POSReady 2009 updates ported to Windows XP SP3 ENU

[SD73]

Thanks, heinoganda!  I added the new Key and DWORD values.  I couldn't really test it because my Bitdefender kept deleting the files and I didn't really want to disable that for testing.  Thanks again for helping keeping our XP machines humming along!

[heinoganda]

On the one hand, access rights to RDP are restricted with KB982316 and on the other hand, EsteemAudit can no longer rely on the vulnerability in the gpkrsrc.dll file (resources for Gemplus cryptographic service providers) through the entry in the registry (GroupPolice). In the end, the vulnerability in the file gpkrsrc.dll (SmartCard) remains. Maybe the pressure is increased by the corporations where Windows XP (including variants like POSReady 2009) and Server 2003 is still in use, that comes someday a patch. 

Incidentally, the test only works on Linux with wine.

Edited June 3, 2017 by heinoganda

[dencorso]

44 minutes ago, TuMaGoNx said:

BTW, XP marketshare is plummeted by FUD lol

No kidding!       (Data obtained from www.netmarketshare.com, FTW. Lines calculated by Theil–Sen Method).

[heinoganda]

Do not believe any statistic they have self not falsified.  The graphical presentation speaks for itself! 
Apparently, a lot of money has been paid to marketshare, so that the statistics should convince the last XP users to move to Windows 10 (Soon including patented censorship technology).  

Recent discoverie, the earth is now flat!

[glnz]

dencorso and heinoganda - how many people have looked at this thread, including those who just look and don't post?  And how has that number changed over time?  Do those numbers track the chart above?

Are we ten or so the last people with XP?

[dencorso]

On 10/31/2016 at 11:52 AM, dencorso said:

Woody referenced in his blog a .pdf document from Feb 2015 by MS that actually says:

Now, if the whole Windows marketshare on Feb 2015 was 1.5x10⁹ machines, and it was about 90% of the whole market in 2015, the full market was 1.7x10⁹ machines back then. And since those numbers surely didn't change much since then, my estimate that full PC universe comprises some 2 billion machines is generally correct... and that means about 200 million is really the total number of XP users at present. Wow!

The last time I've estimated the size of the full PC universe, as you can see in the quotation above, I came to 2 billion machines. Let's assume it didn't grow any, just for the sake of simplicity, and that means 5.66% of 2x10⁹ = 113x10⁶ machines or, in other words, there's still a minimum of about 100 million XP users today, not counting the true POSReady and related machines, which purportedly don't browse the web, so that they don't get counted by netmarketshare. 
So no, not at all, we're still very far from being the last half-a-score of XP users in the world!!!

[niko32]

Hm, heinoganda and other members of the crew, what do you think about mitigation of EsteemAudit vulnerability proposed in comment section of page: https://researchcenter.paloaltonetworks.com/2017/05/unit42-dissection-esteemaudit-windows-remote-desktop-exploit/ by commenter Jean-Claude Dusse:

Quote

While disabling smartcard logon altogether is still an appreciable reduction in attack surface, a more accurate mitigation would be to only unregister the Gemplus Cryptographic Service Provider (the gpkcsp.dll) by deleting the following registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Gemplus GemSAFE Card CSP v1.0

This will leave smartcard logon available on systems that need it while disabling the vulnerable dll. Only those using a Gemplus/Gemalto card would suffer from the loss.

Also: by default, smartcard logon is only enabled on Windows hosts joined to an Active Directory domain. Standalone/workgroup computers are not exposed to this vulnerability. Windows’ PKI managment makes enabling smartcard logon on computers outside of an Active Directory domain a challenging feat (if at all possible).

Interesting solution, and he too claims that Windows XP computers that are not part of a domain are practically not exposed to the exploit.

Edited June 4, 2017 by niko32

[heinoganda]

Frankly, I do not panic, especially since I have a firewall installed on the computers where generally only of the RDP ports for the local network pass. As I wrote in a previous comment, the restriction of the authorization for RDP by KB982316 and on the other hand by the deactivation of the possibility of a registration by SmartCard are sufficient to stop EsteemAudit.  The actual vulnerability with SmartCard is not solved because a patch is needed by MS.  (Apparently, the NSA needs this backdoor for other dirty tricks.)
A test with the Esteemaudit metasploit showed me that the countermeasures work.  In short, there will never be a 100% secure Windows!

[niko32]

I agree with your conclusion.

But, what I wrote before is that there is apparently another, more precise way to deal with EsteemAudit exploit. Anyway it's good that even if Microsoft doesn't care, users around world can find solutions to various vulnerabilities.

[Mathwiz]

On 6/2/2017 at 9:56 PM, glnz said:

So is all good with this new KB4018556?  Mathwiz - you OK?

V2 of the fix is working fine for me. But then, I'm not sure the original KB4018556 was causing problems. I did have some trouble shutting down and starting back up once or twice after installing it, but after that it seemed to work OK.

On 6/3/2017 at 8:28 AM, glnz said:

Mathwiz and heinoganda -

For those of us with typical XP machines at home or small offices - workgroup, not domain - do we need to worry about EsteemAudit?  Heinoganda - your researchcenter article has a comment at bottom that non-domain PCs need not worry.

My system32 folder has these files:  scardsvr.exe, scarddlg.dll, scardssp.dll and winscard.dll.    In services.msc, my Smart Card service is set to "Manual".  In regedit, the key [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services] has nothing in it - no entries at all.  In Accessories, Control Panel and Open Network Connections, I have not found anything related to Smart Cards.

Thanks.

PS - you both OK after installing the new KB4018556 ?

My understanding is, EsteemAudit requires access to the RDP port (TCP port 3389) of your system, so if that's blocked by your router or firewall you're probably OK even if you haven't disabled Smart Card authentication.

The other way EsteemAudit could be used is if one system in your network became infected some other way, then used EsteemAudit to spread to the XP systems in your network. But that's probably not much risk to home or small office users.

Edit: Also, if niko32 is right (and he probably is) you'd have to do some extra work just to enable the vulnerability on a non-domain-connected machine. So you probably don't need to do anything, although it wouldn't hurt to disable Smart Cards anyway.

Businesses running XP or (real) POSReady '09 domain-connected systems are probably the ones most vulnerable.

Edit 2: We may be the ten or so XP users who know how to keep their systems updated.

Edited June 5, 2017 by Mathwiz

[Roffen]

I am somewhat unhappy with the current installation of SP4 that I am using. And I am unable to verify the update status. Typing often is very sluggish and I want to make a new installation. What may or will happen if I remove Sp4 from the installation? At present I have a dual boot setup: XPSp4 or Win7 on each their own partition of a SSD drive. In addition to the SSD, I have a 200GB disk with several partitions. If I install a plain XPSp3 on one of the partitions, what exactly do I have to do in order to make it POS Ready updateable? I keep the machine running 24/7 so there are no reasons for attempting a fast boot process. I think complete instructions are available somewhere upthread.

I don't know what will happen with the boot order setup when I have installed XP again on another of the hard disk volumes, but am I correct in assuming that I can always install a new system on any of the partitions without disrupting the installation on the other volumes on the same disk? I presume I always may modify the active boot.ini file to suit my preferences.

I also expect to be able to install what's required for POS Ready to the registry. I just rounded 87 and I am not quite the man I used to be. Maybe it is time to buy a Win10 machine and forget all about the good old days? There's only one reason why I have computers: I only want to use them, that's all. I leave all the rest to you guys. And MusicMatch Jukebox is what necessitate my use of XP. AFAIK, there is no other way it can be done?

Edited June 11, 2017 by Roffen

[Mathwiz]

On 6/11/2017 at 7:31 AM, Roffen said:

If I install a plain XPSp3 on one of the partitions, what exactly do I have to do in order to make it POS Ready updateable?

To the best of my knowledge, all you need to do is:

1. Install MSI 4.5 (KB942288)
2. Add the registry key:

   Windows Registry Editor Version 5.00
   
   [HKEY_LOCAL_MACHINE\SYSTEM\WPA\PosReady]
   "Installed"=dword:00000001

   And that's it! You should then get PosReady '09 updates.

Be aware that if you have any M$ Office products installed, the update scan process will be extremely slow and will take up most of your CPU.

[Mcinwwl]

Well, if you

-have the registry set up, as described in the first post.

-have the MSI 4.5 installed (and I think you've said you have)

-Have the updated Internet explorer (And i remember You've been receiving the updates until they suddenly stop working)

Then, well, that's all I ever did myself. The only thing I can recommend then is to go back to system restore point prior to the problem (keep in mind that if the problem started long ago, this is rather a bad advice).

I keep my XP updated, because I'm a paranoid and it's used by my relatives, that are not geeky, so I want these security updates. However, for most people being hidden behind well-configured router and following basic security rules (do not open suspicious e-mail and attachments, do not install untrusted things, use strong passwords etc.) should be enough to survive. Keep in mind that it's been more than 3 years since XP lost official support, and we had seen no big attack targeting XP users. WannaCry was a medial issue, but this is a case when home networks shouldn't be even vulnerable.

So, If you backtrack all the possible failure points and still nothing helps, no updates are coming, don't rush for reinstallation or Windows 10. Many machines are running XP with no Unofficial service pack 4 and keeping fine

[Bersaglio]

Direct links for this month updates (POSReady, IE8, Silverlight, .NET Framework 4, Office 2003, Office 2007 compatibility pack)

http://download.windowsupdate.com/c/msdownload/update/software/secu/2017/05/windowsxp-kb4022747-x86-embedded-enu_9ee3ca3c99988ec3a9cade2073f461b39706c82c.exe
http://download.windowsupdate.com/c/msdownload/update/software/secu/2017/05/windowsxp-kb4022883-x86-embedded-enu_fc5d29b837a4b8876fbb2d345c1a25e1c4c6b9b9.exe
http://download.windowsupdate.com/c/msdownload/update/software/secu/2017/05/windowsxp-kb4022884-x86-embedded-enu_78adb6630dc8c2ad5d9a248852979020b19c7160.exe
http://download.windowsupdate.com/c/msdownload/update/software/secu/2017/05/windowsxp-kb4022887-x86-embedded-enu_b5a4361ab1cf65cb29356bdeeb80c46d23747676.exe
http://download.windowsupdate.com/d/msdownload/update/software/secu/2017/06/windowsxp-kb4024323-x86-embedded-enu_42d69f9c232fb86657c938a507388bcdf5043483.exe
http://download.windowsupdate.com/d/msdownload/update/software/secu/2017/06/windowsxp-kb4024402-x86-embedded-enu_ca8745be09eab744fc44b682d62ea23bfaae06e0.exe
http://download.windowsupdate.com/c/msdownload/update/software/secu/2017/06/windowsxp-kb4025218-x86-embedded-enu_be6f91dc331c23cbb6ce78f41a3c3976fa62f904.exe

http://download.windowsupdate.com/c/msdownload/update/software/secu/2017/05/ie8-windowsxp-kb4021558-x86-embedded-enu_fa4c622dda608c860e8ec94c39e96042015e2cd5.exe

http://download.windowsupdate.com/c/msdownload/update/software/ftpk/2017/06/silverlight_e7478f9995ac6f9309034a85d78e1c61aba5a29f.exe

http://download.windowsupdate.com/c/csa/csa/secu/2017/05/NDP40-KB4021915-x86_E520B6B35C1E6461D73ACE5C130AB7BA077296A6.exe

http://download.microsoft.com/download/F/3/5/F351D713-2D9D-4214-A5DA-58AE33C72B38/office2003-KB3203427-FullFile-ENU.exe
http://download.microsoft.com/download/A/F/9/AF95E48C-1639-4305-B1B2-34681E67526A/office2003-KB3203484-FullFile-ENU.exe

http://download.microsoft.com/download/1/8/E/18EEAAA8-3ADF-45D2-96CE-1DABBF06CB34/pptconv2007-kb3127894-fullfile-x86-glb.exe
http://download.microsoft.com/download/1/6/6/16674E24-4623-4900-9F34-505E48DBDBCF/ogl2007-kb3191828-fullfile-x86-glb.exe
http://download.microsoft.com/download/8/3/E/83E4D7BF-7602-4DC4-9322-AE2C894312F2/mso2007-kb3203436-fullfile-x86-glb.exe
http://download.microsoft.com/download/5/F/5/5F571F92-CCFF-4174-9A11-04AE33D681AB/wordconv2007-kb3203438-fullfile-x86-glb.exe

Edited June 13, 2017 by Bersaglio

[heinoganda]

Regarding EsteemAudit, MS has released a security update (KB4022747, gpkcsp.dll) for the corresponding SmartCard component!

Info:
https://support.microsoft.com/en-us/help/4022747/security-update-for-windows-xp-and-windows-server-2003
(The download links on this website do not work)

Related Downloads:
http://www.catalog.update.microsoft.com/Search.aspx?q=KB4022747

Edited June 13, 2017 by heinoganda