Thread: Patch Your XP & Win 7 Boxen!
View Single Post
  #4  
Old May 17th 19, 06:23 AM posted to alt.windows7.general,microsoft.public.windowsxp.general
Paul[_32_]
external usenet poster
  
Posts: 11,873
Default Patch Your XP & Win 7 Boxen!
pjp wrote:
In article , says...
https://www.wsj.com/articles/microsoft-warns-of-a-monster-computer-bug-in-a-week-of-them-11557900716

https://www.theverge.com/2019/5/14/18623565/microsoft-windows-xp-remote-desktop-services-worm-security-patches

https://blogs.technet.microsoft.com/msrc/2019/05/14/prevent-a-worm-by-updating-remote-desktop-services-cve-2019-0708

I read some article about that which included the link to MS for the
patch. At the same time I let it connect to Windows Update. It only had
little over 200 updates for an XP laptop I seldom use. GEEZ!!!!

But you didn't have to use Windows Update.

The catalog link would give a download of a standalone KB install
you could have run by double clicking.

"remote code execution vulnerability in Remote Desktop Services"

https://www.catalog.update.microsoft...px?q=KB4500331

windowsxp-kb4500331-x86-custom-enu_d7206aca53552fececf72a3dee93eb2da0421188.exe
531,496 bytes
SHA256: 7A3140B38A7C37B7635D47243BE8141199E2E8E7F5E85A966E D9C73A17A6EF56

One thing you have to be careful of, is the out-of-band patches
are not reflected in wsusscn2.cab download. Windows Update may not
actually have KB4500331 in it.

So while you think you got 200 patches in your Windows Update melee,
in fact you could be missing the SMBV1 patch and that RDP patch,
as they're out-of-band. Microsoft does this, to prevent
wsusscn2 from growing any larger, on behalf of the WinXP
entries. And this prevents custom patches from being acquired
simply by using Windows Update.

Check and see what happened in this case.

Paul
Ads