If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Display Modes |
#1
|
|||
|
|||
Emergency XP Patch
|
Ads |
#2
|
|||
|
|||
Emergency XP Patch
Ben Myers wrote:
http://www.zdnet.com/article/wannacr...r-old-systems/ Ben The server seems a little busy right now :-) Paul |
#3
|
|||
|
|||
Emergency XP Patch
Paul wrote:
Ben Myers wrote: http://www.zdnet.com/article/wannacr...r-old-systems/ Ben The server seems a little busy right now :-) Backgrounder: https://en.wikipedia.org/wiki/WannaC...somware_attack Paul |
#4
|
|||
|
|||
Emergency XP Patch
Paul wrote:
Paul wrote: Ben Myers wrote: http://www.zdnet.com/article/wannacr...r-old-systems/ Ben The server seems a little busy right now :-) Backgrounder: https://en.wikipedia.org/wiki/WannaC...somware_attack Paul After installation of windowsxp-kb4012598-x86-custom-enu_eceb7d5023bbb23c0dc633e46b9c2f14fa6ee9dd.exe (681,200 bytes) my Win10 machine can still see the file share hosted by my WinXP SP3 machine. So that works. If anything was to break after the patch, I was expecting that to fail. However, the WinXP SP3 machine can no longer see the Win10 file share for some reason ? I'm guessing what that means, is the Win10 machine got patched and just had SMBv1 switched off. A previous test of the Win10 machine, may have shown this: PS C:\WINDOWS\system32 get-smbserverconfiguration .... EnableSMB1Protocol : True ------- EnableSMB2Protocol : True ------- .... PS C:\WINDOWS\system32 I checked, and both of those flags are still True. So that's not the reason for failure. The Win10 end doesn't seem different than a couple days ago. The error I'm getting on the WinXP SP3 machine when attempting to reach the Win10 file share is: "Workgroup is not accessible. You might not have permission to use this network resource. Contact the administrator of the server to find out if you have access permissions. The service has not been started. " Hmmm. Paul |
#5
|
|||
|
|||
Emergency XP Patch
In message , Paul
writes: Paul wrote: Paul wrote: Ben Myers wrote: http://www.zdnet.com/article/wannacr...osoft-issues-p atch-for-windows-xp-and-other-old-systems/ Ben The "XP" link in that article points to: http://www.catalog.update.microsoft....0-7bd0ad7ca09a which, after a while, brings up a page (Firefox 26 says it was cancelled or something like that, but in Chrome) which is headed Update Details Security Update for Windows XP SP3 (KB4012598) Last Modified: 5/13/2017 Size: 665 KB and contains four tags: Overview (which tells us about it), Language Selection (which lists lots of languages, with English pre-ticked), Package Details, which has a couple of "n/a"s (it hasn't been superseded by anything and it doesn't supersede anything), and Install Resources which says Restart behavior: Can request restart May request user input: No Must be installed exclusively: No Requires network connectivity: No Uninstall Notes: This software update can be removed via Add/Remove Programs in Control Panel. Uninstall Steps: n/a Below and to the right of these, there's a Close button, which closes the page. On the first tab, Overview, there are links to general support, and to http://support.microsoft.com/kb/4012598. Nowhere is there any download link! If you go to http://support.microsoft.com/kb/4012598, you (after a worrying pause during which something else appears, but is then overwritten) get something headed MS17-010: Description of the security update for Windows SMB Server: March 14, 2017. That does tell you, though only in a very non-obvious way! (Eventually, via http://www.catalog.update.microsoft....aspx?q=4012598 .) The address _eventually_ seems to be (for XP): http://download.windowsupdate.com/d/...14fa6ee9dd.exe The server seems a little busy right now :-) Indeed: I was surprised how quickly it _did_ respond, given the circumstances. (It's not _fast_, by any means!) Backgrounder: https://en.wikipedia.org/wiki/WannaC...somware_attack Paul Thanks for that. After installation of windowsxp-kb4012598-x86-custom-enu_eceb7d5023bbb23c0dc633e46b9c2f14fa6ee 9dd.exe (681,200 bytes) Which, amusingly, comes out at "666 KB" in Windows Explorer (-: [] Incidentally, it requires a restart (though there's a box to tick to stop it doing one immediately if you want). -- J. P. Gilliver. UMRA: 1960/1985 MB++G()AL-IS-Ch++(p)Ar@T+H+Sh0!:`)DNAf One of my tricks as an armchair futurist is to "predict" things that are already happening and watch people tell me it will never happen. Scott Adams, 2015-3-9 |
#6
|
|||
|
|||
Emergency XP Patch
J. P. Gilliver (John) wrote:
In message , Paul writes: Paul wrote: Paul wrote: Ben Myers wrote: http://www.zdnet.com/article/wannacr...osoft-issues-p atch-for-windows-xp-and-other-old-systems/ Ben The "XP" link in that article points to: http://www.catalog.update.microsoft....0-7bd0ad7ca09a which, after a while, brings up a page (Firefox 26 says it was cancelled or something like that, but in Chrome) which is headed Update Details Security Update for Windows XP SP3 (KB4012598) Last Modified: 5/13/2017 Size: 665 KB and contains four tags: Overview (which tells us about it), Language Selection (which lists lots of languages, with English pre-ticked), Package Details, which has a couple of "n/a"s (it hasn't been superseded by anything and it doesn't supersede anything), and Install Resources which says Restart behavior: Can request restart May request user input: No Must be installed exclusively: No Requires network connectivity: No Uninstall Notes: This software update can be removed via Add/Remove Programs in Control Panel. Uninstall Steps: n/a Below and to the right of these, there's a Close button, which closes the page. On the first tab, Overview, there are links to general support, and to http://support.microsoft.com/kb/4012598. Nowhere is there any download link! If you go to http://support.microsoft.com/kb/4012598, you (after a worrying pause during which something else appears, but is then overwritten) get something headed MS17-010: Description of the security update for Windows SMB Server: March 14, 2017. That does tell you, though only in a very non-obvious way! (Eventually, via http://www.catalog.update.microsoft....aspx?q=4012598 .) The address _eventually_ seems to be (for XP): http://download.windowsupdate.com/d/...14fa6ee9dd.exe The server seems a little busy right now :-) Indeed: I was surprised how quickly it _did_ respond, given the circumstances. (It's not _fast_, by any means!) Backgrounder: https://en.wikipedia.org/wiki/WannaC...somware_attack Paul Thanks for that. After installation of windowsxp-kb4012598-x86-custom-enu_eceb7d5023bbb23c0dc633e46b9c2f14fa6ee 9dd.exe (681,200 bytes) Which, amusingly, comes out at "666 KB" in Windows Explorer (-: [] Incidentally, it requires a restart (though there's a box to tick to stop it doing one immediately if you want). Back when you were in the main "catalog" page, the download button is on the right-hand column. The "info" button that throws up the more info kinda page, that's in the left column. So you wanted the right hand column. ******* Some more test results: With patch kb4012598 installed on WinXP, Win10 to WinXP works (as reported) WinXP to Win10 15063.296 (in Wireshark) shows NTLMSSP Status_More_Processing_Required and the WinXP end reports "Service Not Running" presumably a response to what it got from Win10. Removal of the patch and reboot of WinXP end, WinXP to Win10 15063.296 (in Wireshark) shows NTLMSSP Status_More_Processing_Required So somehow, the Win10 end is state-ful, and it remembers something the patched WinXP machine sent to it. Then, reboot of Win10 end, and retest from (unpatched) WinXP end, WinXP to Win10 15063.296 works again. Currently, I'm leaving that patch "yanked". Paul |
#7
|
|||
|
|||
Emergency XP Patch
Ben Myers wrote:
http://www.zdnet.com/article/wannacr...r-old-systems/ Is it or is Windows Update not connecting? -- Happy Mother's Day to all moms including queen ants! Note: A fixed width font (Courier, Monospace, etc.) is required to see this signature correctly. /\___/\ Ant(Dude) @ http://antfarm.home.dhs.org (Personal Web Site) / /\ /\ \ Ant's Quality Foraged Links: http://aqfl.net | |o o| | \ _ / Please nuke ANT if replying by e-mail privately. If credit- ( ) ing, then please kindly use Ant nickname and AQFL URL/link. |
#8
|
|||
|
|||
Emergency XP Patch
Ant wrote:
Ben Myers wrote: http://www.zdnet.com/article/wannacr...r-old-systems/ Is it or is Windows Update not connecting? NOT connecting. Use the catalog server link. This works for me in Seamonkey. Probably not in IE6. http://www.catalog.update.microsoft....aspx?q=4012598 The blue text on the left brings up the info panel. The blue text on the right, does the actual download. Select the entry which matches your OS. You can add additional qualifying descriptive terms to the search, but sometimes nothing comes back. For example, if you did a search on "Windows XP", then 5000 things should come back. So you can do silly searches, if you want. The downloaded file, is usually armed with checking logic. If you download the Win10 file and try to install it on Windows XP, it'll stop you. Paul |
#9
|
|||
|
|||
Emergency XP Patch
Paul wrote:
Ant wrote: Ben Myers wrote: http://www.zdnet.com/article/wannacr...r-old-systems/ Is it or is Windows Update not connecting? NOT connecting. Use the catalog server link. This works for me in Seamonkey. Probably not in IE6. http://www.catalog.update.microsoft....aspx?q=4012598 Thanks. I noticed I am not getting this offered update via Windows XP's background service. Is that also not working these days? I waited over the weekend too. -- Quote of the Week: "In every enemy that is an ant, behold an elephant." --Turkish Note: A fixed width font (Courier, Monospace, etc.) is required to see this signature correctly. /\___/\ Ant(Dude) @ http://antfarm.home.dhs.org (Personal Web Site) / /\ /\ \ Ant's Quality Foraged Links: http://aqfl.net | |o o| | \ _ / Please nuke ANT if replying by e-mail privately. If credit- ( ) ing, then please kindly use Ant nickname and AQFL URL/link. |
#10
|
|||
|
|||
Emergency XP Patch
Ant wrote:
Paul wrote: Ant wrote: Ben Myers wrote: http://www.zdnet.com/article/wannacr...r-old-systems/ Is it or is Windows Update not connecting? NOT connecting. Use the catalog server link. This works for me in Seamonkey. Probably not in IE6. http://www.catalog.update.microsoft....aspx?q=4012598 Thanks. I noticed I am not getting this offered update via Windows XP's background service. Is that also not working these days? I waited over the weekend too. Did you enter this link, and select a WinXP SP3 entry and use the Download blue link on the right ? http://www.catalog.update.microsoft....aspx?q=4012598 I was surprised when my Windows Update didn't list 4012598. It listed one in the 2-3 million range but that was the most recent one on offer in there. Paul |
#11
|
|||
|
|||
Emergency XP Patch
In message , Ant
writes Paul wrote: Ant wrote: Ben Myers wrote: http://www.zdnet.com/article/wannacr...r-old-systems/ Is it or is Windows Update not connecting? NOT connecting. Use the catalog server link. This works for me in Seamonkey. Probably not in IE6. http://www.catalog.update.microsoft....aspx?q=4012598 Thanks. I noticed I am not getting this offered update via Windows XP's background service. Is that also not working these days? I waited over the weekend too. The usual XP Updates server disappeared a week ago, and hasn't returned. -- Ian |
#12
|
|||
|
|||
Emergency XP Patch
Ian Jackson wrote:
In message , Ant writes Paul wrote: Ant wrote: Ben Myers wrote: http://www.zdnet.com/article/wannacr...r-old-systems/ Is it or is Windows Update not connecting? NOT connecting. Use the catalog server link. This works for me in Seamonkey. Probably not in IE6. http://www.catalog.update.microsoft....aspx?q=4012598 Thanks. I noticed I am not getting this offered update via Windows XP's background service. Is that also not working these days? I waited over the weekend too. The usual XP Updates server disappeared a week ago, and hasn't returned. Did you try this link, in Internet Explorer ? http://www.update.microsoft.com/wind....aspx?ln=en-us Paul |
#13
|
|||
|
|||
Emergency XP Patch
In message , Paul
writes Ian Jackson wrote: In message , Ant writes Paul wrote: Ant wrote: Ben Myers wrote: http://www.zdnet.com/article/wannacr...omware-micros0 oft-issues-patch-for-windows-xp-and-other-old-systems/ Is it or is Windows Update not connecting? NOT connecting. Use the catalog server link. This works for me in Seamonkey. Probably not in IE6. http://www.catalog.update.microsoft....aspx?q=4012598 Thanks. I noticed I am not getting this offered update via Windows XP's background service. Is that also not working these days? I waited over the weekend too. The usual XP Updates server disappeared a week ago, and hasn't returned. Did you try this link, in Internet Explorer ? http://www.update.microsoft.com/wind....aspx?ln=en-us Paul Yes (and others). The link to the Microsoft Download Center simply takes you to Microsoft's latest and greatest (which doesn't include XP!). The instruction to turn on Automatic Updates is ineffective. Updates (automatic or manual) no longer connect to the server (try going to Control Panel and Security Center, and check for the latest updates). I'm not the only one who finds this is so. A friend (who has just donated me two PCs on which he installed XP plus updates last week) also realised that, a few days later, updates were no longer available. Interestingly, my older XP machines have, in Start, All Programs, have a Windows Update and a Microsoft Update. Windows Update takes you to http://windowsupdate.microsoft.com/ (which is where you get if you use the Security Centre route) and you get "Internet Explorer cannot display the webpage" Microsoft Update actually allows you to get to the "Checking for the latest updates for your computer..." page - but it simply checks for ever and ever. It never tells you that no new updates are available. So it does seem that, at least for the time being, that the normal XP updates are no longer available. I've tried seven PCs. Or am I mistaken? -- Ian |
#14
|
|||
|
|||
Emergency XP Patch
Ian Jackson wrote:
In message , Paul writes Ian Jackson wrote: In message , Ant writes Paul wrote: Ant wrote: Ben Myers wrote: http://www.zdnet.com/article/wannacr...omware-micros0 oft-issues-patch-for-windows-xp-and-other-old-systems/ Is it or is Windows Update not connecting? NOT connecting. Use the catalog server link. This works for me in Seamonkey. Probably not in IE6. http://www.catalog.update.microsoft....aspx?q=4012598 Thanks. I noticed I am not getting this offered update via Windows XP's background service. Is that also not working these days? I waited over the weekend too. The usual XP Updates server disappeared a week ago, and hasn't returned. Did you try this link, in Internet Explorer ? http://www.update.microsoft.com/wind....aspx?ln=en-us Paul Yes (and others). The link to the Microsoft Download Center simply takes you to Microsoft's latest and greatest (which doesn't include XP!). The instruction to turn on Automatic Updates is ineffective. Updates (automatic or manual) no longer connect to the server (try going to Control Panel and Security Center, and check for the latest updates). I'm not the only one who finds this is so. A friend (who has just donated me two PCs on which he installed XP plus updates last week) also realised that, a few days later, updates were no longer available. Interestingly, my older XP machines have, in Start, All Programs, have a Windows Update and a Microsoft Update. Windows Update takes you to http://windowsupdate.microsoft.com/ (which is where you get if you use the Security Centre route) and you get "Internet Explorer cannot display the webpage" Microsoft Update actually allows you to get to the "Checking for the latest updates for your computer..." page - but it simply checks for ever and ever. It never tells you that no new updates are available. So it does seem that, at least for the time being, that the normal XP updates are no longer available. I've tried seven PCs. Or am I mistaken? (Right now) https://s23.postimg.org/tdqbz29ff/winxp_updates.gif A Windows Update run consists of: 1) Some kind of ActiveX plugin the Internet Explorer browser pulls from the site. Something is supposed to be in the browser at the start, and it can request you install a new ActiveX plugin if your one isn't modern enough. The objective of all this, is to get a Genuine check in there as well. There are two Genuine checks, and a later one (that comes in as a KB), is the "nag" one. I try to avoid that one if I can. Similarly, I try to avoid the WinXP "End of Support" KB, which just puts a nag on the screen. That's not a security update, and doesn't belong in there. 2) It runs wuauserv in a SVCHOST locally, to examine packages and the like. If you (successfully) visit a URL serving updates, the ActiveX plugin downloads some kind of manifest list for updates. But the updates cannot begin until they've been checked. The wuauserv does something, to work out which of the offered updates are still outstanding. And which of the offered updates "supersede" the others. In WinXP, sometimes you will see a SVCHOST remain at 100% CPU on one CPU core, for hours at a time. And this is the "supersede' check, gone nuts. That can prevent the list of updates from painting on the screen. To get Windows Update to actually list the updates, you can simply wait hours or days for it to finish the looping behavior (Vista might never come back). I usually run out of patience after a while, so I've probably not waited more than 12-24 hours or so before I gave up. ******* The Microsoft Baseline Security Analyzer (version 2.3) or MBSA 2.3, does the same analysis. One difference is, it uses a less-thorough "supersede" check. If it tells me, on a new WinXP install, that I have 70 updates missing, if I attempt to download, then install all 70, it will tell me that "this update is not appropriate" or words to that effect, for 2 of them. So it cannot tell those two do not belong. But on the other hand, MBSA can paint the screen with information, within 5 minutes or so. I can go to catalog.update.microsoft.com and get those 70 items (yes, it takes two or three hours to manually patch). You then examine the list: Things you might see: 1) Internet Explorer Cumulative Update for MonthCode-YearCode There are many patches to Internet Explorer. You want to manually go to catalog.update.microsoft.com and attempt to find the latest one. That will "prune" the "supersede" calculation a bit, the next time you visit Windows Update. 2) MRT - that's the Microsoft monthly scan for the top flavors of malware. This is a recurring update. The "wuauserv" has a hard time figuring out that the last one is the best one. You can download the MRT for the last month it was available for WinXP (whatever that is). As you gradually locate the "recurrent" updates and install the latest ones, that helps wuauserv respond in fewer hours the next time. There are three subsystems that have deep supersede trees. GDIplus.dll, win32k.sys (the kernel, patched many times), and Adobe Font Manager (atmfm.dll or such like). Any time new patches appear, which affect those files, that throws wuauserv off into the weeds again. In the case of Vista, there is a short list of five or six patches you can get from catalog.update.microsoft.com, to squelch that. The above methods are in lieu of a proper fix. Windows 7 had a couple patches that helped a lot, in bringing down the time required for wuauserv to finish. Windows 8.1 had something similar. The looping behavior is an architectural limit. It results from the ability of wuauserv, to examine things on a file by file basis, sorting the versions, and doing this in some sort of large structure in memory. The more updates have been issued, the larger the tree gets, the slower it gets. It "resolves" faster, if you can prune the recurring ones. On WinXP, you do not need the latest version of Internet Explorer. You could, in theory, install the latest Cumulative for Internet Explorer 6, and that would allow wuauserv to complete in a short time. On the latest OSes, not only must you use the Cumulative, but the thing also needs the most recent version of IE. So if your OS accepts up to IE11 say, then you'd need to install IE11 first, then install the latest Cumulative for IE11. And that brings down the wuauserv time. (With a properly patched IE, the wuauserv takes 60% of the original delay time constant.) Some OSes are very hard to tame and make responsive. It took me three tries to fix Vista. But I beat the thing. I would not have been able to do it, without a post from the wsusoffline forum, where one of their designers had a short list of Vista patches, that reduce the supersede calculation to five minutes. So of all the OSes, Vista is worst, WinXP is bad but not as bad as Vista for this, and the others, can be fixed with their known list of patches. so just getting the web site to respond and see your first Windows Update decorations, that's the first step. But the second step is, the list of updates cannot paint the screen, until the local SVCHOST containing wuauserv, stops hammering the processor. The same kind of logic is in MBSA 2.3, except it doesn't loop like crazy, and it can prepare a list of updates in less time than the regular Windows Update can. Paul |
Thread Tools | |
Display Modes | |
|
|