are now included only as optional updates, as indicated by the green description note.

Share this post


Link to post
Share on other sites
Explorer09    4

Explorer09: Yes I did read the description on KB982666 and KB2478953 when they first came out which is why they weren't included at that time. As you might note they are now included only as optional updates, as indicated by the green description note.

Yes, I see. But my problem is that neither of these updates have been offered to me by Windows Update, and MS has clearly said that Windows XP x64 is not affected.

I think you would better write a footnote about the reason why you include them. Something like this:

"Although Windows XP x64 is not affected by the vulnerability described in MS10-040 and MS11-005, these two updates patch some Windows XP x64 files and provides optional extended protection."

By the way, KB982666 replaces KB973917, and KB973917 replaces KB970430. So would you also remove KB970430 from the list?

Edited by Explorer09

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now


  • Recently Browsing   0 members

    No registered users viewing this page.

×