
Hotfix Hunting
New hotfixes for .net framework 3.0, 3.5 and 4.0 on windows xp. They look pretty important as they solve multiple issues.
http://support.microsoft.com/kb/2829259
http://support.microsoft.com/kb/2829534
http://support.microsoft.com/kb/2828843
http://support.microsoft.com/kb/2829259
http://support.microsoft.com/kb/2829534
http://support.microsoft.com/kb/2828843
- ricktendo64
- Posts: 3213
- Joined: Mon May 22, 2006 12:27 am
- Location: Honduras
- user_hidden
- Posts: 1924
- Joined: Thu Dec 06, 2007 7:52 am
- Location: Canada eh!
Microsoft Security Bulletin Data
Overview
This download offers the following items:
1. Excel file that contains affected software, bulletin replacement, reboot requirements, and CVE information from the Microsoft security bulletins (since June 1998)
2. Zip file that contains security bulletins in the Common Vulnerability Reporting Framework (CVRF) format (since June 2012)
Overview
This download offers the following items:
1. Excel file that contains affected software, bulletin replacement, reboot requirements, and CVE information from the Microsoft security bulletins (since June 1998)
2. Zip file that contains security bulletins in the Common Vulnerability Reporting Framework (CVRF) format (since June 2012)
- user_hidden
- Posts: 1924
- Joined: Thu Dec 06, 2007 7:52 am
- Location: Canada eh!
Microsoft Security Advisory: Vulnerability in Internet Explorer 8 could allow remote code execution: May 8, 2013
KB2847140
KB2847140
- OnePiece Alb
- Posts: 525
- Joined: Sat Sep 01, 2007 7:01 pm
- Location: Albania
- Contact:
Thanks
then we think that microsoft monitors the update pack ????, because I highly doubt that some user has installed the KB2813347 in the real system with the command /b:RTMQFE and after went to report the problem to Microsoft, said this because Update.exe works in a perfect way, look before files are in the system and after only updates those files ehhh, is thus almost impossible to carry out that from a normal installation of KB2813347 the update.exe put by mistake the file qfe them ehhhhhh, I mean only in the Update Pack could see this problem
Ciao a tutti.
then we think that microsoft monitors the update pack ????, because I highly doubt that some user has installed the KB2813347 in the real system with the command /b:RTMQFE and after went to report the problem to Microsoft, said this because Update.exe works in a perfect way, look before files are in the system and after only updates those files ehhh, is thus almost impossible to carry out that from a normal installation of KB2813347 the update.exe put by mistake the file qfe them ehhhhhh, I mean only in the Update Pack could see this problem
Ciao a tutti.
It is possible, OnePiece, that somebody installed a previous update that was QFE-only, which would trigger the QFE branch in KB2813347-v1 and cause the known problem with mstscax.dll.mui. However, the excuse Microsoft gives in MS13-029 smells bad:

All existing binaries are identical between v1 and v2, including update.exe. The only significant change was the addition of mstscax.dll.mui to SP3QFE, which would not correct the problem Microsoft states. But my own testing shows that it does fix the problem we know.Microsoft wrote:Why was this bulletin revised on June 25, 2013?
[...] The rereleased update addresses an issue with the original update that caused the update to be incorrectly reoffered to systems running in specific configurations.

Last edited by 5eraph on Wed Jun 26, 2013 6:15 am, edited 1 time in total.
- OnePiece Alb
- Posts: 525
- Joined: Sat Sep 01, 2007 7:01 pm
- Location: Albania
- Contact:
Hi 5eraph this is impossible http://www.ryanvm.net/forum/viewtopic.p ... 143#1321435eraph wrote:It is possible, OnePiece, that somebody installed a previous update that was QFE-only, which would trigger the QFE branch in KB2813347-v1 and cause the known problem with mstscax.dll.mui. However, the excuse Microsoft gives in MS13-029 smells bad:
Ciao.
It is possible.
When a user installs an update for which there is only a QFE branch, such as KB2785487, then only QFE files can be installed. If a later update is installed that supersedes the older one and contains both GDR and QFE branches, then the QFE files of the newer update will replace the older QFE files without the /B switch as Microsoft states below:
When a user installs an update for which there is only a QFE branch, such as KB2785487, then only QFE files can be installed. If a later update is installed that supersedes the older one and contains both GDR and QFE branches, then the QFE files of the newer update will replace the older QFE files without the /B switch as Microsoft states below:
Microsoft wrote:The following table summarizes how the default branch that you select changes installer behavior for various system states.
Package to install........................GDR (n)...............GDR (n-1)...............QFE (n)...............QFE (n-1)
GDR (n).....................................GDR(n) installed....GDR(n) installed......QFE(n) installed...QFE(n) installed
GDR (n) /b:cardinal point QFE......QFE(n) installed.....QFE(n) installed.......QFE(n) installed...QFE(n) installed
GDR (n-1)..................................GDR(n) installed....GDR(n-1) installed...QFE(n) installed...QFE(n-1) installed
GDR (n-1) /b:cardinal point QFE...QFE(n) installed.....QFE(n-1) installed....QFE(n) installed...QFE(n-1) installed
QFE (n)......................................QFE(n) installed.....QFE(n) installed.......QFE(n) installed...QFE(n) installed
QFE (n) /b:cardinal point GDR......QFE(n) installed.....QFE(n) installed.......QFE(n) installed...QFE(n) installed
QFE (n-1)...................................QFE(n) installed.....QFE(n-1) installed....QFE(n) installed...QFE(n-1) installed
QFE (n-1) /b:cardinal point GDR...QFE(n) installed.....QFE(n-1) installed....QFE(n) installed...QFE(n-1) installed
Warning The /b switch cannot be used to install the GDR branch of a package in the presence of an installed QFE package that contains overlapping binaries.
Notes [...]
- GDR version files are installed when one of the following conditions is true:
[...]
- The files on your computer are the original released versions (srv03_rtm.mmmmmm-nnnn or xpclient.mmmmmm-nnnn).
- The files on your computer are service pack versions (srv03_spx.mmmmmm-nnnn or xpspx.mmmmmm-nnnn).
- The files on your computer are GDR versions (srv03_gdr.mmmmmm-nnnn, xpsp_spx_gdr.mmmmmm-nnnn).
- Hotfix files are only installed when the files on your computer are hotfix versions (srv03_qfe.mmmmmm-nnnn, xpsp.mmmmmm-nnnn, or xpclnt_qfe.mmmmmm-nnnn) or depend on other hotfix version files.
- OnePiece Alb
- Posts: 525
- Joined: Sat Sep 01, 2007 7:01 pm
- Location: Albania
- Contact:
I know5eraph wrote:It is possible.
When a user installs an update for which there is only a QFE branch, such as KB2785487, then only QFE files can be installed. If a later update is installed that supersedes the older one and contains both GDR and QFE branches, then the QFE files of the newer update will replace the older QFE files without the /B switch as Microsoft states below:

if you read carefully what I have said here
and also here (English is not the best but I think already understand idea)OnePiece Alb wrote:Thanks
then we think that microsoft monitors the update pack ????, because I highly doubt that some user has installed the KB2813347 in the real system with the command /b:RTMQFE and after went to report the problem to Microsoft, said this because Update.exe works in a perfect way, look before files are in the system and after only updates those files ehhh, is thus almost impossible to carry out that from a normal installation of KB2813347 the update.exe put by mistake the file qfe them ehhhhhh, I mean only in the Update Pack could see this problem
Ciao a tutti.
so the update base KB969084 is only GDR, is impossible that the update.exe install them QFE files, there has never been a BUG in KB2813347, because the update.exe not ever would install QFE files in a real system, the bug was only in UpdatePack where the files will be added manuallyOnePiece Alb wrote:5eraph wrote:Hi 5eraph this is impossible http://www.ryanvm.net/forum/viewtopic.p ... 143#132143OnePiece Alb wrote:Hi user_hidden, Thank You
Update Pack v6.8.0 is Ok, the bug is in the Update Pack v6.7.0 (April 10 2013 Releases, Italian user who first discovered the BUGhttp://www.eng2ita.net/forum/index.php/ ... l#msg61229 ), I do not think that will be released a new Update, is a case very unique\rare, microsoft seems that wrong with what hotfix, the point is that everything happens because it seems to put microsoft QFE update them by mistake, the hotfix basic is WindowsXP-KB969084-x86-ENU.exe (which the WindowsXP-KB2813347-x86-ENU.exe update partially) is only in GDR ehhhhh, in fact happens, if extract the WindowsXP-KB969084-x86-ENU.exe you will notice that we only inside the folder sp3gdr anything else (there are so hotfix but is really very very rare, say nearly one in 500, we just missed it, because if we remember the KB969084 we immediately noticed the error\mistake microsoft put them file QFE), in poor words is a error\mistake of microsoft, but also on our part there was a bit of oversight
how to say, however is really a very very rare case ehhhh
all this perhaps because the fate that it seems that microsoft decided by now that all the new official update will be fully oriented to QFE (if I'm not mistaken I've read in microsoft.com weks ago, but can not remember where now) however the fates that are the latest Update of Windows Server 2003 are now in QFE only, however for us, this does not create any kind of problem (is OK) Thanks RyanVM has always been decided\used in All Update Pack only the QFE, so for us does not change anything
Ciao.
Ciao.
Last edited by OnePiece Alb on Thu Jun 27, 2013 9:40 am, edited 1 time in total.
Yes, it would if a person that has never used an update pack installed a QFE update, at any point in time since installing KB969084, that replaced mstscax.dll with a QFE version. Then the QFE files from KB2813347 would be installed by default without the /B switch.OnePiece wrote:[...]because the update.exe not ever would install QFE files[...]
Last edited by 5eraph on Wed Jun 26, 2013 7:55 am, edited 1 time in total.
- OnePiece Alb
- Posts: 525
- Joined: Sat Sep 01, 2007 7:01 pm
- Location: Albania
- Contact:
Some may even delete System32\ntoskrnl.exe, but you know microsoft does not calculate or NOT Support certain things ehhhh5eraph wrote:Yes, it would if a person that has never used an update pack installed a QFE update, at any point in time since installing KB969084, that replaced mstscax.dll with a QFE version. Then the QFE files from KB2813347 would be installed by default without the /B switch.OnePiece wrote:[...]because the update.exe not ever would install QFE files[...]
Microsoft when it releases an update, it says here there are in web 1000 users that they have changed\edit and here we take precautions, No, Microsot only follows the official way, nothing else never calculates certain third-party modifications ehhhhhh
or said precisely that ehhh in all the above post (we return to the story of UpdatePacks ehhhhh) that was all the talk, maybe microsoft monitors UpdatePack, because he had no other way of knowing what BUG
Ciao.
Just because we don't know of a previous QFE fix for mstscax.dll doesn't mean one wasn't created. If such an update exists, then it would be possible for Microsoft to know of the problem without monitoring update pack discussions. It's also possible somebody that doesn't use an update pack reported the problem to Microsoft after using the /b switch on KB2813347-v1. The /b switch existed before any update pack.
- OnePiece Alb
- Posts: 525
- Joined: Sat Sep 01, 2007 7:01 pm
- Location: Albania
- Contact:
Hi 5eraph, back to the earlier remarks, there has never been officially no BUG, Update.exe works perfectly, does not exist (even those who have had the system Update Pack March 2013 or any previous version) that the WU-MU automatically them installed the WindowsXP-KB2813347-x86*.exe, or a user who has downloaded (from microsoft.com) and installed the WindowsXP-KB2813347-x86*.exe, and after having problems, does not exist, is there is only the problem in UpdatePack April 2013 Releases (which included, in the wrong way KB2813347) anything else
Microsoft officially on his part and has always been 1000% OK (do not even need, to make release KB2813347 v2, however there was a problem and they fixed it)
Ciao.
Microsoft officially on his part and has always been 1000% OK (do not even need, to make release KB2813347 v2, however there was a problem and they fixed it)
Ciao.
I'll agree that there is no obvious problem with update.exe. That is why I said Microsoft's excuse for rereleasing KB2813347 smelled bad. It doesn't fit with what they changed in the package.
What changed in the package fixed the problem we know about, as discussed in our respective forums. However, our forums are not the only way Microsoft could have known about the problem to fix it. It can be reproduced without an update pack by installing the v1 package using the following command line:
What changed in the package fixed the problem we know about, as discussed in our respective forums. However, our forums are not the only way Microsoft could have known about the problem to fix it. It can be reproduced without an update pack by installing the v1 package using the following command line:
Code: Select all
WindowsXP-KB2813347-x86-ENU.exe /b:SP3QFE
- OnePiece Alb
- Posts: 525
- Joined: Sat Sep 01, 2007 7:01 pm
- Location: Albania
- Contact:
Microsoft have made a mistake but thanks to update.exe that works perfectly OK, was already all OK, so their mistake covered\repaired by update.exe
what I said above, the possibility that a user runs or install the WindowsXP-KB2813347-x86-ENU.exe /b:SP3QFE are 1 in 1000000 ehhhh
we know very well that the update before they appear online are tested for more than 1-2 months (those of the IE sometimes even 3-4 months) and if they had their fate tests, looked at the problem before releasing the WindowsXP-KB2813347-x86*.exe ehhh
Ciao.
what I said above, the possibility that a user runs or install the WindowsXP-KB2813347-x86-ENU.exe /b:SP3QFE are 1 in 1000000 ehhhh
we know very well that the update before they appear online are tested for more than 1-2 months (those of the IE sometimes even 3-4 months) and if they had their fate tests, looked at the problem before releasing the WindowsXP-KB2813347-x86*.exe ehhh
Ciao.
Last edited by OnePiece Alb on Wed Jun 26, 2013 2:46 pm, edited 1 time in total.
- OnePiece Alb
- Posts: 525
- Joined: Sat Sep 01, 2007 7:01 pm
- Location: Albania
- Contact:
The most likely and that UpdatePack sometimes is also used in the work PC ehhhh, maybe one of those had problems and after they asked the microsoft support
however in a manner of speaking a test fate by someone like us who do not to do all day and going to break the PC ehhh, that is when 100000 test fates in work PC, where no one touches anything, and so they always all OK ehhhh
exactly as in this case, if we did not do that mistake, it came out the problem in KB2813347, so very possible and logical that Microsoft is very interested in collecting data from certain community, that help 100000 times more that the data collected from the test in work PC or another (for reasons known before)
Ciao.
however in a manner of speaking a test fate by someone like us who do not to do all day and going to break the PC ehhh, that is when 100000 test fates in work PC, where no one touches anything, and so they always all OK ehhhh
exactly as in this case, if we did not do that mistake, it came out the problem in KB2813347, so very possible and logical that Microsoft is very interested in collecting data from certain community, that help 100000 times more that the data collected from the test in work PC or another (for reasons known before)
Ciao.
Are you all aware that KB2498072, despite the KB article saying (in the "Applies to" section) it applies only to WES 2009, is a Win XP Hotfix. too, and it'll install as downloaded, because there's no IsWinEmbedded condition in the .inf? Sorry if I'm stating a widely known fact, I found it out 5 days ago, by chance, while investigating which known WES 2009 hotfixes and updates may be of interest to Win XP SP3 users...
- ricktendo64
- Posts: 3213
- Joined: Mon May 22, 2006 12:27 am
- Location: Honduras
- ricktendo64
- Posts: 3213
- Joined: Mon May 22, 2006 12:27 am
- Location: Honduras
Its 4 Spanish XP
- ricktendo64
- Posts: 3213
- Joined: Mon May 22, 2006 12:27 am
- Location: Honduras
Heads up with KB2834886, I have not yet confirmed but aparently WU is complaining about KB2659262
- user_hidden
- Posts: 1924
- Joined: Thu Dec 06, 2007 7:52 am
- Location: Canada eh!
yes MU complains so when I released my pack I left the reg entries from 2659262. another MS snafu as usual !ricktendo64 wrote:Heads up with KB2834886, I have not yet confirmed but aparently WU is complaining about KB2659262
KB981792, despite the KB article saying (in the "Applies to" section) it applies only to WES 2009, is a Win XP Hotfix, too, but it'll not install as downloaded, because there's a IsWinEmbedded condition in the .inf... Repackaging after removing that condition is required to create a Win XP hotfix, but the files then install correctly and work flawlessly (I've installed it about one month ago, and found no issue up to now). That's one more WES 2009 hotfix/update that may be of interest to Win XP SP3 users...
- ricktendo64
- Posts: 3213
- Joined: Mon May 22, 2006 12:27 am
- Location: Honduras
- ricktendo64
- Posts: 3213
- Joined: Mon May 22, 2006 12:27 am
- Location: Honduras
- OnePiece Alb
- Posts: 525
- Joined: Sat Sep 01, 2007 7:01 pm
- Location: Albania
- Contact:
- ricktendo64
- Posts: 3213
- Joined: Mon May 22, 2006 12:27 am
- Location: Honduras
-
- Posts: 491
- Joined: Tue Aug 09, 2011 12:12 pm
- Location: https://twilczynski.com/windows
- Contact:
- ricktendo64
- Posts: 3213
- Joined: Mon May 22, 2006 12:27 am
- Location: Honduras
- user_hidden
- Posts: 1924
- Joined: Thu Dec 06, 2007 7:52 am
- Location: Canada eh!
I would consider that as an Office2010 hotfix as it is directedRicaNeaga wrote:New hotfix for windows, right now only the article is available - KB2905325.
at users of Outlook2010
- ricktendo64
- Posts: 3213
- Joined: Mon May 22, 2006 12:27 am
- Location: Honduras
- user_hidden
- Posts: 1924
- Joined: Thu Dec 06, 2007 7:52 am
- Location: Canada eh!
RicaNeaga wrote:New hotfix for windows, right now only the article is available - KB2905325.
files in that hotfix were already replaced with newer versions on this past patch Tuesday by KB2898715 so it is NOT required !
have a good day .....
- user_hidden
- Posts: 1924
- Joined: Thu Dec 06, 2007 7:52 am
- Location: Canada eh!
- ricktendo64
- Posts: 3213
- Joined: Mon May 22, 2006 12:27 am
- Location: Honduras
Found by komm
KB2832214 schannel.dll v5.1.2600.6370
KB2878379-v2 dpcdll.dll, licdll.dll, winlogon.exe v5.1.2600.6443
KB2832214 schannel.dll v5.1.2600.6370
KB2878379-v2 dpcdll.dll, licdll.dll, winlogon.exe v5.1.2600.6443
- OnePiece Alb
- Posts: 525
- Joined: Sat Sep 01, 2007 7:01 pm
- Location: Albania
- Contact:
Thank youricktendo64 wrote:Found by komm
KB2832214 schannel.dll v5.1.2600.6370
KB2878379-v2 dpcdll.dll, licdll.dll, winlogon.exe v5.1.2600.6443
Ciao.
Thanks rick, but how are we supposed to know what the hotfixes are for? The download page gives no information.ricktendo64 wrote:Found by komm
KB2832214 schannel.dll v5.1.2600.6370
KB2878379-v2 dpcdll.dll, licdll.dll, winlogon.exe v5.1.2600.6443
- OnePiece Alb
- Posts: 525
- Joined: Sat Sep 01, 2007 7:01 pm
- Location: Albania
- Contact:
ltsnow wrote: but how are we supposed to know what the hotfixes are for? The download page gives no information.
Code: Select all
KB2832214 Replace KB2655992
KB2878379-v2 Replace KB969557
Ciao.
- ricktendo64
- Posts: 3213
- Joined: Mon May 22, 2006 12:27 am
- Location: Honduras
http://support.microsoft.com/kb/2878379ltsnow wrote:Thanks rick, but how are we supposed to know what the hotfixes are for? The download page gives no information.
The other does not have a kb article