If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Display Modes |
#16
|
|||
|
|||
How do I update WinXP based on the new update today from Microsoft?
On Sun, 14 May 2017 21:42:40 +0000 (UTC), Jonas S Schneider
wrote: On Sun, 14 May 2017 22:08:48 +0100, Ian Jackson wrote: Is it not on its Windows Updates? The normal Windows Updates hasn't been working for several days - well before the present problem. [Try checking for updates.] -- The link previously provided (thanks!) finally worked, so I updated the exe and installed it and it rebooted my system. Now I'm just wondering how I figure out that it's "really" installed. If you didn't monitor the install, you'll just have to "trust M$" It didn't change my "subversion" of WinXP which is 2002 SP3. Shouldn't patching Winxp change something in a subversion number somewhere? No, you are confusing a service pack with a patch. The last official service pack was SP3 from 2008, or thereabouts. There have been hundreds of patches since. They might change versions of system files (dlls, exes etc), but not what you call the "subversion" number. []'s -- Don't be evil - Google 2004 We have a new policy - Google 2012 |
Ads |
#17
|
|||
|
|||
How do I update WinXP based on the new update today from Microsoft?
On 14 May 2017, Paul wrote in
microsoft.public.windowsxp.general: Actually, no, I didn't waste the time on it. I could not use the WinXP as a client, to reach a file share on Win10, so I removed the patch soon after install. After the patch, Win10 can still reach WinXP, but WinXP cannot reach Win10. I got NTLMSSP "status_needs_more_processing" and WinXP claimed "service not started" when it tried to reach the Win10 machine. That didn't happen to me. My XP and Win10 computers network together just like they did before I installed the patch. When all patched, the Win10 end still claims to be supporting SMBv1 and SMBv2. How can you tell? |
#18
|
|||
|
|||
How do I update WinXP based on the new update today from Microsoft?
Nil wrote:
On 14 May 2017, Paul wrote in microsoft.public.windowsxp.general: Actually, no, I didn't waste the time on it. I could not use the WinXP as a client, to reach a file share on Win10, so I removed the patch soon after install. After the patch, Win10 can still reach WinXP, but WinXP cannot reach Win10. I got NTLMSSP "status_needs_more_processing" and WinXP claimed "service not started" when it tried to reach the Win10 machine. That didn't happen to me. My XP and Win10 computers network together just like they did before I installed the patch. When all patched, the Win10 end still claims to be supporting SMBv1 and SMBv2. How can you tell? Powershell (Win10 at least): get-smbclientconfiguration ---- doesn't list any protocols get-smbserverconfiguration ---- has SMBv1 and SMBv2 booleans but no setting for SMBv3 I was checking for root cause, using Wireshark. I don't know the fields in the packets well enough to debug this. So at least now I know it isn't the patch. Paul |
#19
|
|||
|
|||
How do I update WinXP based on the new update today from Microsoft?
Jonas S Schneider wrote:
On Sun, 14 May 2017 22:08:48 +0100, Ian Jackson wrote: Is it not on its Windows Updates? The normal Windows Updates hasn't been working for several days - well before the present problem. [Try checking for updates.] -- The link previously provided (thanks!) finally worked, so I updated the exe and installed it and it rebooted my system. Now I'm just wondering how I figure out that it's "really" installed. It didn't change my "subversion" of WinXP which is 2002 SP3. Shouldn't patching Winxp change something in a subversion number somewhere? In the Add/Remove control panel, is a tick box for Windows Update successful entries. All your KB entries should be listed. There are also folders on your C: drive, that correspond to the installed patches. Paul |
#20
|
|||
|
|||
How do I update WinXP based on the new update today from Microsoft?
Paul wrote in news
J. P. Gilliver (John) wrote: In message , gram pappy writes: "Jonas S Schneider" wrote in message news Reading the news, it seems Microsoft issued an update for WinXP today. http://www.latimes.com/world/la-fg-g...irus-20170513- st ory.html But where do I get it and how? Here you go down at the bottom of page. Customer Guidance for WannaCrypt attacks - MSRC gram That wasn't a link. Here is the update: http://download.windowsupdate.com/d/.../02/windowsxp- kb4 012598-x86-custom-enu_eceb7d5023bbb23c0dc633e46b9c2f14fa6ee9dd.exe For some of the other OSes, it looks like since a patch was released in March, there is a slimy trail of KBs for the users. This superseded by that, superseded by something else. Let's hope that kb4012598 provides one-stop-shopping for a day or two... before they change it all again. Paul I have or maintain personal computers running XP SP3 x86, Vista SP2 x64, Win7 x64 and Win10 x64. I wonder why there are no patches for Vista SP2, Win7, or Win10. Could it be that if one keeps autoupdates enabled, those OSes are safe? Could it be that their version of SMB is safe? I've tried to read all the info on all of this fiasco, but it's too confusing. I have downloaded all of the patches for XP and Vista, but don't know if I should install them. I have no qustion, just a gripe about how difficult and time consuming maintaining a pc this has become for the average home user |
#21
|
|||
|
|||
How do I update WinXP based on the new update today from Microsoft?
Boris wrote:
Paul wrote in news J. P. Gilliver (John) wrote: In message , gram pappy writes: "Jonas S Schneider" wrote in message news Reading the news, it seems Microsoft issued an update for WinXP today. http://www.latimes.com/world/la-fg-g...irus-20170513- st ory.html But where do I get it and how? Here you go down at the bottom of page. Customer Guidance for WannaCrypt attacks - MSRC gram That wasn't a link. Here is the update: http://download.windowsupdate.com/d/.../02/windowsxp- kb4 012598-x86-custom-enu_eceb7d5023bbb23c0dc633e46b9c2f14fa6ee9dd.exe For some of the other OSes, it looks like since a patch was released in March, there is a slimy trail of KBs for the users. This superseded by that, superseded by something else. Let's hope that kb4012598 provides one-stop-shopping for a day or two... before they change it all again. Paul I have or maintain personal computers running XP SP3 x86, Vista SP2 x64, Win7 x64 and Win10 x64. I wonder why there are no patches for Vista SP2, Win7, or Win10. Could it be that if one keeps autoupdates enabled, those OSes are safe? Could it be that their version of SMB is safe? I've tried to read all the info on all of this fiasco, but it's too confusing. I have downloaded all of the patches for XP and Vista, but don't know if I should install them. I have no qustion, just a gripe about how difficult and time consuming maintaining a pc this has become for the average home user Work through the article here. https://www.askwoody.com/2017/how-to...crywannacrypt/ Paul |
#22
|
|||
|
|||
How do I update WinXP based on the new update today from Microsoft?
On 14 May 2017, Paul wrote in
microsoft.public.windowsxp.general: Powershell (Win10 at least): get-smbclientconfiguration ---- doesn't list any protocols get-smbserverconfiguration ---- has SMBv1 and SMBv2 booleans but no setting for SMBv3 Those commands apparently aren't included in Powershell v1 for XP, but in Windows 10 I get the same results as you. Thanks for the tip. |
#23
|
|||
|
|||
How do I update WinXP based on the new update today from Microsoft?
In message , Paul
writes: [] Work through the article here. https://www.askwoody.com/2017/how-to...t-hit-by-wanna crywannacrypt/ Paul A bit disconcerting that the very first sentence says "WannaCrypt does not infect XP machines – the problem appears entirely (or almost entirely) on unpatched Win7 machines." ... -- J. P. Gilliver. UMRA: 1960/1985 MB++G()AL-IS-Ch++(p)Ar@T+H+Sh0!:`)DNAf - often six furlongs ahead of the field, but on the wrong racecourse. - Colin Dexter on (his creation the character) Morse; Radio Times 12-18 May 2012. |
#24
|
|||
|
|||
How do I update WinXP based on the new update today from Microsoft?
J. P. Gilliver (John) wrote:
In message , Paul writes: [] Work through the article here. https://www.askwoody.com/2017/how-to...t-hit-by-wanna crywannacrypt/ Paul A bit disconcerting that the very first sentence says "WannaCrypt does not infect XP machines – the problem appears entirely (or almost entirely) on unpatched Win7 machines." ... Yes, that's an implementation detail. Numerically, Windows 7 machines are the highest runner, so the design focuses on those. But that doesn't mean a script kiddie who gets the source code, makes a few mods, can't use it on WinXP. You're doing maintenance now, to prevent surprises later. Paul |
#25
|
|||
|
|||
How do I update WinXP based on the new update today from Microsoft?
On Mon, 15 May 2017 02:56:35 +0000, XP-SP3 wrote:
Look for the following: C:\WINDOWS\$NtUninstallKB4012598$ C:\WINDOWS\$NtUninstallKB4012598$\spuninst spuninst.txt: COPY "C:\WINDOWS\$NtUninstallKB4012598$\xpsp4res.dl l" "c:\windows\system32\xpsp4res.dll" COPY "C:\WINDOWS\$NtUninstallKB4012598$\srv.sys" "c:\windows\system32\dllcache\srv.sys" COPY "C:\WINDOWS\$NtUninstallKB4012598$\srv.sys" "c:\windows\system32\drivers\srv.sys" ------------------------------------------------------ new version old version xpsp4res.dll 5.1.2600.7208 5.1.2600.6477 11-FEB-2017 05-NOV-2013 Description: Service Pack 4 Messages ------------------------------------------------------ srv.sys 5.1.2600.7208 5.1.2600.6082 11-FEB-2017 17-FEB-2011 Description: Server driver Yes. That's there! Thanks. http://i.cubeupload.com/RXqSBJ.gif |
#26
|
|||
|
|||
How do I update WinXP based on the new update today from Microsoft?
On Sun, 14 May 2017 20:21:06 -0400, Paul wrote:
In the Add/Remove control panel, is a tick box for Windows Update successful entries. All your KB entries should be listed. There are also folders on your C: drive, that correspond to the installed patches. I was hoping that would work, but I must have followed the wrong rabbit path. I first hit: Start Settings Control Panel Add or Remove Programs That pops up the Add or Remove Programs dialog with a checkbox at top which is already checked saying "Show updates", and four boxes at the left side: a. Change or remove programs b. Add new programs c. Add/remove windows components d. Set program access and defaults Which one do I hit? I hit "Add/remove Windows Components". A Windows Components Wizard pops up. OK. now what? Nothing on the checked list says "Windows XP OS updates" or anything even remotely resembling the OS updates. Therefore, I just hit "Next". Up pops a "Completing the Windows Component Wizard", and then "Finish". Well, that went nowhere. Trying again at the Add or Remove Programs box, I hit (a) Change or Remove Programs. All it says under Windows XP - Software Updates is: Hotfix for Windows XP (KB954550-v5) Security Update for Windows XP (KB4012598) Windows XP Service Pack 3 Does that mean that the *only* updates I've ever had since SP3 were those two? |
#27
|
|||
|
|||
How do I update WinXP based on the new update today from Microsoft?
Jonas S Schneider wrote:
On Sun, 14 May 2017 20:21:06 -0400, Paul wrote: In the Add/Remove control panel, is a tick box for Windows Update successful entries. All your KB entries should be listed. There are also folders on your C: drive, that correspond to the installed patches. I was hoping that would work, but I must have followed the wrong rabbit path. I first hit: Start Settings Control Panel Add or Remove Programs That pops up the Add or Remove Programs dialog with a checkbox at top which is already checked saying "Show updates", and four boxes at the left side: a. Change or remove programs b. Add new programs c. Add/remove windows components d. Set program access and defaults Which one do I hit? I hit "Add/remove Windows Components". A Windows Components Wizard pops up. OK. now what? Nothing on the checked list says "Windows XP OS updates" or anything even remotely resembling the OS updates. Therefore, I just hit "Next". Up pops a "Completing the Windows Component Wizard", and then "Finish". Well, that went nowhere. Trying again at the Add or Remove Programs box, I hit (a) Change or Remove Programs. All it says under Windows XP - Software Updates is: Hotfix for Windows XP (KB954550-v5) Security Update for Windows XP (KB4012598) Windows XP Service Pack 3 Does that mean that the *only* updates I've ever had since SP3 were those two? Naively, yes. However, you should look for 4012598 in the file system, and spot where the folders are located. See how many KB folders are present *next* to that folder There is one install mechanism, that does not leave a log of the installation. KB4012598 is the one you just installed, which is track-able. However, older patches can be CAB files, and there is a method available to install those, with no trace they were installed. To review your security status, use MBSA 2.3 download and let it scan the PC. It will tell you what patches are missing. MBSA 2.3 does not list "optional" Windows Update patches and is not a replacement for Windows Update. However, it can function as a tool to review the security status of the machine, and that's what it is for. It can also report unpatched copies of Microsoft Office (even patches for Office Viewer freebies, will be listed). You can have as many as fifteen patches missing, to patch and protect the free Office Viewer programs. This tool will help you find them. http://s12.postimg.org/4df2ka8bh/mbsa.gif Paul |
#28
|
|||
|
|||
How do I update WinXP based on the new update today from Microsoft?
On Mon, 15 May 2017 11:56:46 -0400, Paul wrote:
To review your security status, use MBSA 2.3 download and let it scan the PC. It will tell you what patches are missing. Thanks for the pointer to MBSA, which is new to me. I've had WinXP for a decade and I'm *still* adding software! Microsoft Baseline Security Analyzer 2.3 (for IT Professionals) https://www.microsoft.com/en-us/down...n.aspx?id=7558 MBSASetup-x86-EN.msi (1.6MB) It installed easily into a folder of my choosing but it errored instantly upon running it as shown below. https://s29.postimg.org/fz22jc48n/mbsa1.gif I clicked "Scan a computer" and took all the defaults. It found a few things such as "Computer has an older version of the client and security database demands a newer version.[sic] Current version is blank and minimum required version is blank.[sic] https://s23.postimg.org/53xsvkuff/mbsa2.gif I'm not sure why the blanks though. But it told me absolutely nothing useful. Unfortunately. Why does this always happen to me? Did I do something wrong? |
#29
|
|||
|
|||
How do I update WinXP based on the new update today from Microsoft?
pamela wrote:
On 02:10 15 May 2017, Paul wrote: Boris wrote: Paul wrote in news J. P. Gilliver (John) wrote: In message , gram pappy writes: "Jonas S Schneider" wrote in message news Reading the news, it seems Microsoft issued an update for WinXP today. http://www.latimes.com/world/la-fg-global-computer- virus-20170513-story.html But where do I get it and how? Here you go down at the bottom of page. Customer Guidance for WannaCrypt attacks - MSRC gram That wasn't a link. Here is the update: http://download.windowsupdate.com/d/.../secu/2017/02/ windowsxp-kb4012598-x86-custom-enu_ eceb7d5023bbb23c0dc633e46b9c2f14fa6ee9dd.exe For some of the other OSes, it looks like since a patch was released in March, there is a slimy trail of KBs for the users. This superseded by that, superseded by something else. Let's hope that kb4012598 provides one-stop-shopping for a day or two... before they change it all again. Paul I have or maintain personal computers running XP SP3 x86, Vista SP2 x64, Win7 x64 and Win10 x64. I wonder why there are no patches for Vista SP2, Win7, or Win10. Could it be that if one keeps autoupdates enabled, those OSes are safe? Could it be that their version of SMB is safe? I've tried to read all the info on all of this fiasco, but it's too confusing. I have downloaded all of the patches for XP and Vista, but don't know if I should install them. I have no qustion, just a gripe about how difficult and time consuming maintaining a pc this has become for the average home user Work through the article here. https://www.askwoody.com/2017/how-to...-you-wont-get- hit-by-wannacrywannacrypt/ Paul Do you know what the MS patch KB4012598 (MS17-010) actually does? I believe it fixes some SMB vulnarabilities exploitd by WannaCry. I read some articles explaining how to protect against these SMB vulnerabilities by adding some registry entries to the LanmanServer parameters or alternatively by using the group Policies editor. Is this what KB4012598 (MS17-010) does or is it patching some vulnarable executables? I'm not an IT guy, but at a guess, the Regedit changes are for emergencies, to shut if off. Another way to disable it, is to disable the associated service, so nothing answers at port 445. The patch should do better than that, and deal with the actual vulnerable code. The patch didn't work out the way I planned on my WinXP machine, but someone else reported no loss of functionality on his WinXP machine. So I would conclude from that, that my machine needs work. And the patch is safe. The purpose of the patch, is to prevent contagion. It gets into your computer room, when you click on an attachment on some email. In other words, the first stage of the attack, typically uses another vector. The reason you're installing this patch, is so all the computers in the room, don't get that red "Ransom note" on their screen at the same time. Even with the SMBv1 port patched, a ransomware that gets into one machine (via an executed email attachment), it can examine your list of file sharing mounts, and mount those volumes and encrypt them. That means even before this exploit was available, about half the disk drives in your computer room could have been compromised anyway. What the new vector does, is ensure the perps do a much more thorough job. There might be no running computers left in your room at all after they're done. They'll all have the red ransom note. So first they have to get in... Then the fun begins. This patch is not a cure-all for Adobe Flash exploits, browser redirects, email attachments and a wealth of other original infection points. But it does help prevent all the computers from being compromised via contagion, by the same event. You might have a computer left, to dial out with and look for help. Generally, in 2017, there is no way to decrypt the files. (There was one ransomware, where the "good guys" got control of a C&C server with the encryption keys on it, and some people actually got their files back as a result. The bad guys have not repeated their past mistakes, in that regard, and in 2017, the only way you'll get your files back with any guarantee, is with backups you made in advance of the event.) Paul |
Thread Tools | |
Display Modes | |
|
|