POSReady 2009 updates ported to Windows XP SP3 ENU

[dencorso]

For those having trouble with winlogon, and anyone wishing to use the latest version of it, there is WindowsXP-KB2878379-v2-x86-ENU.exe, which was not pushed via WU/MU, athough it's rather old. I've been using it since March 2014, with no adverse effects. It may or may not solve the described issue, but it won't hurt to try, right? It installs winlogon.exe, licdll.dll and dpcdll.dll, all three v. 5.1.2600.6443. It's digitally signed by MS on Fri, Sep 06, 2013 (4 years old, as I said) and exists in many or maybe all language versions.

[heinoganda]

POSReady 2009 KB4018556 no longer available via WSUS catalog! 
KB4018556 seems occasionally to cause problems, appears to have been withdrawn for now.
In the context of KB4018556 there seems to be problems with Server 2003 (Technet Forum).
 

Time zone update available. (Morocco Ramadan DST changes)

WindowsXP-KB4023136-x86-ENU.exe                 18.05.2017

Edited May 21, 2017 by heinoganda
More recent info

[Dave-H]

Just as a matter of interest for those who may not know about it, there is a utility available here which will download from Windows Update or Microsoft Update for you, including saving the files for use offline. It's mainly useful in Windows 10, where it is otherwise impossible to see optional updates for some stupid reason, but it works in all Windows versions from 2000 onwards.
It does replace the IE8 interface, but unfortunately still uses the normal update mechanism, so won't get around the extremely slow scanning problem!
There are x86 and x64 versions in the package, but no documentation. It's pretty obvious how to use it though, and there is more information here.

 

[SD73]

Nice too, Dave.  Thanks for posting!

[FranceBB]

Cyber-security firm enSilo has released a patch for Windows XP and Windows Server 2003 that will protect against attacks via ESTEEMAUDIT, a hacking tool developed by the NSA. It can be used to get into computers with open RDP ports, or for moving laterally inside a network that features PCs with open RDP connections. The website "bleeping computer" says that Microsoft has not provided security updates to protect against this threat 'cause it only works on Windows XP and Server 2003, but how about POSReady? Maybe Microsoft didn't release a patch because this threat has been developed by the NSA? Do you think it's safe to install this patch: http://pages.ensilo.com/download-the-patch-for-esteemaudit-exploit

Edited May 26, 2017 by FranceBB

[Dave-H]

Well I'm certainly not going to be the first to try it!

Someone with a non-critical installation that can be used for testing and doesn't matter if it gets hosed I hope will try it and report back.

 

[Mathwiz]

Hmm.... I was willing to take a chance, but the web page for the download wouldn't work with Firefox 52.1.2, or IE 8. Had to use IE 11 on a Win 7 machine just to get the Web page to work. I guess if you really are running XP or 2003 you're screwed (unless the page works with Chrome 49).

Then they ask for first & last name, COMPANY name, JOB TITLE, BUSINESS email, phone number, country, and (if you select US) state. Seems it's not available to individual XP users! Yet the Terms & Conditions state you get a "personal" license to use the patch.

Still trying to decide whether to take the plunge on this one.

[Bersaglio]

Do not install this unofficial patch! Use official update from Microsoft (if it isn't already installled in Your system):

http://download.microsoft.com/download/A/F/5/AF53BEA0-61B7-4551-AAD2-1232A0117BDA/WindowsXP-KB982316-x86-ENU.exe

[FranceBB]

2 hours ago, Bersaglio said:

Do not install this unofficial patch! Use official update from Microsoft (if it isn't already installled in Your system):

http://download.microsoft.com/download/A/F/5/AF53BEA0-61B7-4551-AAD2-1232A0117BDA/WindowsXP-KB982316-x86-ENU.exe

Oh, ok. So Microsoft did release a patch. (I guess the website was wrong, then). Thank you!

[dencorso]

To be precise, MS re-released a patch: as you can easily guess by its number, KB982316 is, in fact, old news.
OTOH, it's much better to have too much information (if there actually is such a thing as "too much information"), than to have too little of it.
Thanks for calling my attention to enSilo... I hadn't heard about them before.

[heinoganda]

I have the fun allowed to update a freshly installed Windows XP sp3 (German language edition) via Windows updates. Well, KB982316 was not to be found, although this security update is from Aug 09, 2010!

Because I create for my use update rollups (KB982316 available) and a corresponding list I was also able to find. This security update has been around for almost 7 years. This patch has never been replaced by a more recent patch. Here Microsoft should give a answer! Am appalled! 

[Mathwiz]

Not so fast. That's an old patch from 2010. M$ just re-released it; that's all. Also, it doesn't appear related to the RDP vulnerability ostensibly closed by the 3rd-party patch.

M$ has updated the MSRT, though: https://www.askwoody.com/2017/the-new-xp-patch-kb-982316-is-a-dud-but-the-new-msrt-is-for-real/

Edited May 27, 2017 by Mathwiz

[heinoganda]

Please read again exactly my comment, I am about the question why the security update KB982316 is no longer distributed via Automatic Updates or WU / MU with IE? In all appearances, a gap was deliberately left open!
Will start another try with the English edition of Windows XP sp3.

Update:
Same result, no KB982316 was installed.

Search result of Windows Update as .pdf and .xps format.
Download here

In any case, very strange.

Edited May 27, 2017 by heinoganda

[Mathwiz]

I don't know if it helps, but here's what M$ has to say about KB982316 (along with download links for XP, Server 2003, Vista, and Server 2008): https://support.microsoft.com/en-us/help/982316/an-update-is-available-for-the-windows-telephony-application-programming-interface-tapi

Quote

This update implements a defense-in-depth change that some customers may decide to deploy.

That probably explains why it isn't being pushed via Windows Update: it doesn't patch a specific, known vulnerability; instead it adds some extra protection to an uncommonly used Windows feature:

Quote

This update changes the Access Control Lists (ACLs) for the following registry entry:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Telephony

By default, Network Service (NS) users explicitly have full permission to this registry entry. After you install this update, NS users will have Read-Only access to this registry entry. The update will apply the same ACLs to all subkeys of the registry entry.

On 32-bit XP, the only file replaced is tapicust.dll. I've read through the linked page, and AFAICS this isn't related to any of the recently-exposed NSA exploits. I don't think it hurts anything to install it, but don't expect it to do a lot to protect your PC from malware.

I have no clue why they re-released it now, especially with no changes. It might have been re-released by accident, and that sounds to me like as good a guess as any.

Edited May 27, 2017 by Mathwiz

[niko32]

Hm, I dont' have that file tapicust.dll in my Windows XP. Do You guys have it?

It's only logical that I don't need it then, but I'm not entirely sure.