A Windows XP help forum. PCbanter

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

Go Back   Home » PCbanter forum » Microsoft Windows 7 » Windows 7 Forum
Site Map Home Register Authors List Search Today's Posts Mark Forums Read Web Partners

Rather fine booboo on MS's part! Or, update mechanism has been hacked ...



 
 
Thread Tools Rate Thread Display Modes
  #1  
Old November 14th 18, 01:33 PM posted to alt.windows7.general
J. P. Gilliver (John)[_4_]
external usenet poster
 
Posts: 2,679
Default Rather fine booboo on MS's part! Or, update mechanism has been hacked ...

I got the "updates are available" popup, looked at them, and accepted.
One is the periodic "Malicious Software Removal Tool" - I usually accept
that; I know it only does a few common ones, but I've not hear of it
doing _harm_.

I then got a EULA popup containing two boxes. The top, small, box says:

"Windows Malicious Software Removal Tool - November 2018 (KB890830)"

fair enough.

The lower, large, box says:

"Prerelease Version of Service Pack 2 for Microsoft Windows XP
Professional, Home, Media Center, or Tablet PC Edition

END-USER LICENSE AGREEMENT
FOR PRERELEASE CODE

IMPORTANT-READ CAREFULLY:
This End-User License Agreement for Prerelease Code ("EULA") is a"

then goes on to give the rest of the EULA, with accept and decline
buttons.

Anyone else (who has "notify" for updates) got this? If so, is it just a
booboo on MS's part - they've used the text from XP-SP2 (and the
pre-release version of that) in the EULA box - or has the update
mechanism been hacked?

Running 7 Hope Premium, SP1, 32 bit, if that makes any difference.
--
J. P. Gilliver. UMRA: 1960/1985 MB++G()AL-IS-Ch++(p)Ar@T+H+Sh0!:`)DNAf

Quantum particles: the dreams that stuff is made of - David Moser
Ads
  #2  
Old November 14th 18, 02:21 PM posted to alt.windows7.general
Paul[_32_]
external usenet poster
 
Posts: 11,873
Default Rather fine booboo on MS's part! Or, update mechanism has beenhacked ...

J. P. Gilliver (John) wrote:
I got the "updates are available" popup, looked at them, and accepted.
One is the periodic "Malicious Software Removal Tool" - I usually accept
that; I know it only does a few common ones, but I've not hear of it
doing _harm_.

I then got a EULA popup containing two boxes. The top, small, box says:

"Windows Malicious Software Removal Tool - November 2018 (KB890830)"

fair enough.

The lower, large, box says:

"Prerelease Version of Service Pack 2 for Microsoft Windows XP
Professional, Home, Media Center, or Tablet PC Edition

END-USER LICENSE AGREEMENT
FOR PRERELEASE CODE

IMPORTANT-READ CAREFULLY:
This End-User License Agreement for Prerelease Code ("EULA") is a"

then goes on to give the rest of the EULA, with accept and decline buttons.

Anyone else (who has "notify" for updates) got this? If so, is it just a
booboo on MS's part - they've used the text from XP-SP2 (and the
pre-release version of that) in the EULA box - or has the update
mechanism been hacked?

Running 7 Hope Premium, SP1, 32 bit, if that makes any difference.


By any chance, does the C: volume have a boot.ini on it ?

Paul
  #3  
Old November 14th 18, 02:33 PM posted to alt.windows7.general
J. P. Gilliver (John)[_4_]
external usenet poster
 
Posts: 2,679
Default Rather fine booboo on MS's part! Or, update mechanism has been hacked ...

In message , Paul
writes:
[]
I then got a EULA popup containing two boxes. The top, small, box
says:
"Windows Malicious Software Removal Tool - November 2018 (KB890830)"
fair enough.
The lower, large, box says:
"Prerelease Version of Service Pack 2 for Microsoft Windows XP
Professional, Home, Media Center, or Tablet PC Edition
END-USER LICENSE AGREEMENT

[]
I've since scanned briefly through the EULA, and it really is the one
for XPSP2 - "solely in connection with a licensed copy of
Microsoft Windows XP Professional Edition, Windows
XP Home Edition, Windows XP Media Center Edition,
or Windows XP Tablet PC Edition operating systems for which the Software
is designed", and other such snippets.

Running 7 Hope Premium, SP1, 32 bit, if that makes any difference.


By any chance, does the C: volume have a boot.ini on it ?

Paul

Not that I can see, using Everything (looking everywhere - it stops
finding anything as soon a I've typed as far as "boot.i"), XTGold
(looking in the root), or Windows Explorer (looking in the root - and I
do have show hidden files etc.).

Is KB890830 the right identity for the November 2018 Malicious Software
Removal Tool?
--
J. P. Gilliver. UMRA: 1960/1985 MB++G()AL-IS-Ch++(p)Ar@T+H+Sh0!:`)DNAf

More people watch live theatre every year than Premier League football
matches. - Libby Purves, RT 2017/9/30-10/6
  #4  
Old November 14th 18, 03:06 PM posted to alt.windows7.general
Paul[_32_]
external usenet poster
 
Posts: 11,873
Default Rather fine booboo on MS's part! Or, update mechanism has beenhacked ...

J. P. Gilliver (John) wrote:
In message , Paul
writes:
[]
I then got a EULA popup containing two boxes. The top, small, box says:
"Windows Malicious Software Removal Tool - November 2018 (KB890830)"
fair enough.
The lower, large, box says:
"Prerelease Version of Service Pack 2 for Microsoft Windows XP
Professional, Home, Media Center, or Tablet PC Edition
END-USER LICENSE AGREEMENT

[]
I've since scanned briefly through the EULA, and it really is the one
for XPSP2 - "solely in connection with a licensed copy of
Microsoft Windows XP Professional Edition, Windows
XP Home Edition, Windows XP Media Center Edition,
or Windows XP Tablet PC Edition operating systems for which the Software
is designed", and other such snippets.

Running 7 Hope Premium, SP1, 32 bit, if that makes any difference.


By any chance, does the C: volume have a boot.ini on it ?

Paul

Not that I can see, using Everything (looking everywhere - it stops
finding anything as soon a I've typed as far as "boot.i"), XTGold
(looking in the root), or Windows Explorer (looking in the root - and I
do have show hidden files etc.).

Is KB890830 the right identity for the November 2018 Malicious Software
Removal Tool?


Yes.

KB890830 is used everywhere.

It has a version number. It's been issued a bunch
of times, so the version number should be pretty high.

In effect, it's a Windows Update that keeps getting
re-issued, each time with a one-higher version number.
The version number is not a "visible" property, most
of the time.

https://www.catalog.update.microsoft...%20windows%207

There are two files listed per update.
The delta isn't the one you want.

I downloaded this sample for a look.

windows-kb890830-x64-v5.66_324d7f131dd4bd5ede96c9526a81970efeaa9d4e.exe

L:\mrt.exe\.rsrc\
version.txt

FILEVERSION 1,279,836,0
PRODUCTVERSION 1,279,836,0
FILEFLAGSMASK 0x3F
FILEFLAGS 0x0
FILEOS VOS_UNKNOWN | VOS__WINDOWS32
FILETYPE VFT_APP
FILESUBTYPE 0x0
{
BLOCK "StringFileInfo"
{
BLOCK "040904b0"
{
VALUE "CompanyName", "Microsoft Corporation"
VALUE "FileDescription", "MSRT Definition Database"
VALUE "InternalName", "itw"
VALUE "LegalCopyright", "Copyright (c) Microsoft Corporation. All rights reserved."
VALUE "OriginalFilename", "itw.vdm"
VALUE "ProductName", "Microsoft Malware Protection"
VALUE "FileVersion", "1.279.836.0"
VALUE "ProductVersion", "1.279.836.0"
}
}
BLOCK "VarFileInfo"
{
VALUE "Translation", 0x409, 1200
}
}

No mention of WinXP in that dump.

The MRT.exe file is version "5.66.15456.1".
In the one I downloaded for Win7 32 bit.

Paul
  #5  
Old November 14th 18, 04:13 PM posted to alt.windows7.general
Paul[_32_]
external usenet poster
 
Posts: 11,873
Default Rather fine booboo on MS's part! Or, update mechanism has beenhacked ...

J. P. Gilliver (John) wrote:
I got the "updates are available" popup, looked at them, and accepted.
One is the periodic "Malicious Software Removal Tool" - I usually accept
that; I know it only does a few common ones, but I've not hear of it
doing _harm_.

I then got a EULA popup containing two boxes. The top, small, box says:

"Windows Malicious Software Removal Tool - November 2018 (KB890830)"

fair enough.

The lower, large, box says:

"Prerelease Version of Service Pack 2 for Microsoft Windows XP
Professional, Home, Media Center, or Tablet PC Edition

END-USER LICENSE AGREEMENT
FOR PRERELEASE CODE

IMPORTANT-READ CAREFULLY:
This End-User License Agreement for Prerelease Code ("EULA") is a"

then goes on to give the rest of the EULA, with accept and decline buttons.

Anyone else (who has "notify" for updates) got this? If so, is it just a
booboo on MS's part - they've used the text from XP-SP2 (and the
pre-release version of that) in the EULA box - or has the update
mechanism been hacked?

Running 7 Hope Premium, SP1, 32 bit, if that makes any difference.


OK, now I see what you're talking about.

I didn't realize you could get a EULA prompt in
the Windows Update dialog, microseconds after clicking the
install button (after making your selections in the list).

https://i.postimg.cc/X7P6G6qj/MSRT-EULA.gif

Paul
  #6  
Old November 14th 18, 05:31 PM posted to alt.windows7.general
J. P. Gilliver (John)[_4_]
external usenet poster
 
Posts: 2,679
Default Rather fine booboo on MS's part! Or, update mechanism has been hacked ...

In message , Paul
writes:
J. P. Gilliver (John) wrote:
In message , Paul
writes:
[]
I then got a EULA popup containing two boxes. The top, small, box says:
"Windows Malicious Software Removal Tool - November 2018 (KB890830)"
fair enough.
The lower, large, box says:

[]
I've since scanned briefly through the EULA, and it really is the one
for XPSP2 - "solely in connection with a licensed copy of
Microsoft Windows XP Professional Edition, Windows

[]
Running 7 Hope Premium, SP1, 32 bit, if that makes any difference.

(Home)
[]
KB890830 is used everywhere.

It has a version number. It's been issued a bunch
of times, so the version number should be pretty high.

In effect, it's a Windows Update that keeps getting
re-issued, each time with a one-higher version number.
The version number is not a "visible" property, most
of the time.


So I can't check from the Windows that appear as part of Windows Update.
All I can see about it is that it's 11.7 MB.
[]
windows-kb890830-x64-v5.66_324d7f131dd4bd5ede96c9526a81970efeaa9d4e.exe


I'm on 32-bit 7?
[]
No mention of WinXP in that dump.

[]
See http://255soft.uk/temp/Clipboard01.jpg (you may need to refresh).
--
J. P. Gilliver. UMRA: 1960/1985 MB++G()AL-IS-Ch++(p)Ar@T+H+Sh0!:`)DNAf

Does God believe in people?
  #7  
Old November 14th 18, 06:18 PM posted to alt.windows7.general
J. P. Gilliver (John)[_4_]
external usenet poster
 
Posts: 2,679
Default Rather fine booboo on MS's part! Or, update mechanism has been hacked ...

In message , Paul
writes:
[]
OK, now I see what you're talking about.

I didn't realize you could get a EULA prompt in
the Windows Update dialog, microseconds after clicking the
install button (after making your selections in the list).


No, I hadn't seen one before either.

https://i.postimg.cc/X7P6G6qj/MSRT-EULA.gif

Paul

I _think_ that's the same as mine http://255soft.uk/temp/Clipboard01.jpg
(other than Window colour); I couldn't tell for sure at the default zoom
level, and when I clicked on it I got a full-window blank rectangle, so
I presume i.postimg.cc runs some script when you click-to-zoom-in.

Anyway, which do you think is the case - someone at MS has boobed and
used (and set whatever flag makes it pop up) some ancient EULA and
accepting it will actually install (and probably run) the November 2018
MSRT, or: the update site has been hacked and it's malware? (_Seems_
unlikely, as I'd have thought any hacker good enough to have hacked that
site wouldn't have caused the popup.)

Or, of course, they've had a real brain fart, and if you proceed it'll
try to install XP-SP2 pre-release version on your Windows 7 machine!
--
J. P. Gilliver. UMRA: 1960/1985 MB++G()AL-IS-Ch++(p)Ar@T+H+Sh0!:`)DNAf

Have the courage to be ordinary - people make themselves so desperately unhappy
trying to be clever and totally original. (Robbie Coltrane, RT 8-14 Nov. 1997.)
  #8  
Old November 14th 18, 08:20 PM posted to alt.windows7.general
J. P. Gilliver (John)[_4_]
external usenet poster
 
Posts: 2,679
Default Rather fine booboo on MS's part! Or, update mechanism has been hacked ...

In message , John K.Eason
writes:
[]
"Windows Malicious Software Removal Tool - November 2018 (KB890830)"

fair enough.

The lower, large, box says:

"Prerelease Version of Service Pack 2 for Microsoft Windows XP
Professional, Home, Media Center, or Tablet PC Edition


Yes. I got the EULA and 'Prerelease bla bla...' alert, but assumed it
said Windows
7 SP2 so let it continue as normal. It's just the usual update as far
as I can see
and ran as normal.


I don't think I've seen any hint of a 7 SP2; it seems unlikely, as MS
fairly clearly want to kill 7. (Plus there's the fact that the selection
options for this "update" - and the upper box - said it was the MSRT for
November 2018.)

ISTR seeing that once before although certainly not regularly.

I'm letting it proceed. I do have an image from not _too_ long ago (-:.
--
J. P. Gilliver. UMRA: 1960/1985 MB++G()AL-IS-Ch++(p)Ar@T+H+Sh0!:`)DNAf

resentment is like drinking poison and expecting the other person to die -
attributed to Carrie Fisher by Gareth McLean, in Radio Times 28 January-3
February 2012
  #12  
Old November 15th 18, 02:00 AM posted to alt.windows7.general
Paul[_32_]
external usenet poster
 
Posts: 11,873
Default Rather fine booboo on MS's part! Or, update mechanism has beenhacked ...

J. P. Gilliver (John) wrote:


Or, of course, they've had a real brain fart, and if you proceed it'll
try to install XP-SP2 pre-release version on your Windows 7 machine!


It's just a EULA. We don't know whether it's hurting
anything or not (in terms of version selection).

If there was an actual screwup, the update would fail.
The update would do a dependency check. If it was a
WinXP scanner, it would check for WinXP first and
find it was running on Windows 7. The update history
would then show it failed to install.

Paul
 




Thread Tools
Display Modes Rate This Thread
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off






All times are GMT +1. The time now is 03:07 PM.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Copyright ©2004-2024 PCbanter.
The comments are property of their posters.