A Windows XP help forum. PCbanter

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

Go Back   Home » PCbanter forum » Microsoft Windows XP » General XP issues or comments
Site Map Home Register Authors List Search Today's Posts Mark Forums Read Web Partners

Emergency XP Patch



 
 
Thread Tools Display Modes
  #1  
Old May 13th 17, 02:31 PM posted to microsoft.public.windowsxp.general
Ben Myers[_10_]
external usenet poster
 
Posts: 2
Default Emergency XP Patch

http://www.zdnet.com/article/wannacr...r-old-systems/

Ben
Ads
  #2  
Old May 13th 17, 03:06 PM posted to microsoft.public.windowsxp.general
Paul[_32_]
external usenet poster
 
Posts: 11,873
Default Emergency XP Patch

Ben Myers wrote:
http://www.zdnet.com/article/wannacr...r-old-systems/

Ben


The server seems a little busy right now :-)

Paul
  #3  
Old May 13th 17, 03:18 PM posted to microsoft.public.windowsxp.general
Paul[_32_]
external usenet poster
 
Posts: 11,873
Default Emergency XP Patch

Paul wrote:
Ben Myers wrote:
http://www.zdnet.com/article/wannacr...r-old-systems/

Ben


The server seems a little busy right now :-)


Backgrounder:

https://en.wikipedia.org/wiki/WannaC...somware_attack

Paul
  #4  
Old May 13th 17, 04:16 PM posted to microsoft.public.windowsxp.general
Paul[_32_]
external usenet poster
 
Posts: 11,873
Default Emergency XP Patch

Paul wrote:
Paul wrote:
Ben Myers wrote:
http://www.zdnet.com/article/wannacr...r-old-systems/

Ben


The server seems a little busy right now :-)


Backgrounder:

https://en.wikipedia.org/wiki/WannaC...somware_attack

Paul


After installation of

windowsxp-kb4012598-x86-custom-enu_eceb7d5023bbb23c0dc633e46b9c2f14fa6ee9dd.exe
(681,200 bytes)

my Win10 machine can still see the file share hosted
by my WinXP SP3 machine. So that works. If anything was
to break after the patch, I was expecting that to fail.

However, the WinXP SP3 machine can no longer
see the Win10 file share for some reason ? I'm guessing
what that means, is the Win10 machine got patched and
just had SMBv1 switched off.

A previous test of the Win10 machine, may have shown this:

PS C:\WINDOWS\system32 get-smbserverconfiguration
....
EnableSMB1Protocol : True -------
EnableSMB2Protocol : True -------
....
PS C:\WINDOWS\system32

I checked, and both of those flags are still True.
So that's not the reason for failure. The Win10 end
doesn't seem different than a couple days ago.

The error I'm getting on the WinXP SP3 machine when
attempting to reach the Win10 file share is:

"Workgroup is not accessible.
You might not have permission to use this network resource.
Contact the administrator of the server to find out if
you have access permissions.

The service has not been started.
"

Hmmm.

Paul
  #5  
Old May 13th 17, 06:10 PM posted to microsoft.public.windowsxp.general
J. P. Gilliver (John)[_4_]
external usenet poster
 
Posts: 2,679
Default Emergency XP Patch

In message , Paul
writes:
Paul wrote:
Paul wrote:
Ben Myers wrote:

http://www.zdnet.com/article/wannacr...osoft-issues-p
atch-for-windows-xp-and-other-old-systems/
Ben


The "XP" link in that article points to:
http://www.catalog.update.microsoft....0-7bd0ad7ca09a
which, after a while, brings up a page (Firefox 26 says it was cancelled
or something like that, but in Chrome) which is headed

Update Details
Security Update for Windows XP SP3 (KB4012598)
Last Modified: 5/13/2017
Size: 665 KB

and contains four tags: Overview (which tells us about it), Language
Selection (which lists lots of languages, with English pre-ticked),
Package Details, which has a couple of "n/a"s (it hasn't been superseded
by anything and it doesn't supersede anything), and Install Resources
which says

Restart behavior: Can request restart
May request user input: No
Must be installed exclusively: No
Requires network connectivity: No
Uninstall Notes:
This software update can be removed via Add/Remove Programs in Control
Panel.
Uninstall Steps: n/a

Below and to the right of these, there's a Close button, which closes
the page. On the first tab, Overview, there are links to general
support, and to http://support.microsoft.com/kb/4012598.

Nowhere is there any download link!

If you go to http://support.microsoft.com/kb/4012598, you (after a
worrying pause during which something else appears, but is then
overwritten) get something headed

MS17-010: Description of the security update for Windows SMB Server:
March 14, 2017. That does tell you, though only in a very non-obvious
way! (Eventually, via
http://www.catalog.update.microsoft....aspx?q=4012598 .)

The address _eventually_ seems to be (for XP):
http://download.windowsupdate.com/d/...14fa6ee9dd.exe


The server seems a little busy right now :-)


Indeed: I was surprised how quickly it _did_ respond, given the
circumstances. (It's not _fast_, by any means!)

Backgrounder:
https://en.wikipedia.org/wiki/WannaC...somware_attack
Paul


Thanks for that.

After installation of


windowsxp-kb4012598-x86-custom-enu_eceb7d5023bbb23c0dc633e46b9c2f14fa6ee
9dd.exe
(681,200 bytes)


Which, amusingly, comes out at "666 KB" in Windows Explorer (-:
[]
Incidentally, it requires a restart (though there's a box to tick to
stop it doing one immediately if you want).
--
J. P. Gilliver. UMRA: 1960/1985 MB++G()AL-IS-Ch++(p)Ar@T+H+Sh0!:`)DNAf

One of my tricks as an armchair futurist is to "predict" things that are
already happening and watch people tell me it will never happen.
Scott Adams, 2015-3-9
  #6  
Old May 13th 17, 06:42 PM posted to microsoft.public.windowsxp.general
Paul[_32_]
external usenet poster
 
Posts: 11,873
Default Emergency XP Patch

J. P. Gilliver (John) wrote:
In message , Paul
writes:
Paul wrote:
Paul wrote:
Ben Myers wrote:

http://www.zdnet.com/article/wannacr...osoft-issues-p
atch-for-windows-xp-and-other-old-systems/
Ben


The "XP" link in that article points to:
http://www.catalog.update.microsoft....0-7bd0ad7ca09a

which, after a while, brings up a page (Firefox 26 says it was cancelled
or something like that, but in Chrome) which is headed

Update Details
Security Update for Windows XP SP3 (KB4012598)
Last Modified: 5/13/2017
Size: 665 KB

and contains four tags: Overview (which tells us about it), Language
Selection (which lists lots of languages, with English pre-ticked),
Package Details, which has a couple of "n/a"s (it hasn't been superseded
by anything and it doesn't supersede anything), and Install Resources
which says

Restart behavior: Can request restart
May request user input: No
Must be installed exclusively: No
Requires network connectivity: No
Uninstall Notes:
This software update can be removed via Add/Remove Programs in Control
Panel.
Uninstall Steps: n/a

Below and to the right of these, there's a Close button, which closes
the page. On the first tab, Overview, there are links to general
support, and to http://support.microsoft.com/kb/4012598.

Nowhere is there any download link!

If you go to http://support.microsoft.com/kb/4012598, you (after a
worrying pause during which something else appears, but is then
overwritten) get something headed

MS17-010: Description of the security update for Windows SMB Server:
March 14, 2017. That does tell you, though only in a very non-obvious
way! (Eventually, via
http://www.catalog.update.microsoft....aspx?q=4012598 .)

The address _eventually_ seems to be (for XP):
http://download.windowsupdate.com/d/...14fa6ee9dd.exe



The server seems a little busy right now :-)


Indeed: I was surprised how quickly it _did_ respond, given the
circumstances. (It's not _fast_, by any means!)

Backgrounder:
https://en.wikipedia.org/wiki/WannaC...somware_attack
Paul


Thanks for that.

After installation of


windowsxp-kb4012598-x86-custom-enu_eceb7d5023bbb23c0dc633e46b9c2f14fa6ee
9dd.exe
(681,200 bytes)


Which, amusingly, comes out at "666 KB" in Windows Explorer (-:
[]
Incidentally, it requires a restart (though there's a box to tick to
stop it doing one immediately if you want).


Back when you were in the main "catalog" page, the download
button is on the right-hand column. The "info" button that
throws up the more info kinda page, that's in the left column.
So you wanted the right hand column.

*******

Some more test results:

With patch kb4012598 installed on WinXP,

Win10 to WinXP works (as reported)

WinXP to Win10 15063.296 (in Wireshark) shows
NTLMSSP Status_More_Processing_Required
and the WinXP end reports "Service Not Running"
presumably a response to what it got from Win10.

Removal of the patch and reboot of WinXP end,

WinXP to Win10 15063.296 (in Wireshark) shows
NTLMSSP Status_More_Processing_Required

So somehow, the Win10 end is state-ful, and it remembers
something the patched WinXP machine sent to it.

Then, reboot of Win10 end, and retest from (unpatched) WinXP end,

WinXP to Win10 15063.296 works again.

Currently, I'm leaving that patch "yanked".

Paul
  #7  
Old May 14th 17, 08:53 PM posted to microsoft.public.windowsxp.general
Ant[_2_]
external usenet poster
 
Posts: 554
Default Emergency XP Patch

Ben Myers wrote:
http://www.zdnet.com/article/wannacr...r-old-systems/


Is it or is Windows Update not connecting?
--
Happy Mother's Day to all moms including queen ants!
Note: A fixed width font (Courier, Monospace, etc.) is required to see this signature correctly.
/\___/\ Ant(Dude) @ http://antfarm.home.dhs.org (Personal Web Site)
/ /\ /\ \ Ant's Quality Foraged Links: http://aqfl.net
| |o o| |
\ _ / Please nuke ANT if replying by e-mail privately. If credit-
( ) ing, then please kindly use Ant nickname and AQFL URL/link.
  #8  
Old May 14th 17, 10:00 PM posted to microsoft.public.windowsxp.general
Paul[_32_]
external usenet poster
 
Posts: 11,873
Default Emergency XP Patch

Ant wrote:
Ben Myers wrote:
http://www.zdnet.com/article/wannacr...r-old-systems/


Is it or is Windows Update not connecting?


NOT connecting.

Use the catalog server link. This works for me in Seamonkey.
Probably not in IE6.

http://www.catalog.update.microsoft....aspx?q=4012598

The blue text on the left brings up the info panel.

The blue text on the right, does the actual download.

Select the entry which matches your OS.

You can add additional qualifying descriptive terms to the
search, but sometimes nothing comes back.

For example, if you did a search on "Windows XP", then
5000 things should come back. So you can do silly searches,
if you want.

The downloaded file, is usually armed with checking logic.
If you download the Win10 file and try to install it on
Windows XP, it'll stop you.

Paul
  #9  
Old May 16th 17, 04:47 AM posted to microsoft.public.windowsxp.general
Ant[_2_]
external usenet poster
 
Posts: 554
Default Emergency XP Patch

Paul wrote:
Ant wrote:
Ben Myers wrote:
http://www.zdnet.com/article/wannacr...r-old-systems/


Is it or is Windows Update not connecting?


NOT connecting.


Use the catalog server link. This works for me in Seamonkey.
Probably not in IE6.


http://www.catalog.update.microsoft....aspx?q=4012598


Thanks. I noticed I am not getting this offered update via Windows XP's
background service. Is that also not working these days? I waited over
the weekend too.
--
Quote of the Week: "In every enemy that is an ant, behold an elephant." --Turkish
Note: A fixed width font (Courier, Monospace, etc.) is required to see this signature correctly.
/\___/\ Ant(Dude) @ http://antfarm.home.dhs.org (Personal Web Site)
/ /\ /\ \ Ant's Quality Foraged Links: http://aqfl.net
| |o o| |
\ _ / Please nuke ANT if replying by e-mail privately. If credit-
( ) ing, then please kindly use Ant nickname and AQFL URL/link.
  #10  
Old May 16th 17, 08:18 AM posted to microsoft.public.windowsxp.general
Paul[_32_]
external usenet poster
 
Posts: 11,873
Default Emergency XP Patch

Ant wrote:
Paul wrote:
Ant wrote:
Ben Myers wrote:
http://www.zdnet.com/article/wannacr...r-old-systems/
Is it or is Windows Update not connecting?


NOT connecting.


Use the catalog server link. This works for me in Seamonkey.
Probably not in IE6.


http://www.catalog.update.microsoft....aspx?q=4012598


Thanks. I noticed I am not getting this offered update via Windows XP's
background service. Is that also not working these days? I waited over
the weekend too.


Did you enter this link, and select a WinXP SP3 entry and use
the Download blue link on the right ?

http://www.catalog.update.microsoft....aspx?q=4012598

I was surprised when my Windows Update didn't list 4012598.
It listed one in the 2-3 million range but that was the most
recent one on offer in there.

Paul
  #11  
Old May 16th 17, 08:31 AM posted to microsoft.public.windowsxp.general
Ian Jackson[_4_]
external usenet poster
 
Posts: 75
Default Emergency XP Patch

In message , Ant
writes
Paul wrote:
Ant wrote:
Ben Myers wrote:














http://www.zdnet.com/article/wannacr...r-old-systems/

Is it or is Windows Update not connecting?


NOT connecting.


Use the catalog server link. This works for me in Seamonkey.
Probably not in IE6.


http://www.catalog.update.microsoft....aspx?q=4012598


Thanks. I noticed I am not getting this offered update via Windows XP's
background service. Is that also not working these days? I waited over
the weekend too.


The usual XP Updates server disappeared a week ago, and hasn't returned.
--
Ian
  #12  
Old May 16th 17, 10:40 AM posted to microsoft.public.windowsxp.general
Paul[_32_]
external usenet poster
 
Posts: 11,873
Default Emergency XP Patch

Ian Jackson wrote:
In message , Ant
writes
Paul wrote:
Ant wrote:
Ben Myers wrote:


http://www.zdnet.com/article/wannacr...r-old-systems/


Is it or is Windows Update not connecting?


NOT connecting.


Use the catalog server link. This works for me in Seamonkey.
Probably not in IE6.


http://www.catalog.update.microsoft....aspx?q=4012598


Thanks. I noticed I am not getting this offered update via Windows XP's
background service. Is that also not working these days? I waited over
the weekend too.


The usual XP Updates server disappeared a week ago, and hasn't returned.


Did you try this link, in Internet Explorer ?

http://www.update.microsoft.com/wind....aspx?ln=en-us

Paul
  #13  
Old May 16th 17, 11:49 AM posted to microsoft.public.windowsxp.general
Ian Jackson[_4_]
external usenet poster
 
Posts: 75
Default Emergency XP Patch

In message , Paul
writes
Ian Jackson wrote:
In message , Ant
writes
Paul wrote:
Ant wrote:
Ben Myers wrote:

















http://www.zdnet.com/article/wannacr...omware-micros0 oft-issues-patch-for-windows-xp-and-other-old-systems/


Is it or is Windows Update not connecting?

NOT connecting.

Use the catalog server link. This works for me in Seamonkey.
Probably not in IE6.

http://www.catalog.update.microsoft....aspx?q=4012598

Thanks. I noticed I am not getting this offered update via Windows XP's
background service. Is that also not working these days? I waited over
the weekend too.

The usual XP Updates server disappeared a week ago, and hasn't
returned.


Did you try this link, in Internet Explorer ?

http://www.update.microsoft.com/wind....aspx?ln=en-us

Paul


Yes (and others).

The link to the Microsoft Download Center simply takes you to
Microsoft's latest and greatest (which doesn't include XP!).

The instruction to turn on Automatic Updates is ineffective. Updates
(automatic or manual) no longer connect to the server (try going to
Control Panel and Security Center, and check for the latest updates).

I'm not the only one who finds this is so. A friend (who has just
donated me two PCs on which he installed XP plus updates last week) also
realised that, a few days later, updates were no longer available.

Interestingly, my older XP machines have, in Start, All Programs, have a
Windows Update and a Microsoft Update.

Windows Update takes you to
http://windowsupdate.microsoft.com/
(which is where you get if you use the Security Centre route)
and you get
"Internet Explorer cannot display the webpage"

Microsoft Update actually allows you to get to the
"Checking for the latest updates for your computer..." page - but it
simply checks for ever and ever. It never tells you that no new updates
are available.

So it does seem that, at least for the time being, that the normal XP
updates are no longer available. I've tried seven PCs. Or am I mistaken?
--
Ian
  #14  
Old May 16th 17, 03:50 PM posted to microsoft.public.windowsxp.general
Paul[_32_]
external usenet poster
 
Posts: 11,873
Default Emergency XP Patch

Ian Jackson wrote:
In message , Paul
writes
Ian Jackson wrote:
In message , Ant
writes
Paul wrote:
Ant wrote:
Ben Myers wrote:

http://www.zdnet.com/article/wannacr...omware-micros0
oft-issues-patch-for-windows-xp-and-other-old-systems/


Is it or is Windows Update not connecting?

NOT connecting.

Use the catalog server link. This works for me in Seamonkey.
Probably not in IE6.

http://www.catalog.update.microsoft....aspx?q=4012598

Thanks. I noticed I am not getting this offered update via Windows XP's
background service. Is that also not working these days? I waited over
the weekend too.
The usual XP Updates server disappeared a week ago, and hasn't
returned.


Did you try this link, in Internet Explorer ?

http://www.update.microsoft.com/wind....aspx?ln=en-us

Paul


Yes (and others).

The link to the Microsoft Download Center simply takes you to
Microsoft's latest and greatest (which doesn't include XP!).

The instruction to turn on Automatic Updates is ineffective. Updates
(automatic or manual) no longer connect to the server (try going to
Control Panel and Security Center, and check for the latest updates).

I'm not the only one who finds this is so. A friend (who has just
donated me two PCs on which he installed XP plus updates last week) also
realised that, a few days later, updates were no longer available.

Interestingly, my older XP machines have, in Start, All Programs, have a
Windows Update and a Microsoft Update.

Windows Update takes you to
http://windowsupdate.microsoft.com/
(which is where you get if you use the Security Centre route)
and you get
"Internet Explorer cannot display the webpage"

Microsoft Update actually allows you to get to the
"Checking for the latest updates for your computer..." page - but it
simply checks for ever and ever. It never tells you that no new updates
are available.

So it does seem that, at least for the time being, that the normal XP
updates are no longer available. I've tried seven PCs. Or am I mistaken?


(Right now)

https://s23.postimg.org/tdqbz29ff/winxp_updates.gif

A Windows Update run consists of:

1) Some kind of ActiveX plugin the Internet Explorer browser pulls from the site.
Something is supposed to be in the browser at the start, and it can
request you install a new ActiveX plugin if your one isn't modern enough.
The objective of all this, is to get a Genuine check in there as well.
There are two Genuine checks, and a later one (that comes in as a KB),
is the "nag" one. I try to avoid that one if I can. Similarly, I try to
avoid the WinXP "End of Support" KB, which just puts a nag on the screen.
That's not a security update, and doesn't belong in there.

2) It runs wuauserv in a SVCHOST locally, to examine packages and
the like. If you (successfully) visit a URL serving updates, the
ActiveX plugin downloads some kind of manifest list for updates.
But the updates cannot begin until they've been checked. The wuauserv
does something, to work out which of the offered updates are
still outstanding. And which of the offered updates "supersede"
the others.

In WinXP, sometimes you will see a SVCHOST remain at 100% CPU on one
CPU core, for hours at a time. And this is the "supersede' check, gone nuts.
That can prevent the list of updates from painting on the screen.

To get Windows Update to actually list the updates, you can simply wait
hours or days for it to finish the looping behavior (Vista might never
come back). I usually run out of patience after a while, so I've probably
not waited more than 12-24 hours or so before I gave up.

*******

The Microsoft Baseline Security Analyzer (version 2.3) or
MBSA 2.3, does the same analysis. One difference is, it uses a less-thorough
"supersede" check. If it tells me, on a new WinXP install, that I
have 70 updates missing, if I attempt to download, then install
all 70, it will tell me that "this update is not appropriate"
or words to that effect, for 2 of them. So it cannot tell those
two do not belong. But on the other hand, MBSA can paint the screen
with information, within 5 minutes or so. I can go to catalog.update.microsoft.com
and get those 70 items (yes, it takes two or three hours to manually
patch).

You then examine the list:

Things you might see:

1) Internet Explorer Cumulative Update for MonthCode-YearCode

There are many patches to Internet Explorer. You want to manually
go to catalog.update.microsoft.com and attempt to find the latest
one. That will "prune" the "supersede" calculation a bit, the
next time you visit Windows Update.

2) MRT - that's the Microsoft monthly scan for the top flavors of malware.
This is a recurring update. The "wuauserv" has a hard time figuring
out that the last one is the best one. You can download the MRT
for the last month it was available for WinXP (whatever that is).

As you gradually locate the "recurrent" updates and install the
latest ones, that helps wuauserv respond in fewer hours the next time.

There are three subsystems that have deep supersede trees. GDIplus.dll,
win32k.sys (the kernel, patched many times), and Adobe Font Manager
(atmfm.dll or such like). Any time new patches appear, which affect
those files, that throws wuauserv off into the weeds again. In the
case of Vista, there is a short list of five or six patches
you can get from catalog.update.microsoft.com, to squelch that.

The above methods are in lieu of a proper fix.

Windows 7 had a couple patches that helped a lot, in bringing
down the time required for wuauserv to finish.

Windows 8.1 had something similar.

The looping behavior is an architectural limit. It results
from the ability of wuauserv, to examine things on a file
by file basis, sorting the versions, and doing this in
some sort of large structure in memory. The more updates
have been issued, the larger the tree gets, the slower
it gets. It "resolves" faster, if you can prune the recurring
ones.

On WinXP, you do not need the latest version of Internet Explorer.
You could, in theory, install the latest Cumulative for Internet
Explorer 6, and that would allow wuauserv to complete in a short time.

On the latest OSes, not only must you use the Cumulative, but the
thing also needs the most recent version of IE. So if your OS
accepts up to IE11 say, then you'd need to install IE11 first,
then install the latest Cumulative for IE11. And that brings
down the wuauserv time. (With a properly patched IE, the
wuauserv takes 60% of the original delay time constant.)

Some OSes are very hard to tame and make responsive. It took
me three tries to fix Vista. But I beat the thing. I would
not have been able to do it, without a post from the
wsusoffline forum, where one of their designers had a
short list of Vista patches, that reduce the supersede
calculation to five minutes. So of all the OSes, Vista is
worst, WinXP is bad but not as bad as Vista for this,
and the others, can be fixed with their known list
of patches.

so just getting the web site to respond and see your first
Windows Update decorations, that's the first step. But the
second step is, the list of updates cannot paint the screen,
until the local SVCHOST containing wuauserv, stops hammering
the processor.

The same kind of logic is in MBSA 2.3, except it doesn't
loop like crazy, and it can prepare a list of updates in
less time than the regular Windows Update can.

Paul
 




Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is Off
HTML code is Off






All times are GMT +1. The time now is 10:14 AM.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Copyright ©2004-2024 PCbanter.
The comments are property of their posters.