Hotfix Hunting

[5eraph]

Thanks, Rick.

[RicaNeaga]

New hotfixes for .net framework 3.0, 3.5 and 4.0 on windows xp. They look pretty important as they solve multiple issues.

http://support.microsoft.com/kb/2829259

http://support.microsoft.com/kb/2829534

http://support.microsoft.com/kb/2828843

[ricktendo64]

Also komm found this one

KB2828030 (USB)

[user_hidden]

Microsoft Security Bulletin Data

Overview

This download offers the following items:
1. Excel file that contains affected software, bulletin replacement, reboot requirements, and CVE information from the Microsoft security bulletins (since June 1998)
2. Zip file that contains security bulletins in the Common Vulnerability Reporting Framework (CVRF) format (since June 2012)

[user_hidden]

Microsoft Security Advisory: Vulnerability in Internet Explorer 8 could allow remote code execution: May 8, 2013

KB2847140

[user_hidden]

KB2813347-V2

[OnePiece Alb]

Thanks

then we think that microsoft monitors the update pack ????, because I highly doubt that some user has installed the KB2813347 in the real system with the command /b:RTMQFE and after went to report the problem to Microsoft, said this because Update.exe works in a perfect way, look before files are in the system and after only updates those files ehhh, is thus almost impossible to carry out that from a normal installation of KB2813347 the update.exe put by mistake the file qfe them ehhhhhh, I mean only in the Update Pack could see this problem

Ciao a tutti.

[5eraph]

It is possible, OnePiece, that somebody installed a previous update that was QFE-only, which would trigger the QFE branch in KB2813347-v1 and cause the known problem with mstscax.dll.mui. However, the excuse Microsoft gives in MS13-029 smells bad:

Why was this bulletin revised on June 25, 2013?
[...] The rereleased update addresses an issue with the original update that caused the update to be incorrectly reoffered to systems running in specific configurations.

All existing binaries are identical between v1 and v2, including update.exe. The only significant change was the addition of mstscax.dll.mui to SP3QFE, which would not correct the problem Microsoft states. But my own testing shows that it does fix the problem we know.

[OnePiece Alb]

It is possible, OnePiece, that somebody installed a previous update that was QFE-only, which would trigger the QFE branch in KB2813347-v1 and cause the known problem with mstscax.dll.mui. However, the excuse Microsoft gives in MS13-029 smells bad:

Hi 5eraph this is impossible http://www.ryanvm.net/forum/viewtopic.p ... 143#132143

Ciao.

[5eraph]

It is possible.

When a user installs an update for which there is only a QFE branch, such as KB2785487, then only QFE files can be installed. If a later update is installed that supersedes the older one and contains both GDR and QFE branches, then the QFE files of the newer update will replace the older QFE files without the /B switch as Microsoft states below:

The following table summarizes how the default branch that you select changes installer behavior for various system states.

Package to install........................GDR (n)...............GDR (n-1)...............QFE (n)...............QFE (n-1)

GDR (n).....................................GDR(n) installed....GDR(n) installed......QFE(n) installed...QFE(n) installed
GDR (n) /b:cardinal point QFE......QFE(n) installed.....QFE(n) installed.......QFE(n) installed...QFE(n) installed
GDR (n-1)..................................GDR(n) installed....GDR(n-1) installed...QFE(n) installed...QFE(n-1) installed
GDR (n-1) /b:cardinal point QFE...QFE(n) installed.....QFE(n-1) installed....QFE(n) installed...QFE(n-1) installed
QFE (n)......................................QFE(n) installed.....QFE(n) installed.......QFE(n) installed...QFE(n) installed
QFE (n) /b:cardinal point GDR......QFE(n) installed.....QFE(n) installed.......QFE(n) installed...QFE(n) installed
QFE (n-1)...................................QFE(n) installed.....QFE(n-1) installed....QFE(n) installed...QFE(n-1) installed
QFE (n-1) /b:cardinal point GDR...QFE(n) installed.....QFE(n-1) installed....QFE(n) installed...QFE(n-1) installed

Warning The /b switch cannot be used to install the GDR branch of a package in the presence of an installed QFE package that contains overlapping binaries.

Notes [...]

• GDR version files are installed when one of the following conditions is true:
  • The files on your computer are the original released versions (srv03_rtm.mmmmmm-nnnn or xpclient.mmmmmm-nnnn).
  • The files on your computer are service pack versions (srv03_spx.mmmmmm-nnnn or xpspx.mmmmmm-nnnn).
  • The files on your computer are GDR versions (srv03_gdr.mmmmmm-nnnn, xpsp_spx_gdr.mmmmmm-nnnn).
  [...]
• Hotfix files are only installed when the files on your computer are hotfix versions (srv03_qfe.mmmmmm-nnnn, xpsp.mmmmmm-nnnn, or xpclnt_qfe.mmmmmm-nnnn) or depend on other hotfix version files.

[OnePiece Alb]

It is possible.

When a user installs an update for which there is only a QFE branch, such as KB2785487, then only QFE files can be installed. If a later update is installed that supersedes the older one and contains both GDR and QFE branches, then the QFE files of the newer update will replace the older QFE files without the /B switch as Microsoft states below:

I know precisely is everything contrary in this case

if you read carefully what I have said here

Thanks

then we think that microsoft monitors the update pack ????, because I highly doubt that some user has installed the KB2813347 in the real system with the command /b:RTMQFE and after went to report the problem to Microsoft, said this because Update.exe works in a perfect way, look before files are in the system and after only updates those files ehhh, is thus almost impossible to carry out that from a normal installation of KB2813347 the update.exe put by mistake the file qfe them ehhhhhh, I mean only in the Update Pack could see this problem

Ciao a tutti.

and also here (English is not the best but I think already understand idea)

Hi 5eraph this is impossible http://www.ryanvm.net/forum/viewtopic.p ... 143#132143

Hi user_hidden, Thank You

Update Pack v6.8.0 is Ok, the bug is in the Update Pack v6.7.0 (April 10 2013 Releases, Italian user who first discovered the BUG http://www.eng2ita.net/forum/index.php/ ... l#msg61229 ), I do not think that will be released a new Update, is a case very unique\rare, microsoft seems that wrong with what hotfix, the point is that everything happens because it seems to put microsoft QFE update them by mistake, the hotfix basic is WindowsXP-KB969084-x86-ENU.exe (which the WindowsXP-KB2813347-x86-ENU.exe update partially) is only in GDR ehhhhh, in fact happens, if extract the WindowsXP-KB969084-x86-ENU.exe you will notice that we only inside the folder sp3gdr anything else (there are so hotfix but is really very very rare, say nearly one in 500, we just missed it, because if we remember the KB969084 we immediately noticed the error\mistake microsoft put them file QFE), in poor words is a error\mistake of microsoft, but also on our part there was a bit of oversight how to say, however is really a very very rare case ehhhh

all this perhaps because the fate that it seems that microsoft decided by now that all the new official update will be fully oriented to QFE (if I'm not mistaken I've read in microsoft.com weks ago, but can not remember where now) however the fates that are the latest Update of Windows Server 2003 are now in QFE only, however for us, this does not create any kind of problem (is OK) Thanks RyanVM has always been decided\used in All Update Pack only the QFE, so for us does not change anything

Ciao.

so the update base KB969084 is only GDR, is impossible that the update.exe install them QFE files, there has never been a BUG in KB2813347, because the update.exe not ever would install QFE files in a real system, the bug was only in UpdatePack where the files will be added manually

Ciao.

[5eraph]

[...]because the update.exe not ever would install QFE files[...]

Yes, it would if a person that has never used an update pack installed a QFE update, at any point in time since installing KB969084, that replaced mstscax.dll with a QFE version. Then the QFE files from KB2813347 would be installed by default without the /B switch.

[OnePiece Alb]

[...]because the update.exe not ever would install QFE files[...]

Yes, it would if a person that has never used an update pack installed a QFE update, at any point in time since installing KB969084, that replaced mstscax.dll with a QFE version. Then the QFE files from KB2813347 would be installed by default without the /B switch.

Some may even delete System32\ntoskrnl.exe, but you know microsoft does not calculate or NOT Support certain things ehhhh

Microsoft when it releases an update, it says here there are in web 1000 users that they have changed\edit and here we take precautions, No, Microsot only follows the official way, nothing else never calculates certain third-party modifications ehhhhhh

or said precisely that ehhh in all the above post (we return to the story of UpdatePacks ehhhhh) that was all the talk, maybe microsoft monitors UpdatePack, because he had no other way of knowing what BUG

Ciao.

[5eraph]

Just because we don't know of a previous QFE fix for mstscax.dll doesn't mean one wasn't created. If such an update exists, then it would be possible for Microsoft to know of the problem without monitoring update pack discussions. It's also possible somebody that doesn't use an update pack reported the problem to Microsoft after using the /b switch on KB2813347-v1. The /b switch existed before any update pack.

[OnePiece Alb]

Hi 5eraph, back to the earlier remarks, there has never been officially no BUG, Update.exe works perfectly, does not exist (even those who have had the system Update Pack March 2013 or any previous version) that the WU-MU automatically them installed the WindowsXP-KB2813347-x86*.exe, or a user who has downloaded (from microsoft.com) and installed the WindowsXP-KB2813347-x86*.exe, and after having problems, does not exist, is there is only the problem in UpdatePack April 2013 Releases (which included, in the wrong way KB2813347) anything else

Microsoft officially on his part and has always been 1000% OK (do not even need, to make release KB2813347 v2, however there was a problem and they fixed it)

Ciao.

[5eraph]

I'll agree that there is no obvious problem with update.exe. That is why I said Microsoft's excuse for rereleasing KB2813347 smelled bad. It doesn't fit with what they changed in the package.

What changed in the package fixed the problem we know about, as discussed in our respective forums. However, our forums are not the only way Microsoft could have known about the problem to fix it. It can be reproduced without an update pack by installing the v1 package using the following command line:

Code: Select all

WindowsXP-KB2813347-x86-ENU.exe /b:SP3QFE

[OnePiece Alb]

Microsoft have made ​​a mistake but thanks to update.exe that works perfectly OK, was already all OK, so their mistake covered\repaired by update.exe

what I said above, the possibility that a user runs or install the WindowsXP-KB2813347-x86-ENU.exe /b:SP3QFE are 1 in 1000000 ehhhh

we know very well that the update before they appear online are tested for more than 1-2 months (those of the IE sometimes even 3-4 months) and if they had their fate tests, looked at the problem before releasing the WindowsXP-KB2813347-x86*.exe ehhh

Ciao.

[5eraph]

I won't argue probability, only possibility. The possibility exists.

[OnePiece Alb]

The most likely and that UpdatePack sometimes is also used in the work PC ehhhh, maybe one of those had problems and after they asked the microsoft support

however in a manner of speaking a test fate by someone like us who do not to do all day and going to break the PC ehhh, that is when 100000 test fates in work PC, where no one touches anything, and so they always all OK ehhhh

exactly as in this case, if we did not do that mistake, it came out the problem in KB2813347, so very possible and logical that Microsoft is very interested in collecting data from certain community, that help 100000 times more that the data collected from the test in work PC or another (for reasons known before)

Ciao.

[5eraph]

[...] very possible and logical that Microsoft is very interested in collecting data from certain community, that help 100000 times more that the data collected from the test in work PC or another (for reasons known before)

Totally agree.

[dencorso]

Are you all aware that KB2498072, despite the KB article saying (in the "Applies to" section) it applies only to WES 2009, is a Win XP Hotfix. too, and it'll install as downloaded, because there's no IsWinEmbedded condition in the .inf? Sorry if I'm stating a widely known fact, I found it out 5 days ago, by chance, while investigating which known WES 2009 hotfixes and updates may be of interest to Win XP SP3 users...

[ricktendo64]

THANKS!!!

Edit: already had it in my updatepack

[Mike84]

ricktendo64 where did you hide your UpdatePack?

[ricktendo64]

Its 4 Spanish XP

[ricktendo64]

Heads up with KB2834886, I have not yet confirmed but aparently WU is complaining about KB2659262

[mf3imp]

I can confirm the same issue with my italian update pack. I can also confirm that adding the regkey resolve the detection problem. It's a trick, but it works.

[user_hidden]

Heads up with KB2834886, I have not yet confirmed but aparently WU is complaining about KB2659262

yes MU complains so when I released my pack I left the reg entries from 2659262. another MS snafu as usual !

[dencorso]

KB981792, despite the KB article saying (in the "Applies to" section) it applies only to WES 2009, is a Win XP Hotfix, too, but it'll not install as downloaded, because there's a IsWinEmbedded condition in the .inf... Repackaging after removing that condition is required to create a Win XP hotfix, but the files then install correctly and work flawlessly (I've installed it about one month ago, and found no issue up to now). That's one more WES 2009 hotfix/update that may be of interest to Win XP SP3 users...

[ricktendo64]

If only they had it for Spanish

[ricktendo64]

KB2834904-v2 was re-released today

[OnePiece Alb]

KB2834904-v2 was re-released today

Thank you

[ricktendo64]

KB2890882 TZChange is out

[5eraph]

Thanks, Rick.

[user_hidden]

gracias mi amigo

[tomasz86]

Thank you

[RicaNeaga]

Update for Root Certificates for Windows XP [November 2013] (KB931125) is out.

[RicaNeaga]

A new hotfix for windows xp!!! Whoa!!! KB2892734

LE: updates ipnathlp.dll

[ricktendo64]

Thanks, but "the system is currently unavailable."

Edit: nm got it

[RicaNeaga]

ricktendo, do you need the .reg entries for november's KB2888505 (for yumeyao's IE8 addon)? I can get them for you in a couple of hours... Thanks!

[RicaNeaga]

New hotfix for windows, right now only the article is available - KB2905325.

[user_hidden]

New hotfix for windows, right now only the article is available - KB2905325.

I would consider that as an Office2010 hotfix as it is directed
at users of Outlook2010

[ricktendo64]

Its for XP

[RicaNeaga]

Yeah, it's for xp.

Also, a newer rvkroots is out.

[user_hidden]

New hotfix for windows, right now only the article is available - KB2905325.

files in that hotfix were already replaced with newer versions on this past patch Tuesday by KB2898715 so it is NOT required !

have a good day .....

[user_hidden]

MRT 5.8.5803.0
version: 7BC20D37-A4C7-4B84-BA08-8EC32EBF781C

[ricktendo64]

Found by komm
KB2832214 schannel.dll v5.1.2600.6370
KB2878379-v2 dpcdll.dll, licdll.dll, winlogon.exe v5.1.2600.6443

[OnePiece Alb]

Found by komm
KB2832214 schannel.dll v5.1.2600.6370
KB2878379-v2 dpcdll.dll, licdll.dll, winlogon.exe v5.1.2600.6443

Thank you

Ciao.

[ltsnow]

Found by komm
KB2832214 schannel.dll v5.1.2600.6370
KB2878379-v2 dpcdll.dll, licdll.dll, winlogon.exe v5.1.2600.6443

Thanks rick, but how are we supposed to know what the hotfixes are for? The download page gives no information.

[OnePiece Alb]

but how are we supposed to know what the hotfixes are for? The download page gives no information.

Code: Select all

KB2832214 Replace KB2655992
KB2878379-v2 Replace KB969557

so see http://support.microsoft.com/kb/2655992 & http://support.microsoft.com/kb/969557

Ciao.

[ricktendo64]

Thanks rick, but how are we supposed to know what the hotfixes are for? The download page gives no information.

http://support.microsoft.com/kb/2878379

The other does not have a kb article