Jump to content

Welcome to MSFN Forum
Register now to gain access to all of our features. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more. This message will be removed once you have signed in.
Login to Account Create an Account


Photo

Windows Updates

- - - - -

  • Please log in to reply
758 replies to this topic

#51
tommyp

tommyp

    MSFN Addict

  • Developer
  • 1,680 posts
  • OS:none specified
  • Country: Country Flag
Thanks Martin. Your contributions are always welcomed. I'm glad that you're double checking this stuff, there are too many variations to test out. I think the active directory one you mention is way old. 926122 was superceded by 943484 which was superceded by 949014 which was superceded by 957280 (Oct 2008). I'm not sure why WU says it's needed. You do bring up a valid one with the 938127. I'll add i to the 2K/IE5 variant.
Posted Image


How to remove advertisement from MSFN

#52
Martin H

Martin H

    Friend of MSFN

  • Member
  • PipPipPipPipPip
  • 802 posts
  • OS:none specified
Thanks alot, my friend :)

CU, Martin.

/* Moved to Linux - Thanks for a nice stay all! */
Posted Image


#53
pointertovoid

pointertovoid

    Advanced Member

  • Member
  • PipPipPip
  • 465 posts
Hello everybody! Happy new year to all.
I've been following this thread for some time and used HfSlip with pleasure.

In TommyP's list from January (updated 1/13/09 4:56 PM), I can still see KB951071 which I believe is obsolete. (Another forum member already noticed it in December). From my notes,

MS08-065 KB951071 replaces MS07-065 KB937894

Thanks to TommyP for his list, it really helps.
Bye!

Edited: I've just read "Another spammer" instead of "Another forum member" in my post. I certainly didn't mean spammer, and I'm quite sure I didn't write it. I fear my account is pirated.

Edited by pointertovoid, 16 January 2009 - 06:51 PM.


#54
pointertovoid

pointertovoid

    Advanced Member

  • Member
  • PipPipPip
  • 465 posts
KB955417 should be useful at least to French users of W2k-Xp-2k3...

You may enjoy (or regret) the explanation by Microsoft here:
http://support.micro...n...p;x=12&y=12

In short, if you install a W2k-Xp-2k3 in any language with the option "French-France" then you get a fixed "secret" key for your PStore, or "protected storage system". Yes, that's it: you have the very same key as the French interior minister has.

PStore is where, for instance, Outlook Express stores your secret key to access your mail account.
And many other programs do similar "secure" storages, it's there:
HKEY_CURRENT_USER\Software\Microsoft\Protected Storage System Provider
EFS, the file encryption by Ntfs (which should be avoided anyway for other reasons) as well stores the encryption key in PStore.

I find the explanation by Microsoft interesting to read, as
- Other countries had restrictive laws on cryptography in 1999. Did these allow a working PStore then? Or don't they allow a patch now?
- French law allowed cryptography with short keys (about 40 bits) then, if memory serves. It would have been easy to truncate the key to 40 bits instead of zero bit, to my feeling.
- And with 40 bits keys, Microsoft could have disclosed this restriction. With zero bit keys, all the user's interface gives the impression of a properly working PStore.
- French law changed in 1999 to allow 128 bits and shortly later to allow any key length without governmental approval.
W2k had an Sp1, Sp2, Sp3, Sp4, R1 and about 70 patches before KB955417 was issued in 2008.
Xp appeared 2 years after the 1999 law and had an Sp1, Sp2 and Sp3.
W2k3 appeared 4 years after 1999 and had an Sp1 and Sp2.
(As for Nt4, Microsoft doesn't issue any patch more, so it's everyone's guess whether the unique secret key impacted it or not)
- KB955417 is not published as a security bulletin, but rather as a kind of "function improvement" covered by Wga... Though, my feeling is that the unique key does impact security.
So may I express the shadow of my doubt whether Microsoft had all the necessary freedom to improve this weakness quickly?

Microsoft's proposal with KB955417 is that it recreates the account's PStores with a new, this time random, secret key, and transfers the contents of PStore. This sounds good, and gives us all reason to use KB955417 with confidence.

Another parry (can probably be combined with KB955417) to be considered would be, at least for new installations of W2k-Xp-2k3, to choose the "French-Switzerland" or "French-Canada" option (or any free country) when creating the administrator account and later any user account, and switch to "French-France" for normal use if this is of any advantage.

May I point out that, since any foreign governmental agency knows as much as the French do, such a weakness on nearly all computers in France may be fine for some French governmental agencies, but is not the country's best interest?

#55
tommyp

tommyp

    MSFN Addict

  • Developer
  • 1,680 posts
  • OS:none specified
  • Country: Country Flag
Thanks for the clarification on that outdated hotifx. Unfortunately I will not include the french pstore issue with my list. I am trying to maintain a critical update list only, just as the_guy did.
Posted Image

#56
pointertovoid

pointertovoid

    Advanced Member

  • Member
  • PipPipPip
  • 465 posts
Hi TommyP and everybody!

What about MsXml2 and MsXml3:

I believe to understand from http://en.wikipedia.org/wiki/MSXML that Xml2.5 ships with W2k and comprises the file MsXml.dll (and MsXmlr.dll and MsXmla.dll, all without a number) and is replaced by Xml3 - could you confirm that no application can call Xml2.5 when Xml3 is installed? I'm not easy with Clsid.

This would be a different case from Xml3, 4, 6 which can and should coexist side-by-side.

In this case, my impression is that slipping Xml3, Xml4 and Xml6 with their latest Sp's makes W2k as up-to-date as possible, and that adding an Sp to Xml2 (as is proposed in TommyP's list) is less secure than adding Xml3. What's your opinion?

The downloadable installer for Xml2 seems to be redundant with the one brought by W2k, and less good since it's not translated.

For my own list, I don't check any more if an update is critical, as this takes me more time than noting all updates, and as Microsoft marks as uncritical some weakness that are critical to my eyes.

As for PStore: I believe KB955417 is an awful lot more critical than announced by Microsoft - but if you plan to set your Win on Dutch or Portuguese you don't have to care.

#57
tommyp

tommyp

    MSFN Addict

  • Developer
  • 1,680 posts
  • OS:none specified
  • Country: Country Flag
It's not really my call what you want to slipstream. I can only suggest what files to put where to get a successful installation. In fact, I have other non-essential hotfixes that aren't listed in my hotfix list but are in my HF folder to take care of USB issues and driver specific issues. Anyway, if you want msxml, then just put those files where they need to go. If you don't want it, then don't put them there. If you intentionally omit a file, things may not work (as in the case with msxml).

I did a little comparison on this msxml updates.

Windows 2k SP4 ships with msxml.dll and msxmlr.dll versions 8.0.6730.0. This is updated via KB955069. This is on the upper part of the list.

Windows 2k SP4 does not ship with msxml3. However, if one installs IE6 OR the post SP4 rollup, you introduce MSXML3.dll and MSXML3R.dll to the system. The final version is in the post sp4 rollup.

Windows 2k does not ship with msxml2.dll. However, if one optionally chooses to slipstream other msxml types, they can, and this is in the optional section of the list. I extracted the files to see what was included and you will need both files in the HF directory because the XML-SP does not include all the MSXML files needed.
msxml3.msi - msxml2.dll msxml2a.dll and msxml2r.dll versions 8.30.9530.0
msxml2sp6-kb887606 - msxml2.dll version 8.30.9531.0 but does not include the required 2a and 2r files.
Posted Image

#58
pointertovoid

pointertovoid

    Advanced Member

  • Member
  • PipPipPip
  • 465 posts
Xml2 files from W2k don't always bear a "2", and that's confusing.

That is, the Msxml.dll v8.00.6730.0, Msxmla.dll and Msxmlr.dll that ship with W2ksp3 are Xml2.
I refer to Microsoft's list: http://support.microsoft.com/kb/269238
This is why I believe the Xml2 installer KB823490 is not needed.

Though, I didn't find in Microsoft's list KB269238 (linked above) a confirmation from Wiki's assessment, that installing Xml3 prevents applications from accessing Xml2. KB269238 says rather that MS06-61 defines a kill bit that prevents just Internet Explorer from using Xml2.6.

So I still ignore if updating Xml2 is still necessary after installing Xml3.

#59
pointertovoid

pointertovoid

    Advanced Member

  • Member
  • PipPipPip
  • 465 posts
I've just tried to install msxml2sp6-kb887606 on a working W2k sp4 r1 ie6.0sp1 Mdac2.8sp1 that already has up-to-date Xml3, Xml4 and Xml6.

It is true that msxml2sp6-kb887606 wants to have msxml2.msi added to W2k before msxml2sp6 can be installed.

Even more bizarre, both let W2k's Msxml.dll and Msxmlr.dll untouched - these are the old xml2 brought by Mdac and others.

msxml2.msi adds xml2 files called Msxml2.dll and Msxmlr2.dll (note the "2" in the name) and msxml2sp6 updates Msxml2.dll.

Now, considering that
- Xml3 is supposed to replace Xml2 and take over all calls to Xml2
- Xml2 isn't maintained any more by Microsoft (since 2004 !)
- But all these dll do have exposed entry points that a virus could - might - perhaps call
- And neither msxml2.msi nor msxml2sp6 suppresses the older dll but add more unmaintained dll,

I consider that adding msxml2.msi and msxml2sp6 brings no functionality but makes W2k weaker instead of stronger, and won't use them unless someone has other arguments in their favour.

Has somebody tried to suppress Msxml.dll and Msxmlr.dll from W2k as well? As they aren't used by honest software any more, Win would be stronger without them. Wouldn't it?

#60
tommyp

tommyp

    MSFN Addict

  • Developer
  • 1,680 posts
  • OS:none specified
  • Country: Country Flag
pointertovoid - Please keep this thread for corrections to the WU list. If you wish to have msxml discussions, please begin a new thread. Thanks.
Posted Image

#61
bfc_xxx

bfc_xxx

    Member

  • Member
  • PipPip
  • 158 posts
KB951748 is removed from hfslip list but it keeps showing on WU. Why?

#62
tommyp

tommyp

    MSFN Addict

  • Developer
  • 1,680 posts
  • OS:none specified
  • Country: Country Flag
bfc - There's 3 or 4 messages in this thread that address this. My initial hotfix list included this. There was messages that said that it wasn't needed (or at least WU and the MSBLA didn't say it was needed). So, I removed it. I have no problem adding it to the list again.

Can someone please verify that KB951748 is needed? (sorry I don't and won't use XP so I can't check).
Posted Image

#63
Ruu

Ruu

    Newbie

  • Member
  • 14 posts

bfc - There's 3 or 4 messages in this thread that address this. My initial hotfix list included this. There was messages that said that it wasn't needed (or at least WU and the MSBLA didn't say it was needed). So, I removed it. I have no problem adding it to the list again.

Can someone please verify that KB951748 is needed? (sorry I don't and won't use XP so I can't check).


I just did a fresh install about 4 days ago; KB951748 shows up in Windows Updates, so yes, I think it's needed.

#64
sabregreen

sabregreen

    Junior

  • Member
  • Pip
  • 94 posts
Correct, KB951748 is needed. I have verified this as well.

#65
tommyp

tommyp

    MSFN Addict

  • Developer
  • 1,680 posts
  • OS:none specified
  • Country: Country Flag
Thanks for the feedback. I just emailed FDV the updated list.
Posted Image

#66
James_A

James_A

     

  • Member
  • PipPip
  • 153 posts

... There was messages that said that it wasn't needed (or at least WU and the MSBLA didn't say it was needed). So, I removed it. I have no problem adding it to the list again.

Can someone please verify that KB951748 is needed? (sorry I don't and won't use XP so I can't check).


The reason why WU and MBSA did not list KB951748 on XP SP3 systems was due to a mistake in detection by Microsoft -- they revised the security bulletin on January 13, 2009 and now state that this WU/MBSA detection error has been corrected.

.

#67
turdflinger

turdflinger

    Newbie

  • Member
  • 14 posts
Yea, that's what I was trying to say in this post http://www.msfn.org/...o...st&p=819917

951748 ... should probably be included in a slipstream process regardless of what WUA and MBSA 2.1 indicate (or don't indicate as the case may be).

I left it in my updates because http://www.microsoft...n/MS08-037.mspx didn't have any prior bulletins issued for XPsp3.

tf

#68
Shardis

Shardis
  • Member
  • 7 posts
Was checking the XP list and noticed couple items for the Optional section for accessing Windows Update.

I saw you did not have wuweb_site.cab listed at all (Windows Update ActiveX control) (http://update.micros.../wuweb_site.cab). Figured you might want to add it since you have the equivalent listed for Microsoft Update.

Also they apparently finally updated LegitCheckControl.cab to something closer to what is in WGA Notification. The current version of the cab is now 1.9.0009.0 version modified on January 7, 2009.

Edited by Shardis, 21 January 2009 - 05:43 AM.


#69
jimmsta

jimmsta

    computer janitor

  • Member
  • PipPipPip
  • 386 posts
  • OS:Windows 8.1 x64
  • Country: Country Flag
KB955704 has been released for XP SP2 and SP3, and adds exFAT support to the filesystem.
Creator and Maintainer of BootZilla.org

#70
wela

wela

    Member

  • Member
  • PipPip
  • 132 posts
@ shardis
:hello:
Do u have a link to new Legitcheckcontroll.cab???

#71
tommyp

tommyp

    MSFN Addict

  • Developer
  • 1,680 posts
  • OS:none specified
  • Country: Country Flag
jimmsta - The update hotfix list is for critical updates, not miscellaneous ones. I won't add exfat support to the list.

wela - Please visit the update list to get the Jan 7, 2009 version. If there is a later one, please advise with a hyperlink. :)
Posted Image

#72
krose

krose

    Junior

  • Member
  • Pip
  • 78 posts
  • OS:Windows 7 x64
  • Country: Country Flag
There is another ActiveX killbits update KB960715 that is not listed on the Feb. security bulletin. It shows up in WU for 2K and XP. It is cumulative and replaces KB956391.

Edit: Works with the last HFSLIP beta 01/07/09

Edited by krose, 11 February 2009 - 04:15 PM.


#73
tommyp

tommyp

    MSFN Addict

  • Developer
  • 1,680 posts
  • OS:none specified
  • Country: Country Flag
Thanks krose. :hello:
Posted Image

#74
willydejoe1234

willydejoe1234

    Junior

  • Member
  • Pip
  • 62 posts
Yes .. perfect work in last beta (KB960715)..check and confirmed

#75
Acheron

Acheron

    Friend of MSFN

  • Member
  • PipPipPipPipPip
  • 988 posts
  • OS:XP Pro x86
  • Country: Country Flag
I'm using a slightly modified HFSLIP 1.7.9 revision D version and I'm amazed it's doing its job without any issues on even the newest hotfixes. I expected at least problems with KB952013, KB955704 or KB961118 but after testing in VMWARE I see every hotfix got installed properly.

I use OnePiece's hotfix list as a reference for creating a Dutch XP SP3 CD. I now have a total number of 145 non-superseded hotfixes in the HF folder, and only one in HFSVCPACK_SW1 (KB955839 timezone update).

:thumbup

The only things I don't integrate currently are Windows Installer 4.5 and Windows Desktop Search 4.0. I don't care about Windows Desktop Search 4.0 but what's the status of Windows Installer 4.5 integrating support?
Say no to bloatware. Download Nero Lite!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users



How to remove advertisement from MSFN