[bristols]

Windows 2000 Post-SP4 Updates for HFSLIP

A small update:

Superseded updates

- 979402 is superseded by 2378111 (Windows Media Player 9) (thanks tomasz86)

Other changes

- Updated the notes for 891861 (Update Rollup 1). If your computer has a multi-core or hyperthreading CPU, you’re advised to apply a registry fix, as explained in the KB919521 article.

[bristols]

Windows 2000 Post-SP4 Updates for HFSLIP

29 August 2011

Added: updates

- Added 901377 and 904765 (thanks tomasz86).

Other changes

- Updated the notes for the Internet Explorer 6 CABs IEW2K_4.CAB and WAB.CAB. Extra steps need to be taken to ensure that all IE6-related files are properly installed (thanks tomasz86).
- Updated the folder for 899591 and 829884 from HF to HFSVCPACK_SW1 (thanks tomasz86).
- Updated the folder for 817855 from HF to HFSVCPACK_SW2 (thanks tomasz86).

Removed

- Removed 819753 (replaced by 901377).

All changes can be found in the Changelog.

This post has been edited by bristols: 30 August 2011 - 07:50 AM

[bristols]

Windows 2000 Post-SP4 Updates for HFSLIP

A small update:

Added

- Added Adobe Flash Player SWFLASH.CAB, 25 August 2011 release (10.3.183.7) (thanks jvidal).

Removed

- Removed Adobe Flash Player SWFLASH.CAB, 9 August 2011 release (10.3.183.5).

[Mim0]

new updates for XP this month:

- KB2570947 (MS11-071)
- KB2616676 (update of Security Advisory 2607712, replaces KB2607712)
- and of course MSRT (v4.0)

List and file-checker will be updated as soon as possible [/font]

This post has been edited by Mim0: 14 September 2011 - 12:06 AM

[-X-]

I'm not so sure that KB2616676 replaces KB2607712.

I did a file comparison and while crypt32.dll was indeed updated to 5.131.2600.6149, when I looked at update_SP3QFE.inf there where discrepancies.





When reading the bulletin, I came across this...

Quote

Known issues

• We are investigating an issue with update 2616676 for all Windows XP-based and Windows Server 2003-based systems.
  
  The versions of update 2616676 for Windows XP and for Windows Server 2003 contain only the latest six digital certificates that are cross-signed by GTE and Entrust. These versions of the update do not contain the digital certificates that were included in update 2607712. Update 2616676 incorrectly precedes update 2607712. Therefore, if you install update 2616676 and have not already installed update 2607712, you will not be offered update 2607712 from Windows Update. You must manually install update 2607712.
  
  To install update 2607712, visit the following Microsoft website, and then select the download link that is appropriate for your system: http://support.micro....com/kb/2607712 (http://support.micro....com/kb/2607712) If you install update 2607712, and then you install update 2616676, your system will be protected against the vulnerability that is described in Security Bulletin 2607712 (http://technet.micro...dvisory/2607712) .
  
  Systems that are running Windows Vista, Windows 7, Windows Server 2008, and Windows Server 2008 R2 are not affected by this issue.
  
  We will issue an update to update 2616676 when testing is complete.
  
  Microsoft is researching this problem and will post more information in this article when the information becomes available.

Any thoughts?

This post has been edited by -X-: 16 September 2011 - 01:06 AM

[Mim0]

-X-, on 16 September 2011 - 01:05 AM, said:

I'm not so sure that KB2616676 replaces KB2607712.
...

thoughts?

Yes, I wrote this, because of this MSRC-Blog-Posting:

Quote

...
In an effort to protect customers, last week we released Security Advisory 2607712 along with a non-security update to add fraudulent DigiNotar certificates to the Windows Untrusted Certificate Store. Today, we are releasing another update (2616676), adding six additional DigiNotar root certificates that are cross-signed by Entrust and GTE, to the Untrusted Certificate Store. Update 2616676 supersedes 2607712 and contains the full list of certificates which are:[/font]

• DigiNotar Root CA
• DigiNotar Root CA G2
• DigiNotar PKIoverheid CA Overheid
• DigiNotar PKIoverheid CA Organisatie - G2
• DigiNotar PKIoverheid CA Overheid en Bedrijven
• DigiNotar Root CA Issued by Entrust (2 certificates)*
• DigiNotar Services 1024 CA Issued by Entrust*
• Diginotar Cyber CA Issued by GTE CyberTrust (3 certificates)*

...

But with the issue-description in KB2616676 it's better to use also 2607712.

-- EDIT
Link to MSRC-Blog added

This post has been edited by Mim0: 16 September 2011 - 03:21 AM

[-X-]

Silly MS!

So which is it? What's said in More on DigiNotar Certificates, and September Bulletins or KB2616676?

EDIT:

Oh wait. Read the bottom...

Quote

UPDATE: We have updated the Known Issues section of KB 2616676 to notify customers using Windows XP and Windows Server 2003 who downloaded update 2616676, that the update only contains the latest six digital certificates that are cross-signed by GTE and Entrust. These update versions do not also contain the digital certificates that were included in update 2607712. Customers who install update 2607712, and then install update 2616676, will be protected against the fraudulent certificates described in Security Advisory 2607712.

I guess you need both.

This post has been edited by -X-: 16 September 2011 - 02:28 AM

[Mim0]

-X-, on 16 September 2011 - 02:25 AM, said:

..

Quote

...We have updated the Known Issues section of KB 2616676 ...

...
I guess you need both.

Yes, that's also my thought when reading it...

Mim0, on 16 September 2011 - 01:46 AM, said:

...
But with the issue-description in KB2616676 it's better to use also 2607712.

[mukke]

it seems not slipstreaming both of them but rather install/get them manually (2607712 before 2616676) after the os is set up is easiest way to ensure all certification stuff is applied correctly until M$

Quote

issue an update to update 2616676

[bristols]

Windows 2000 Post-SP4 Updates for HFSLIP

18 September 2011

Added: updates

- Added 982214 v2 (thanks WildBill).
- Added 927779 v2 (for MDAC 2.81), 2510587 (for Windows Script 5.6), Script 5.8 (for Windows Script 5.8), 927489 (thanks tomasz86).
- Added 839264 (thanks tomasz86).

Other changes

- Updated the advice regarding the choice between Script updates.
- Updated the advice regarding MDAC updates.

Superseded updates

- 927779 (is superseded by 927779 v2).
- 971961 and 981350 (are superseded by 2510587).

Removed

- Removed 982214 (replaced by 982214 v2).

For all changes, please read the Changelog.

This post has been edited by bristols: 18 September 2011 - 06:40 PM

[PROBLEMCHYLD]

thanks

This post has been edited by PROBLEMCHYLD: 19 September 2011 - 04:33 AM

[-X-]

They re-released KB2616676. It now includes KB2607712 and KB2524375 updates. It's a v2 update.

http://technet.micro...dvisory/2607712

[-X-]

New Flash later today. http://blogs.adobe.c...ash-player.html

[Mim0]

new flash player: 10.3.183.10

offline installer: http://fpdownload.ad...h_player_ax.exe

SWFLASH.CAB und update-list will follow this evening...

[bristols]

Windows 2000 Post-SP4 Updates for HFSLIP

25 September 2011

Added: updates

- 927489 v2 (thanks tomasz86).
- 2616676 v2 (thanks tomasz86).
- Added Adobe Flash Player SWFLASH.CAB, 21 September 2011 release (10.3.183.10) (thanks jvidal).

Removed

- Removed 927489 (replaced by 927489 v2).
- Removed 2524375 (replaced by 2616676 v2).
- Removed Adobe Flash Player SWFLASH.CAB, 25 August 2011 release (10.3.183.7).

Changelog shows all recent changes.

[bristols]

Windows 2000 Post-SP4 Updates for HFSLIP

3 October 2011

Added: updates

- Added 954920 v2 (thanks tomasz86).
- Added 960071 v2 (thanks tomasz86).
- Added 2360937 v2 (thanks WildBill).

Removed

- Removed 2360937 (replaced by 2360937 v2).

Changelog shows all recent changes.

[-X-]

New Flash. Flash 11. Exact version: 11.0.1.152


http://fpdownload.ad...h_player_ax.exe still shows 10.3.183.10 as of this writing. I guess the major version change might have something to do with it and they either changed the URL or something. I'm hoping not.


EDIT: I found a download link at DSLReports.

http://fpdownload.adobe.com/get/flashplayer/pdc/11.0.1.152/install_flash_player_ax_32bit.exe

This post has been edited by -X-: 04 October 2011 - 04:58 AM

[Mim0]

-X-, on 04 October 2011 - 04:40 AM, said:

New Flash. Flash 11. Exact version: 11.0.1.152


http://fpdownload.ad...h_player_ax.exe still shows 10.3.183.10 as of this writing. ...

But the file Flash11c.ocx has the correct version inside.

There is a new file: ..\system32\FlashPlayerCPLApp.cpl which contains a control-panel-AddIn. With this AddIn you can do now modify flash-player-settings w/o being online.

As far as I remember right, HFSLIP should place this file automatically to system32. But I think a modification may be necessary to "activate" this AddIn. Or are all System32\*.cpl automatically integrated in the control-panel?

Maybe this has to be be added to the INF:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Extended Properties\{2CA4F306-B280-4ab2-B5E1-1DFA3583F046}]
"C:\\WINDOWS\\system32\\FlashPlayerCPLApp.cpl"=dword:0000000a

All downloads are possible here:
http://www.adobe.com...tribution3.html

[Maxfutur]

Mim0, on 04 October 2011 - 06:46 AM, said:

Maybe this has to be be added to the INF:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Extended Properties\{2CA4F306-B280-4ab2-B5E1-1DFA3583F046}]
"C:\\WINDOWS\\system32\\FlashPlayerCPLApp.cpl"=dword:0000000a

If this is true, i think is better to replace "WINDOWS" with "%Windir%" without the quotes.


Im outdated by now.

[tomasz86]

Yes, you shouldn't use "WINDOWS" as:

1. Some users may have different Windows folder's name.
2. It's "WINNT" for Windows 2000

This post has been edited by tomasz86: 08 October 2011 - 06:29 PM