Reading the news, it seems Microsoft issued an update for WinXP today.
http://www.latimes.com/world/la-fg-global-computer-virus-20170513-story.html

But where do I get it and how?

On Sun, 14 May 2017 05:45:05 +0000 (UTC), Jonas S Schneider
> wrote:

> Reading the news, it seems Microsoft issued an update for WinXP today.
> http://www.latimes.com/world/la-fg-global-computer-virus-20170513-story.html
>
> But where do I get it and how?

I first went here:
https://www.microsoft.com/en-us/download/windows.aspx
But it said you can't get them there.

It sent me here instead, but it's basically a forum:
http://www.catalog.update.microsoft.com/Home.aspx

Then I ran a search for "windows xp update":
https://www.microsoft.com/en-us/search/result.aspx?q=windows+xp+update&form=MSHOME&search=
But the latest update is five years old.

Googling for how to update windows xp, I find this:
https://betanews.com/2016/06/03/update-windows-xp/
But it's just a shill for a missing-features app.

"Jonas S Schneider" > wrote in message
...
> Reading the news, it seems Microsoft issued an update for WinXP today.
> http://www.latimes.com/world/la-fg-global-computer-virus-20170513-story.html
>
> But where do I get it and how?

Here you go> down at the bottom of page.

Customer Guidance for WannaCrypt attacks - MSRC

gram

Jonas S Schneider wrote:
> On Sun, 14 May 2017 05:45:05 +0000 (UTC), Jonas S Schneider
> > wrote:
>
>> Reading the news, it seems Microsoft issued an update for WinXP today.
>> http://www.latimes.com/world/la-fg-global-computer-virus-20170513-story.html
>>
>>
>> But where do I get it and how?
>
> I first went here:
> https://www.microsoft.com/en-us/download/windows.aspx
> But it said you can't get them there.
>
> It sent me here instead, but it's basically a forum:
> http://www.catalog.update.microsoft.com/Home.aspx
>
> Then I ran a search for "windows xp update":
> https://www.microsoft.com/en-us/search/result.aspx?q=windows+xp+update&form=MSHOME&search=
>
> But the latest update is five years old.
>
> Googling for how to update windows xp, I find this:
> https://betanews.com/2016/06/03/update-windows-xp/
> But it's just a shill for a missing-features app.

The catalog server has a search box in the upper right corner.
When you type the KB number in there, it can find updates
for all the different OSes. Be careful to select the right one.

http://www.catalog.update.microsoft.com/search.aspx?q=4012598

Currently the server is throwing an error. Although I did manage
to get this patch yesterday.

windowsxp-kb4012598-x86-custom-enu_eceb7d5023bbb23c0dc633e46b9c2f14fa6ee9dd.exe
(681,200 bytes)

Paul

On Sun, 14 May 2017 04:09:08 -0400, Paul >
wrote:

>Jonas S Schneider wrote:
>> On Sun, 14 May 2017 05:45:05 +0000 (UTC), Jonas S Schneider
>> > wrote:
>>
>>> Reading the news, it seems Microsoft issued an update for WinXP today.
>>> http://www.latimes.com/world/la-fg-global-computer-virus-20170513-story.html
>>>
>>>
>>> But where do I get it and how?
>>
>> I first went here:
>> https://www.microsoft.com/en-us/download/windows.aspx
>> But it said you can't get them there.
>>
>> It sent me here instead, but it's basically a forum:
>> http://www.catalog.update.microsoft.com/Home.aspx
>>
>> Then I ran a search for "windows xp update":
>> https://www.microsoft.com/en-us/search/result.aspx?q=windows+xp+update&form=MSHOME&search=
>>
>> But the latest update is five years old.
>>
>> Googling for how to update windows xp, I find this:
>> https://betanews.com/2016/06/03/update-windows-xp/
>> But it's just a shill for a missing-features app.
>
>The catalog server has a search box in the upper right corner.
>When you type the KB number in there, it can find updates
>for all the different OSes. Be careful to select the right one.
>
>http://www.catalog.update.microsoft.com/search.aspx?q=4012598
>
>Currently the server is throwing an error. Although I did manage
>to get this patch yesterday.
>
>windowsxp-kb4012598-x86-custom-enu_eceb7d5023bbb23c0dc633e46b9c2f14fa6ee9dd.exe
>(681,200 bytes)

Curious, if you installed it, did you track what it alters ?
TIA
[]'s
--
Don't be evil - Google 2004
We have a new policy - Google 2012

Shadow wrote:
> On Sun, 14 May 2017 04:09:08 -0400, Paul >
> wrote:
>
>> Jonas S Schneider wrote:
>>> On Sun, 14 May 2017 05:45:05 +0000 (UTC), Jonas S Schneider
>>> > wrote:
>>>
>>>> Reading the news, it seems Microsoft issued an update for WinXP today.
>>>> http://www.latimes.com/world/la-fg-global-computer-virus-20170513-story.html
>>>>
>>>>
>>>> But where do I get it and how?
>>> I first went here:
>>> https://www.microsoft.com/en-us/download/windows.aspx
>>> But it said you can't get them there.
>>>
>>> It sent me here instead, but it's basically a forum:
>>> http://www.catalog.update.microsoft.com/Home.aspx
>>>
>>> Then I ran a search for "windows xp update":
>>> https://www.microsoft.com/en-us/search/result.aspx?q=windows+xp+update&form=MSHOME&search=
>>>
>>> But the latest update is five years old.
>>>
>>> Googling for how to update windows xp, I find this:
>>> https://betanews.com/2016/06/03/update-windows-xp/
>>> But it's just a shill for a missing-features app.
>> The catalog server has a search box in the upper right corner.
>> When you type the KB number in there, it can find updates
>> for all the different OSes. Be careful to select the right one.
>>
>> http://www.catalog.update.microsoft.com/search.aspx?q=4012598
>>
>> Currently the server is throwing an error. Although I did manage
>> to get this patch yesterday.
>>
>> windowsxp-kb4012598-x86-custom-enu_eceb7d5023bbb23c0dc633e46b9c2f14fa6ee9dd.exe
>> (681,200 bytes)
>
> Curious, if you installed it, did you track what it alters ?
> TIA
> []'s

Actually, no, I didn't waste the time on it. I could
not use the WinXP as a client, to reach a file share
on Win10, so I removed the patch soon after install.

After the patch, Win10 can still reach WinXP, but WinXP
cannot reach Win10. I got NTLMSSP "status_needs_more_processing"
and WinXP claimed "service not started" when it tried to reach
the Win10 machine.

Maybe it'll work for you when you test it. The patch
can be removed, and after all the computers are reboot,
everything will be back to normal.

When all patched, the Win10 end still claims to be
supporting SMBv1 and SMBv2. Something else seems to be
screwed up during negotiation. I don't know enough
about SMB to tell you what that is. I just watched
for a couple minutes with Wireshark.

Paul

On Sun, 14 May 2017 05:58:57 -0400, Paul >
wrote:

>Shadow wrote:
>> On Sun, 14 May 2017 04:09:08 -0400, Paul >
>> wrote:
>>
>>> Jonas S Schneider wrote:
>>>> On Sun, 14 May 2017 05:45:05 +0000 (UTC), Jonas S Schneider
>>>> > wrote:
>>>>
>>>>> Reading the news, it seems Microsoft issued an update for WinXP today.
>>>>> http://www.latimes.com/world/la-fg-global-computer-virus-20170513-story.html
>>>>>
>>>>>
>>>>> But where do I get it and how?
>>>> I first went here:
>>>> https://www.microsoft.com/en-us/download/windows.aspx
>>>> But it said you can't get them there.
>>>>
>>>> It sent me here instead, but it's basically a forum:
>>>> http://www.catalog.update.microsoft.com/Home.aspx
>>>>
>>>> Then I ran a search for "windows xp update":
>>>> https://www.microsoft.com/en-us/search/result.aspx?q=windows+xp+update&form=MSHOME&search=
>>>>
>>>> But the latest update is five years old.
>>>>
>>>> Googling for how to update windows xp, I find this:
>>>> https://betanews.com/2016/06/03/update-windows-xp/
>>>> But it's just a shill for a missing-features app.
>>> The catalog server has a search box in the upper right corner.
>>> When you type the KB number in there, it can find updates
>>> for all the different OSes. Be careful to select the right one.
>>>
>>> http://www.catalog.update.microsoft.com/search.aspx?q=4012598
>>>
>>> Currently the server is throwing an error. Although I did manage
>>> to get this patch yesterday.
>>>
>>> windowsxp-kb4012598-x86-custom-enu_eceb7d5023bbb23c0dc633e46b9c2f14fa6ee9dd.exe
>>> (681,200 bytes)
>>
>> Curious, if you installed it, did you track what it alters ?
>> TIA
>> []'s
>
>Actually, no, I didn't waste the time on it. I could
>not use the WinXP as a client, to reach a file share
>on Win10, so I removed the patch soon after install.
>
>After the patch, Win10 can still reach WinXP, but WinXP
>cannot reach Win10. I got NTLMSSP "status_needs_more_processing"
>and WinXP claimed "service not started" when it tried to reach
>the Win10 machine.
>
>Maybe it'll work for you when you test it. The patch
>can be removed, and after all the computers are reboot,
>everything will be back to normal.
>
>When all patched, the Win10 end still claims to be
>supporting SMBv1 and SMBv2. Something else seems to be
>screwed up during negotiation. I don't know enough
>about SMB to tell you what that is. I just watched
>for a couple minutes with Wireshark.

Thank you for that.
I made an ironic comment here:

Message-ID: >
[]'s
--
Don't be evil - Google 2004
We have a new policy - Google 2012

On Sun, 14 May 2017 04:09:08 -0400, Paul > wrote:

> The catalog server has a search box in the upper right corner.
> When you type the KB number in there, it can find updates
> for all the different OSes. Be careful to select the right one.
>
> http://www.catalog.update.microsoft.com/search.aspx?q=4012598
>
> Currently the server is throwing an error. Although I did manage
> to get this patch yesterday.
>
> windowsxp-kb4012598-x86-custom-enu_eceb7d5023bbb23c0dc633e46b9c2f14fa6ee9dd.exe
> (681,200 bytes)

Thanks for that tribal knowledge.
I couldn't get the download to start, but everything else looked good.
I'll wait a day or two and then try again.

Thanks for the wonderful tribal knowledge on patching WinXP!

In message >, gram pappy
> writes:
>
>"Jonas S Schneider" > wrote in message
...
>> Reading the news, it seems Microsoft issued an update for WinXP today.
>> http://www.latimes.com/world/la-fg-global-computer-virus-20170513-story.html
>>
>> But where do I get it and how?
>
>Here you go> down at the bottom of page.
>
>Customer Guidance for WannaCrypt attacks - MSRC
>
>gram

That wasn't a link.

Here is the update:
http://download.windowsupdate.com/d/csa/csa/secu/2017/02/windowsxp-kb4012598-x86-custom-enu_eceb7d5023bbb23c0dc633e46b9c2f14fa6ee9dd.exe
--
J. P. Gilliver. UMRA: 1960/<1985 MB++G()AL-IS-Ch++(p)Ar@T+H+Sh0!:`)DNAf

No, no, you're not thinking, you're just being logical. -Niels Bohr, physicist
(1885-1962)

On Sun, 14 May 2017 10:44:52 +0000 (UTC), Jonas S Schneider
> wrote:

>On Sun, 14 May 2017 04:09:08 -0400, Paul > wrote:
>
>> The catalog server has a search box in the upper right corner.
>> When you type the KB number in there, it can find updates
>> for all the different OSes. Be careful to select the right one.
>>
>> http://www.catalog.update.microsoft.com/search.aspx?q=4012598
>>
>> Currently the server is throwing an error. Although I did manage
>> to get this patch yesterday.
>>
>> windowsxp-kb4012598-x86-custom-enu_eceb7d5023bbb23c0dc633e46b9c2f14fa6ee9dd.exe
>> (681,200 bytes)
>
>Thanks for that tribal knowledge.
>I couldn't get the download to start, but everything else looked good.
>I'll wait a day or two and then try again.
>
>Thanks for the wonderful tribal knowledge on patching WinXP!

There is a report in acf that installing the patch will
disable USB.
Let's block port 445 and wait for further info before
installing a "security update" from M$.
[]'s
--
Don't be evil - Google 2004
We have a new policy - Google 2012

J. P. Gilliver (John) wrote:
> In message >, gram pappy
> > writes:
>>
>> "Jonas S Schneider" > wrote in message
>> ...
>>> Reading the news, it seems Microsoft issued an update for WinXP today.
>>> http://www.latimes.com/world/la-fg-global-computer-virus-20170513-story.html
>>>
>>>
>>> But where do I get it and how?
>>
>> Here you go> down at the bottom of page.
>>
>> Customer Guidance for WannaCrypt attacks - MSRC
>>
>> gram
>
> That wasn't a link.
>
> Here is the update:
> http://download.windowsupdate.com/d/csa/csa/secu/2017/02/windowsxp-kb4012598-x86-custom-enu_eceb7d5023bbb23c0dc633e46b9c2f14fa6ee9dd.exe
>

For some of the other OSes, it looks like since a patch
was released in March, there is a slimy trail of KBs
for the users. This superseded by that, superseded
by something else. Let's hope that kb4012598 provides
one-stop-shopping for a day or two... before they change it
all again.

Paul

Jonas S Schneider > wrote:
> Reading the news, it seems Microsoft issued an update for WinXP today.
> http://www.latimes.com/world/la-fg-global-computer-virus-20170513-story.html

> But where do I get it and how?

Is it not on its Windows Updates?
--
Happy Mother's Day to all moms including queen ants! ;)
Note: A fixed width font (Courier, Monospace, etc.) is required to see this signature correctly.
/\___/\ Ant(Dude) @ http://antfarm.home.dhs.org (Personal Web Site)
/ /\ /\ \ Ant's Quality Foraged Links: http://aqfl.net
| |o o| |
\ _ / Please nuke ANT if replying by e-mail privately. If credit-
( ) ing, then please kindly use Ant nickname and AQFL URL/link.

In message >, Ant
> writes
>Jonas S Schneider > wrote:
>> Reading the news, it seems Microsoft issued an update for WinXP today.
>> http://www.latimes.com/world/la-fg-global-computer-virus-20170513-story.html
>
>> But where do I get it and how?
>
>Is it not on its Windows Updates?

The normal Windows Updates hasn't been working for several days - well
before the present problem. [Try checking for updates.]
--
Ian

On Sun, 14 May 2017 22:08:48 +0100, Ian Jackson
> wrote:

>>Is it not on its Windows Updates?
>
> The normal Windows Updates hasn't been working for several days - well
> before the present problem. [Try checking for updates.]
> --

The link previously provided (thanks!) finally worked, so I updated the exe
and installed it and it rebooted my system.

Now I'm just wondering how I figure out that it's "really" installed.

It didn't change my "subversion" of WinXP which is 2002 SP3.

Shouldn't patching Winxp change something in a subversion number somewhere?

On Sun, 14 May 2017 11:54:10 +0100, "J. P. Gilliver (John)"
> wrote:

> Here is the update:
> http://download.windowsupdate.com/d/csa/csa/secu/2017/02/windowsxp-kb4012598-x86-custom-enu_eceb7d5023bbb23c0dc633e46b9c2f14fa6ee9dd.exe

That worked.
I'm not used to doing *manual* updates to Windows XP since it was always
automatic in the past.

So I don't even know how to tell if the update worked.
Is there a subversion lookup somewhere?

All I see is it's 2002 Winxp home sp3.

On Sun, 14 May 2017 21:42:40 +0000 (UTC), Jonas S Schneider
> wrote:

>On Sun, 14 May 2017 22:08:48 +0100, Ian Jackson
> wrote:
>
>>>Is it not on its Windows Updates?
>>
>> The normal Windows Updates hasn't been working for several days - well
>> before the present problem. [Try checking for updates.]
>> --
>
>The link previously provided (thanks!) finally worked, so I updated the exe
>and installed it and it rebooted my system.
>
>Now I'm just wondering how I figure out that it's "really" installed.

If you didn't monitor the install, you'll just have to "trust
M$"
>
>It didn't change my "subversion" of WinXP which is 2002 SP3.
>
>Shouldn't patching Winxp change something in a subversion number somewhere?

No, you are confusing a service pack with a patch. The last
official service pack was SP3 from 2008, or thereabouts. There have
been hundreds of patches since. They might change versions of system
files (dlls, exes etc), but not what you call the "subversion" number.
[]'s
--
Don't be evil - Google 2004
We have a new policy - Google 2012

On 14 May 2017, Paul > wrote in
microsoft.public.windowsxp.general:

> Actually, no, I didn't waste the time on it. I could
> not use the WinXP as a client, to reach a file share
> on Win10, so I removed the patch soon after install.
>
> After the patch, Win10 can still reach WinXP, but WinXP
> cannot reach Win10. I got NTLMSSP "status_needs_more_processing"
> and WinXP claimed "service not started" when it tried to reach
> the Win10 machine.

That didn't happen to me. My XP and Win10 computers network together
just like they did before I installed the patch.

> When all patched, the Win10 end still claims to be
> supporting SMBv1 and SMBv2.

How can you tell?

Nil wrote:
> On 14 May 2017, Paul > wrote in
> microsoft.public.windowsxp.general:
>
>> Actually, no, I didn't waste the time on it. I could
>> not use the WinXP as a client, to reach a file share
>> on Win10, so I removed the patch soon after install.
>>
>> After the patch, Win10 can still reach WinXP, but WinXP
>> cannot reach Win10. I got NTLMSSP "status_needs_more_processing"
>> and WinXP claimed "service not started" when it tried to reach
>> the Win10 machine.
>
> That didn't happen to me. My XP and Win10 computers network together
> just like they did before I installed the patch.
>
>> When all patched, the Win10 end still claims to be
>> supporting SMBv1 and SMBv2.
>
> How can you tell?

Powershell (Win10 at least):

get-smbclientconfiguration <---- doesn't list any protocols

get-smbserverconfiguration <---- has SMBv1 and SMBv2 booleans
but no setting for SMBv3

I was checking for root cause, using Wireshark.
I don't know the fields in the packets well enough
to debug this.

So at least now I know it isn't the patch.

Paul

Jonas S Schneider wrote:
> On Sun, 14 May 2017 22:08:48 +0100, Ian Jackson
> > wrote:
>
>>> Is it not on its Windows Updates?
>>
>> The normal Windows Updates hasn't been working for several days - well
>> before the present problem. [Try checking for updates.]
>> --
>
> The link previously provided (thanks!) finally worked, so I updated the exe
> and installed it and it rebooted my system.
>
> Now I'm just wondering how I figure out that it's "really" installed.
>
> It didn't change my "subversion" of WinXP which is 2002 SP3.
> Shouldn't patching Winxp change something in a subversion number somewhere?

In the Add/Remove control panel, is a tick box
for Windows Update successful entries.

All your KB entries should be listed.

There are also folders on your C: drive, that correspond
to the installed patches.

Paul

Paul > wrote in :

> J. P. Gilliver (John) wrote:
>> In message >, gram pappy
>> > writes:
>>>
>>> "Jonas S Schneider" > wrote in message
>>> ...
>>>> Reading the news, it seems Microsoft issued an update for WinXP
>>>> today.
>>>> http://www.latimes.com/world/la-fg-global-computer-virus-20170513-
st
>>>> ory.html
>>>>
>>>>
>>>> But where do I get it and how?
>>>
>>> Here you go> down at the bottom of page.
>>>
>>> Customer Guidance for WannaCrypt attacks - MSRC
>>>
>>> gram
>>
>> That wasn't a link.
>>
>> Here is the update:
>> http://download.windowsupdate.com/d/csa/csa/secu/2017/02/windowsxp-
kb4
>> 012598-x86-custom-enu_eceb7d5023bbb23c0dc633e46b9c2f14fa6ee9dd.exe
>>
>
> For some of the other OSes, it looks like since a patch
> was released in March, there is a slimy trail of KBs
> for the users. This superseded by that, superseded
> by something else. Let's hope that kb4012598 provides
> one-stop-shopping for a day or two... before they change it
> all again.
>
> Paul

I have or maintain personal computers running XP SP3 x86, Vista SP2 x64,
Win7 x64 and Win10 x64. I wonder why there are no patches for Vista
SP2, Win7, or Win10. Could it be that if one keeps autoupdates enabled,
those OSes are safe? Could it be that their version of SMB is safe?
I've tried to read all the info on all of this fiasco, but it's too
confusing. I have downloaded all of the patches for XP and Vista, but
don't know if I should install them.

I have no qustion, just a gripe about how difficult and time consuming
maintaining a pc this has become for the average home user

Boris wrote:
> Paul > wrote in :
>
>> J. P. Gilliver (John) wrote:
>>> In message >, gram pappy
>>> > writes:
>>>> "Jonas S Schneider" > wrote in message
>>>> ...
>>>>> Reading the news, it seems Microsoft issued an update for WinXP
>>>>> today.
>>>>> http://www.latimes.com/world/la-fg-global-computer-virus-20170513-
> st
>>>>> ory.html
>>>>>
>>>>>
>>>>> But where do I get it and how?
>>>> Here you go> down at the bottom of page.
>>>>
>>>> Customer Guidance for WannaCrypt attacks - MSRC
>>>>
>>>> gram
>>> That wasn't a link.
>>>
>>> Here is the update:
>>> http://download.windowsupdate.com/d/csa/csa/secu/2017/02/windowsxp-
> kb4
>>> 012598-x86-custom-enu_eceb7d5023bbb23c0dc633e46b9c2f14fa6ee9dd.exe
>>>
>> For some of the other OSes, it looks like since a patch
>> was released in March, there is a slimy trail of KBs
>> for the users. This superseded by that, superseded
>> by something else. Let's hope that kb4012598 provides
>> one-stop-shopping for a day or two... before they change it
>> all again.
>>
>> Paul
>
> I have or maintain personal computers running XP SP3 x86, Vista SP2 x64,
> Win7 x64 and Win10 x64. I wonder why there are no patches for Vista
> SP2, Win7, or Win10. Could it be that if one keeps autoupdates enabled,
> those OSes are safe? Could it be that their version of SMB is safe?
> I've tried to read all the info on all of this fiasco, but it's too
> confusing. I have downloaded all of the patches for XP and Vista, but
> don't know if I should install them.
>
> I have no qustion, just a gripe about how difficult and time consuming
> maintaining a pc this has become for the average home user

Work through the article here.

https://www.askwoody.com/2017/how-to-make-sure-you-wont-get-hit-by-wannacrywannacrypt/

Paul

On 14 May 2017, Paul > wrote in
microsoft.public.windowsxp.general:

> Powershell (Win10 at least):
>
> get-smbclientconfiguration <---- doesn't list any protocols
>
> get-smbserverconfiguration <---- has SMBv1 and SMBv2 booleans
> but no setting for SMBv3

Those commands apparently aren't included in Powershell v1 for XP, but
in Windows 10 I get the same results as you. Thanks for the tip.

In message >, Paul >
writes:
[]
>Work through the article here.
>
>https://www.askwoody.com/2017/how-to-make-sure-you-wont-get-hit-by-wanna
>crywannacrypt/
>
> Paul

A bit disconcerting that the very first sentence says "WannaCrypt does
not infect XP machines – the problem appears entirely (or almost
entirely) on unpatched Win7 machines." ...
--
J. P. Gilliver. UMRA: 1960/<1985 MB++G()AL-IS-Ch++(p)Ar@T+H+Sh0!:`)DNAf

- often six furlongs ahead of the field, but on the wrong racecourse. - Colin
Dexter on (his creation the character) Morse; Radio Times 12-18 May 2012.

J. P. Gilliver (John) wrote:
> In message >, Paul >
> writes:
> []
>> Work through the article here.
>>
>> https://www.askwoody.com/2017/how-to-make-sure-you-wont-get-hit-by-wanna
>> crywannacrypt/
>>
>> Paul
>
> A bit disconcerting that the very first sentence says "WannaCrypt does
> not infect XP machines – the problem appears entirely (or almost
> entirely) on unpatched Win7 machines." ...

Yes, that's an implementation detail. Numerically, Windows 7 machines
are the highest runner, so the design focuses on those.

But that doesn't mean a script kiddie who gets the source code,
makes a few mods, can't use it on WinXP.

You're doing maintenance now, to prevent surprises later.

Paul

On Mon, 15 May 2017 02:56:35 +0000, XP-SP3 > wrote:

> Look for the following:
>
> C:\WINDOWS\$NtUninstallKB4012598$
> C:\WINDOWS\$NtUninstallKB4012598$\spuninst
>
> spuninst.txt:
> COPY "C:\WINDOWS\$NtUninstallKB4012598$\xpsp4res.dll" "c:\windows\system32\xpsp4res.dll"
> COPY "C:\WINDOWS\$NtUninstallKB4012598$\srv.sys" "c:\windows\system32\dllcache\srv.sys"
> COPY "C:\WINDOWS\$NtUninstallKB4012598$\srv.sys" "c:\windows\system32\drivers\srv.sys"
>
> ------------------------------------------------------
> new version old version
> xpsp4res.dll 5.1.2600.7208 5.1.2600.6477
> 11-FEB-2017 05-NOV-2013
> Description: Service Pack 4 Messages
>
> ------------------------------------------------------
> srv.sys 5.1.2600.7208 5.1.2600.6082
> 11-FEB-2017 17-FEB-2011
> Description: Server driver

Yes. That's there! Thanks.
http://i.cubeupload.com/RXqSBJ.gif

On Sun, 14 May 2017 20:21:06 -0400, Paul > wrote:

> In the Add/Remove control panel, is a tick box
> for Windows Update successful entries.
>
> All your KB entries should be listed.
>
> There are also folders on your C: drive, that correspond
> to the installed patches.

I was hoping that would work, but I must have followed the wrong rabbit
path.

I first hit:
Start > Settings > Control Panel > Add or Remove Programs

That pops up the Add or Remove Programs dialog with a checkbox at top which
is already checked saying "Show updates", and four boxes at the left side:
a. Change or remove programs
b. Add new programs
c. Add/remove windows components
d. Set program access and defaults

Which one do I hit?
I hit "Add/remove Windows Components".
A Windows Components Wizard pops up.

OK. now what?
Nothing on the checked list says "Windows XP OS updates" or anything even
remotely resembling the OS updates. Therefore, I just hit "Next".
Up pops a "Completing the Windows Component Wizard", and then "Finish".

Well, that went nowhere.

Trying again at the Add or Remove Programs box, I hit (a) Change or Remove
Programs. All it says under Windows XP - Software Updates is:
Hotfix for Windows XP (KB954550-v5)
Security Update for Windows XP (KB4012598)
Windows XP Service Pack 3

Does that mean that the *only* updates I've ever had since SP3 were those
two?

Jonas S Schneider wrote:
> On Sun, 14 May 2017 20:21:06 -0400, Paul > wrote:
>
>> In the Add/Remove control panel, is a tick box
>> for Windows Update successful entries.
>>
>> All your KB entries should be listed.
>>
>> There are also folders on your C: drive, that correspond
>> to the installed patches.
>
> I was hoping that would work, but I must have followed the wrong rabbit
> path.
>
> I first hit:
> Start > Settings > Control Panel > Add or Remove Programs
>
> That pops up the Add or Remove Programs dialog with a checkbox at top which
> is already checked saying "Show updates", and four boxes at the left side:
> a. Change or remove programs
> b. Add new programs
> c. Add/remove windows components
> d. Set program access and defaults
>
> Which one do I hit?
> I hit "Add/remove Windows Components". A Windows Components Wizard pops up.
>
> OK. now what? Nothing on the checked list says "Windows XP OS updates"
> or anything even
> remotely resembling the OS updates. Therefore, I just hit "Next". Up
> pops a "Completing the Windows Component Wizard", and then "Finish".
>
> Well, that went nowhere.
>
> Trying again at the Add or Remove Programs box, I hit (a) Change or Remove
> Programs. All it says under Windows XP - Software Updates is:
> Hotfix for Windows XP (KB954550-v5)
> Security Update for Windows XP (KB4012598)
> Windows XP Service Pack 3
>
> Does that mean that the *only* updates I've ever had since SP3 were those
> two?

Naively, yes.

However, you should look for 4012598 in the file system,
and spot where the folders are located. See how many KB
folders are present *next* to that folder

There is one install mechanism, that does not leave a log
of the installation. KB4012598 is the one you just installed,
which is track-able. However, older patches can be CAB files,
and there is a method available to install those, with no
trace they were installed.

To review your security status, use MBSA 2.3 download
and let it scan the PC. It will tell you what patches
are missing. MBSA 2.3 does not list "optional" Windows Update
patches and is not a replacement for Windows Update. However,
it can function as a tool to review the security status
of the machine, and that's what it is for. It can also
report unpatched copies of Microsoft Office (even patches
for Office Viewer freebies, will be listed). You can have
as many as fifteen patches missing, to patch and protect
the free Office Viewer programs. This tool will help you find
them.

http://s12.postimg.org/4df2ka8bh/mbsa.gif

Paul

On Mon, 15 May 2017 11:56:46 -0400, Paul > wrote:

> To review your security status, use MBSA 2.3 download
> and let it scan the PC. It will tell you what patches
> are missing.

Thanks for the pointer to MBSA, which is new to me.
I've had WinXP for a decade and I'm *still* adding software!

Microsoft Baseline Security Analyzer 2.3 (for IT Professionals)
https://www.microsoft.com/en-us/download/confirmation.aspx?id=7558
MBSASetup-x86-EN.msi (1.6MB)

It installed easily into a folder of my choosing but it errored instantly
upon running it as shown below.
https://s29.postimg.org/fz22jc48n/mbsa1.gif

I clicked "Scan a computer" and took all the defaults.

It found a few things such as "Computer has an older version of the client
and security database demands a newer version.[sic] Current version is
<blank> and minimum required version is <blank>.[sic]
https://s23.postimg.org/53xsvkuff/mbsa2.gif

I'm not sure why the blanks though.
But it told me absolutely nothing useful. Unfortunately.

Why does this always happen to me?
Did I do something wrong?

pamela wrote:
> On 02:10 15 May 2017, Paul wrote:
>
>> Boris wrote:
>>> Paul > wrote in
>>> :
>>>
>>>> J. P. Gilliver (John) wrote:
>>>>> In message >, gram pappy
>>>>> > writes:
>>>>>> "Jonas S Schneider" > wrote in
>>>>>> message ...
>>>>>>>
>>>>>>> Reading the news, it seems Microsoft issued an update for
>>>>>>> WinXP today.
>>>>>>> http://www.latimes.com/world/la-fg-global-computer-
>>>>>>> virus-20170513-story.html
>>>>>>>
>>>>>>>
>>>>>>> But where do I get it and how?
>>>>>> Here you go> down at the bottom of page.
>>>>>>
>>>>>> Customer Guidance for WannaCrypt attacks - MSRC
>>>>>> gram
>>>>> That wasn't a link.
>>>>>
>>>>> Here is the update:
>>>>> http://download.windowsupdate.com/d/csa/csa/secu/2017/02/
>>>>> windowsxp-kb4012598-x86-custom-enu_
>>>>> eceb7d5023bbb23c0dc633e46b9c2f14fa6ee9dd.exe
>>>>>
>>>> For some of the other OSes, it looks like since a patch
>>>> was released in March, there is a slimy trail of KBs
>>>> for the users. This superseded by that, superseded
>>>> by something else. Let's hope that kb4012598 provides
>>>> one-stop-shopping for a day or two... before they change it
>>>> all again.
>>>>
>>>> Paul
>>> I have or maintain personal computers running XP SP3 x86, Vista
>>> SP2 x64, Win7 x64 and Win10 x64. I wonder why there are no
>>> patches for Vista SP2, Win7, or Win10. Could it be that if one
>>> keeps autoupdates enabled, those OSes are safe? Could it be
>>> that their version of SMB is safe? I've tried to read all the
>>> info on all of this fiasco, but it's too confusing. I have
>>> downloaded all of the patches for XP and Vista, but don't know
>>> if I should install them.
>>>
>>> I have no qustion, just a gripe about how difficult and time
>>> consuming maintaining a pc this has become for the average home
>>> user
>> Work through the article here.
>>
>> https://www.askwoody.com/2017/how-to-make-sure-you-wont-get-
>> hit-by-wannacrywannacrypt/
>>
>> Paul
>
> Do you know what the MS patch KB4012598 (MS17-010) actually does? I
> believe it fixes some SMB vulnarabilities exploitd by WannaCry.
>
> I read some articles explaining how to protect against these SMB
> vulnerabilities by adding some registry entries to the LanmanServer
> parameters or alternatively by using the group Policies editor.
>
> Is this what KB4012598 (MS17-010) does or is it patching some
> vulnarable executables?

I'm not an IT guy, but at a guess, the Regedit changes are
for emergencies, to shut if off. Another way to disable it,
is to disable the associated service, so nothing answers at
port 445.

The patch should do better than that, and deal with the
actual vulnerable code. The patch didn't work out the
way I planned on my WinXP machine, but someone else reported
no loss of functionality on his WinXP machine. So I would
conclude from that, that my machine needs work. And the
patch is safe.

The purpose of the patch, is to prevent contagion. It
gets into your computer room, when you click on an
attachment on some email. In other words, the first
stage of the attack, typically uses another vector.
The reason you're installing this patch, is so all
the computers in the room, don't get that red
"Ransom note" on their screen at the same time.

Even with the SMBv1 port patched, a ransomware that
gets into one machine (via an executed email attachment),
it can examine your list of file sharing mounts, and
mount those volumes and encrypt them. That means
even before this exploit was available, about
half the disk drives in your computer room
could have been compromised anyway.

What the new vector does, is ensure the perps do
a much more thorough job. There might be no
running computers left in your room at all
after they're done. They'll all have the red
ransom note.

So first they have to get in... Then the fun begins.

This patch is not a cure-all for Adobe Flash
exploits, browser redirects, email attachments
and a wealth of other original infection points.
But it does help prevent all the computers
from being compromised via contagion, by the
same event. You might have a computer left,
to dial out with and look for help.

Generally, in 2017, there is no way to decrypt the files.
(There was one ransomware, where the "good guys"
got control of a C&C server with the encryption
keys on it, and some people actually got their
files back as a result. The bad guys have not
repeated their past mistakes, in that regard, and
in 2017, the only way you'll get your files back
with any guarantee, is with backups you made in
advance of the event.)

Paul