Thread: How do I update WinXP based on the new update today from Microsoft?
View Single Post
  #29  
Old May 16th 17, 10:55 AM posted to microsoft.public.windowsxp.general
Paul[_32_]
external usenet poster
  
Posts: 11,873
Default How do I update WinXP based on the new update today from Microsoft?
pamela wrote:
On 02:10 15 May 2017, Paul wrote:

Boris wrote:
Paul wrote in
news
J. P. Gilliver (John) wrote:
In message , gram pappy
writes:
"Jonas S Schneider" wrote in
message news
Reading the news, it seems Microsoft issued an update for
WinXP today.
http://www.latimes.com/world/la-fg-global-computer-
virus-20170513-story.html


But where do I get it and how?
Here you go down at the bottom of page.

Customer Guidance for WannaCrypt attacks - MSRC
gram
That wasn't a link.

Here is the update:
http://download.windowsupdate.com/d/.../secu/2017/02/
windowsxp-kb4012598-x86-custom-enu_
eceb7d5023bbb23c0dc633e46b9c2f14fa6ee9dd.exe

For some of the other OSes, it looks like since a patch
was released in March, there is a slimy trail of KBs
for the users. This superseded by that, superseded
by something else. Let's hope that kb4012598 provides
one-stop-shopping for a day or two... before they change it
all again.

Paul
I have or maintain personal computers running XP SP3 x86, Vista
SP2 x64, Win7 x64 and Win10 x64. I wonder why there are no
patches for Vista SP2, Win7, or Win10. Could it be that if one
keeps autoupdates enabled, those OSes are safe? Could it be
that their version of SMB is safe? I've tried to read all the
info on all of this fiasco, but it's too confusing. I have
downloaded all of the patches for XP and Vista, but don't know
if I should install them.

I have no qustion, just a gripe about how difficult and time
consuming maintaining a pc this has become for the average home
user
Work through the article here.

https://www.askwoody.com/2017/how-to...-you-wont-get-
hit-by-wannacrywannacrypt/

Paul

Do you know what the MS patch KB4012598 (MS17-010) actually does? I
believe it fixes some SMB vulnarabilities exploitd by WannaCry.

I read some articles explaining how to protect against these SMB
vulnerabilities by adding some registry entries to the LanmanServer
parameters or alternatively by using the group Policies editor.

Is this what KB4012598 (MS17-010) does or is it patching some
vulnarable executables?

I'm not an IT guy, but at a guess, the Regedit changes are
for emergencies, to shut if off. Another way to disable it,
is to disable the associated service, so nothing answers at
port 445.

The patch should do better than that, and deal with the
actual vulnerable code. The patch didn't work out the
way I planned on my WinXP machine, but someone else reported
no loss of functionality on his WinXP machine. So I would
conclude from that, that my machine needs work. And the
patch is safe.

The purpose of the patch, is to prevent contagion. It
gets into your computer room, when you click on an
attachment on some email. In other words, the first
stage of the attack, typically uses another vector.
The reason you're installing this patch, is so all
the computers in the room, don't get that red
"Ransom note" on their screen at the same time.

Even with the SMBv1 port patched, a ransomware that
gets into one machine (via an executed email attachment),
it can examine your list of file sharing mounts, and
mount those volumes and encrypt them. That means
even before this exploit was available, about
half the disk drives in your computer room
could have been compromised anyway.

What the new vector does, is ensure the perps do
a much more thorough job. There might be no
running computers left in your room at all
after they're done. They'll all have the red
ransom note.

So first they have to get in... Then the fun begins.

This patch is not a cure-all for Adobe Flash
exploits, browser redirects, email attachments
and a wealth of other original infection points.
But it does help prevent all the computers
from being compromised via contagion, by the
same event. You might have a computer left,
to dial out with and look for help.

Generally, in 2017, there is no way to decrypt the files.
(There was one ransomware, where the "good guys"
got control of a C&C server with the encryption
keys on it, and some people actually got their
files back as a result. The bad guys have not
repeated their past mistakes, in that regard, and
in 2017, the only way you'll get your files back
with any guarantee, is with backups you made in
advance of the event.)

Paul
Ads