[Bilou_Gateux]

Current Hotfixes Windows 2000 Professional / Server List by GreenMachine
Last update date and list of changes
posted 19 September 2004
updated 28 September 2004
updated 7 November 2004
updated 9 November 2004
DEL Critical Update for Windows Media Player (All Versions) for Windows 2000, Windows XP, and Windows Server 2003 (KB828026)
ADD 832353 FIX: Some URL script commands do not work after you apply the Windows Media update from Knowledge Base article 828026
DEL Vulnerability in Windows Shell Could Allow Remote Code Execution (839645)
841356 updates both shell32.dll & sp3res.dll with newer versions

Credits to urgan for these suggestions and changes

[BaTLeZone]

Bilou_Gateux, on Oct 29 2004, 03:52 PM, said:

@BatTLeZone

Can you run DXDIAG.EXE the first time you boot your fresh 2K install.

I get an error popup windows :
FRA : dxdiag.exe - point d'entrée introuvable
ENU : dxdiag.exe - Entry Point not Found

Quote

FRA : Le point d'entrée de procédure DdEntry1 est introuvable dans la bibliothèque de liaisons dynamique GDI32.DLL
ENU : The procedure entry point DdEntry1 could not be located in the dynamic link library GDI32.dll.

I would like to know if you get this error ?

Found the solution by googling
The procedure entry point DdEntry1 could not be located in the dynamic link library GDI32.dll.

Extract d3d8thk.w2k from dxnt.cab and copy to %windir%\system32
Then delete d3d8thk.dll from the c:/winnt/system32 folder.
Then rename the d3d8thk.w2k to d3d8thk.dll

Developpers @ M$ are unable to write patching routines that works...

Sorry I have been busy and not have been here much. I'll give it a try on next install and let u know.


I thought I would try out the XPCTHLST.TXT list u made with my 2000server for yucks but I keep getting this error and I do have SP4 install already.

-- 14:45:07 --> Looking for CD Source.
-- 14:45:07 --> Found local Boot Image.
-- 14:45:07 --> Setting up Run-Time Variables.
-- 14:45:07 --> Listing Hotfixes and Updates.
-- 14:45:08 --> Removing Previous Creation Directories.
-- 14:45:08 --> Removing TEMP Files.
-- 14:45:08 --> Creating TEMP directories.
-- 14:45:08 --> Determine Source Version.
-- 14:45:08 --> Found Source Version: 2KA
-- 14:45:08 --> Found Minor Version: 0
-- 14:45:08 --> Found Service Pack Version: 4
-- 14:45:08 --> Found Language Version: ENU
-- 14:45:08 --> Found Localization Version: English
-- 14:45:08 --> Hotfix Directory used: SP5
-- 14:45:08 --> Downloading Hotfix List.
-- 14:45:08 --> UPDATE.TXT/2KA/ENU/XPCTHLST.TXT
-- 14:45:12 --> Source not up to date. Need Service Pack.
-- 14:45:12 --> Cannot find SP .
-- 14:45:12 --> Downloading Service Pack.
Error: "Download Error on Service Pack."
Press Enter to Exit.


What am I doing wrong??

[Bilou_Gateux]

Quote

-- 14:45:07 --> Looking for CD Source.
-- 14:45:07 --> Found local Boot Image.
-- 14:45:07 --> Setting up Run-Time Variables.
-- 14:45:07 --> Listing Hotfixes and Updates.
-- 14:45:08 --> Removing Previous Creation Directories.
-- 14:45:08 --> Removing TEMP Files.
-- 14:45:08 --> Creating TEMP directories.
-- 14:45:08 --> Determine Source Version.
-- 14:45:08 --> Found Source Version: 2KA
-- 14:45:08 --> Found Minor Version: 0
-- 14:45:08 --> Found Service Pack Version: 4
-- 14:45:08 --> Found Language Version: ENU
-- 14:45:08 --> Found Localization Version: English
-- 14:45:08 --> Hotfix Directory used: SP5
-- 14:45:08 --> Downloading Hotfix List.
-- 14:45:08 --> UPDATE.TXT/2KA/ENU/XPCTHLST.TXT
-- 14:45:12 --> Source not up to date. Need Service Pack.
-- 14:45:12 --> Cannot find SP .
-- 14:45:12 --> Downloading Service Pack.
Error: "Download Error on Service Pack."
Press Enter to Exit.

Examining the log, i can says that the FINDVERSION routine of XPCREATE run without problem. SP4 is slipstreamed to your 2K source and value SP5 is assigned to variable.
Something strange in CHECKAUTO routine of XPCREATE, the path for downloading hotfix list looks like Download_url/sourcever/winlang/XPCTHLST.TXT
Yours is strange ?

[BaTLeZone]

yup everything is ok there. It worked with the one d/l from the net but it will not run using the local list.

-- 14:45:08 --> UPDATE.TXT/2KA/ENU/XPCTHLST.TXT

i changed this to:

DLURL=UPDATE.TXT

so i can use the local list. is this wrong?

[Bilou_Gateux]

I don't find the post where another user give the solution to use local XPCTHLST.TXT file.
In XPCREATE.INI the variable DLURL= should be set to something like file:///C|/HFLISTS
but wget don't like this kind of URL...

File URLs

[BaTLeZone]

Cool.....

but it did not work all it does is open the file. when i close it xpc then con't and skips over the d/l section.

Oh well don't worry about it maybe greenmachine will add an option to the next ver of xpcreate so one can use a local list. (hint hint)

[urgan]

Bilou_Gateux, on Nov 9 2004, 02:05 PM, said:

I have downloaded the french "Windows Script 5.6 for Windows 2000 and XP" scriptfr.exe version 5.6.0.8825 date published 9/18/2004.

Hi Bilou_Gateux,

I feel a bit stupid, I somehow saw 5.6.0.6626 yesterday (maybe I had too many properties windows opened, or unpacked the wrong update).
So do you think it's a good replacement then ?
I know it sure makes sense, that's why brought the question earlier in this thread.

I've Built a CD (by hand, not XPCreated) and it worked. no issues on hfnetchk, no critical updates in windowsupdate. Got two IE icons in quick launch bar, though.

@GM
Anything changed in IE packer, I mean should I drop IEGO.EXE as I think it runned twice ?
If everything is working now, couldn't you do a sticky with this list of updates, svcpack, etc. At least untill you updates you site ?

Great work, Bilou_Gateux (sorry i was calling you Bilou).

I only want to solve the problem with 841356 without modifing the SP4 slipstreamed I386 source now. I was thinking, how about adding "d1=\I386\SVCPACK", putting correct "SHLWAPI.DL_" there, it should work ?

[Bilou_Gateux]

@urgan
My last build includes "Windows Script 5.6 for Windows 2000 and XP" scriptfr.exe version 5.6.0.8825 and i have deleted "JScript 5.6 Security Patch for Windows 2000 and XP (814078)" js56nfr.exe in SVC-HF2 folder.

no critical updates in windowsupdate after installation on my test box.

GreenMachine

Quote

@urgan: I have not tried that update, but as you can see, I have no JScript issues. I'll add it to my To Do list to look into it. THanks for pointing it out.

Until GM make his own check, i will wait before editing XPCTHLST.TXT HotFixes List but it's a good replacement.
I should also ADD the last "Cumulative Security Update for Internet Explorer (834707)" or better "873377 An update rollup is available for Internet Explorer 6 Service Pack 1" to the list but maybe should i wait the release of the new XPCreate version.

[GreenMachine]

Or just Loubi, in verl'en!

I haven't forgotten this thread, just quite busy. You seem to be doing fine without me!

[Bilou_Gateux]

About 818043 update, I've noticed that it's not necessary to slipstream the 56BIT subfolder and add this line to DOSNET.INF :
d1,56BIT\ipsec.sys

There are severe restrictions on the export of "strong" cryptography.
the strength of the authentication (e.g. 128 bits) is reduced to that of encryption
(e.g., 56 bits) for particular countries.

818043\ipsec.sys IPSEC Driver (US/Canada Only, Not for Export)
818043\56BIT\ipsec.sys IPSEC Driver (Export Version)

Copy and paste content of file below to %PREPDIR%_818043.cmd and launch it:
_818043.txt

[Bilou_Gateux]

removed

[GreenMachine]

Thanks again, BG!

[Bilou_Gateux]

New release by M$ KB889293 IE6 Cumulative Update

[johnny44]

About KB889293:

[QUOTE]This update may not include hotfixes that have been released since the release of MS04-004 or MS04-038. Customers who have received hotfixes from Microsoft or from their support providers since the release of MS04-004 or MS04-038 should not install this update. Instead customers should deploy update 889669.


I'll try and look into KB889669 to see what other updates it replaces. The knowledgebase refers to KB871248 and KB888092 which we already don't install.

Here's the list of file it replaces:

[CODE]Internet Explorer 6 Service Pack 1 on Windows 2000 and Windows XP (32-bit):

Name Date (UTC) Time (UTC) Version Size
browseui.dll 12-Nov-2004 02:50 6.0.2800.1607 1,017,856
inseng.dll 24-Sep-2004 21:07 6.0.2800.1475 69,632
mshtml.dll 25-Oct-2004 17:40 6.0.2800.1480 2,697,216
shdocvw.dll 24-Nov-2004 00:49 6.0.2800.1611 1,387,520
shlwapi.dll 12-Nov-2004 04:33 6.0.2800.1605 402,432
urlmon.dll 26-Oct-2004 17:52 6.0.2800.1480 451,584
wininet.dll 25-Oct-2004 17:40 6.0.2800.1480 577,024

Just let us know when someone finds out.

[johnny44]

Didn't try the patch with XPCREATE yet, but installed it on my PC and I couldn't open a new window in IE. I tried shift+click and "open in new window" from the right-click menu and each time the actual window would freeze and the new window would never open. tried registering all the DLL's and no luck.

After uninstalling it, everything came back to normal.

[Bilou_Gateux]

MS04-040: Cumulative Security Update for Internet Explorer (889293)
An update rollup is available for Internet Explorer 6 SP1 (889669)

[BaTLeZone]

Looks like IE6.0sp1-KB889293-Windows-2000-XP-x86-ENU.exe would go in to SVC-HF1.

[Bilou_Gateux]

SVC-HF1: Yes, but using the corporate version KB889669 with these switches: /Q /U /O /N /Z

Quote

Update rollup 889669 includes the cumulative security fixes that are in security update 889293. Update rollup 889669 also includes Internet Explorer 6 SP1 hotfixes that were released after Microsoft Security Bulletin MS04-004.

But we should remove the ones it replaces... KB873377

Quote

An update rollup is available for Microsoft Internet Explorer 6 SP1 (Version 6.00.2800.1106). Update rollup 873377 includes security update 834707 (MS04-038) and Internet Explorer 6 SP1 hotfixes that were created after security update MS04-004.

going to install this hotfix on my running box and come back in 5 minutes if all goes right

Five minutes later: still alive and no small WindowsUpdate icon on system tray
Checks http://windowsupdate.microsoft.com: no critical updates !

Time to build a new 2KCreateCD

This post has been edited by Bilou_Gateux: 21 January 2005 - 08:59 AM

[Strong Bad]

I found this update valuable: KB883114
"STOP 0x0000007B: INACCESSIBLE_BOOT_DEVICE" error message when you use a USB CD-ROM device to install Windows Server 2003 or Windows 2000

SYMPTOMS
When you use a universal serial bus (USB) CD-ROM device to install any of the products in the "Applies to" section of this article, and the BIOS is not enabled for integrated device electronics (IDE) CD-ROM devices, the computer may not start after you install the operating system. You may receive a Stop error message that is similar to the following, where the first parameter varies:

STOP: 0x0000007B (F967963c, c0000034, 0, 0)
INACCESSIBLE_BOOT_DEVICE

Hotfix replacement information
This hotfix does not replace any other hotfixes.

File information Windows 2000
Date Time Version Size File name
-----------------------------------------------------------
29-Jul-2004 19:48 5.0.2195.6961 74,192 Scsiport.sys

Download Link:
http://download.microsoft.com/download/b/8...114-x86-ENU.EXE

[Bilou_Gateux]

For More Information
Windows Security Updates Summary for December 2004

ADD SVC-HF1\Windows2000-KB<hotfix_nb>-x86-<language>.exe | MD5 Hash

Windows2000-KB885835-x86-ENU.EXE CACDB9399AB45B9B65ACB0E73D555C37
Windows2000-KB885836-x86-ENU.EXE 7C1157F5670D9FB98BF631F4D0178199
Windows2000-KB873339-x86-ENU.EXE 52B852B439DD55967CA47B3A59C586A1

@Strong Bad
Although it's not a Critical Update related to security and not reported by WindowsUpdate, it may be interesting to slipstream this file to the source CD.