Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Security updates for Vista after end of support - Windows Server 2008 patches


  • Please log in to reply
116 replies to this topic

#76 lmacri

lmacri

  • Members
  • 467 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Canada
  • Local time:08:06 AM

Posted 19 October 2017 - 07:36 AM

....If you go to https://askwoody.com/ms-defcon-system/ you will see Woody currently has his MS Patch Recommendation at MS-DEFCON 2 (i.e., Patch reliability is unclear. Unless you have an immediate, pressing need to install a specific patch, don't do it).

 

.... There is no header that indicates which patch is being rated.   I am guessing that it updates the rating after each new Patch Tuesday.  Is that right?

 

Hi KYKaren:

 

Woody Leonhard's MS Patch Recommendation at https://askwoody.com/ms-defcon-system/ changes throughout the month.  It was initially raised to MS-DEFCON-1 on 12-Oct-2017 (see his article MS-DEFCON 1: Patches failing at a phenomenal rate) and will be lowered to MS-DEFCON-3 or MS-DEFCON-4 later in the month when he feels it's safe for most users to go ahead and install the October 2017 Patch Tuesday updates.

This MS-DEFCON system is only meant to be a general guide for Windows 7, 8, 8.1 or 10 users that gives them a simple way to gauge the overall reliability of the Patch Tuesday updates. At the current MS-DEFCON-2, he still recommends that users go ahead and install individual security updates that patch vulnerabilities that are being actively exploited (e.g., like the 17-Oct-2017 KB4049179 security update for Adobe Flash for IE11 delivered via Windows Update for Win 8.x and 10 users).

-----------
32-bit Vista Home Premium SP2 * Firefox ESR v52.4.0 * NS Premium v22.11.0.41 * MB Premium v3.2.2 * MS Office 2003 Professional SP3


Edited by lmacri, 19 October 2017 - 07:42 AM.


BC AdBot (Login to Remove)

 


#77 Sardoc

Sardoc
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:06 PM

Posted 19 October 2017 - 02:32 PM

 

I'm back. The op went ok, and I've recovered enough to be able to sit down for a while more or less comfortably. Time for updates.

 

 

These are October 2017 updates......

.....

DST changes: KB4023136. Originally released in May 2017, however it wasn't listed anywhere until I bumped into it on this list.

....

 

Hi Sardoc,

I find in the Microsoft Update Catalog that KB4023136 (May 24, 2017) has been replaced by KB4020322 (June 26, 2017)-- DST changes in Windows for Haiti and Morocco. :-)

 

 

Thank you for this one! I'll add it to next month's list, because for some reason I can't edit the post with October's patches. There must be some sort of time limit for editing posts unfortunately.



#78 VolumeZ

VolumeZ

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:03:06 PM

Posted 20 October 2017 - 07:23 PM

 

OK, VZ, RE: 4042007 and 4042050  --  what's your advice??  Both?  Only one?  If only one, which one?  KYKaren

 

 

Both. None has a replacing effect on the other.  :)



#79 level2

level2

  • Members
  • 130 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Mountains of California
  • Local time:05:06 AM

Posted 31 October 2017 - 10:58 AM

Greetings, Glad to have found this thread~thank you for providing such information``` I'll look this computer over to see if I can apply these updates and the information provided to this machine with the ability I have```

 

Richard



#80 KYKaren

KYKaren

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:08:06 AM

Posted 06 November 2017 - 10:58 AM

I'm still in morning, since October 19.  My Vista x86 mostly expired then.  The display is dark, although I can hear the signal to login and I can network to it from my Windows 7.  This happened in stages ... little by little the display got worse.  I don't think it's was due to a virus. At the outset, I was able to do a Malwarebytes complete scan and no infection was reported. I kept up with WS2008 patches April through September and was about to install the October patches.  Fortunately, I had everything backed up, so I have lost no files.  I loved that Vista machine and I will miss it immensely.


Edited by KYKaren, 06 November 2017 - 10:59 AM.


#81 Sardoc

Sardoc
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:06 PM

Posted 20 November 2017 - 11:38 AM

Welcome again to our monthly list of updates. This is November 2017 batch. This month, among other things, there's a patch fixing "Unexpected error from external database driver" bug, which was introduced in October 2017 JET Database Engine and would appear when opening .xls files in Excel. As you'd expect from Microsoft, this patch was not listed on Security update deployment information sheet for November 2017, so I had to dig somewhere else.

 

We also have a re-release of August 2017 update that introduces TLS 1.1 and 1.2 support. It is a new file, different to August one, so there must have been some modifications. I don't know what exactly, as the knowledge base article has not been updated since August, unfortunately.

 

Anyway. Without further ado, here's the list.

 

 

 

DST changes (originally released in June 2017, thanks to KYKaren for digging this one out and reporting!): KB4020322. As usual, make sure the operating system version says "Windows Server 2008" WITHOUT R2, as 2008 R2 is a different system based on Windows 7 codebase, not compatible with Vista. Also as usual choose the correct 32 bit or 64 bit version.

 

Windows Server 2008 security fixes:

KB4046184

KB4047211 (fixes a denial of service vulnerability in Windows Search)

KB4048968 (fixes a vulnerability in Windows EOT font engine)

KB4048970

KB4049164

KB4050795 (fixes a bug "Unexpected error from external database driver" introduced in October 2017 JET Database Engine patches)

 

TLS 1.1 and 1.2 support update (re-release):

KB4019276 (this update was originally released in August 2017, however it looks like a newer version of it is now available. The link to Microsoft Update catalog is the same, so to get the very latest version, you can sort the updates by date and choose the one from November 2017.)

 

Internet Explorer 9: KB4047206

 

.Net 2.0 (co-exists with version 4 without replacing it, recommended to install alongside anything newer): Nothing this month.

 

.Net 4.6 (install alongside version 2.0): KB4041778 (32 bit version link and 64 bit version link).

 

.Net 4.5 (ignore if you're using version 4.6, which supersedes 4.5): Doesn't look like there's anything new. There is KB4040977 - but it's exactly the same as October one. Same file, same checksums.

 

 

 

 

Everything installed correctly. Enjoy!



#82 Sardoc

Sardoc
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:06 PM

Posted 24 December 2017 - 07:43 PM

Christmas is here. Hope everyone's enjoying, resting, having a good time and whatnot!

 

In other news, it looks like Microsoft has heard my nagging and decided to tidy up their Security Update Deployment Information page. The layout is a little bit prettier, which is always a good thing.

 

What better time to kick off December 2017 updates.

 

 

 

 

Windows Server 2008 security fixes:

KB4047170 (Windows Media Player information disclosure vulnerability bugfix),

KB4052303 (Routing and Remote Access Service vulnerability fix),

KB4053473.

It's interesting that not a single one of these required a restart.

 

DST changes:

KB4051956 (Northern Cyprus, Sudan, and Tonga).

 

Internet Explorer 9:

KB4052978.

 

.Net 2.0 (co-exists with version 4 without replacing it, recommended to install alongside anything newer): Nothing this month.

 

.Net 4.6 (install alongside version 2.0): KB4041778 (32 bit version link and 64 bit version link). Same number as last month, different file. Installs just fine.

 

.Net 4.5 (ignore if you're using version 4.6, which supersedes 4.5): Doesn't look like there's anything new. There is KB4040977 - but it's exactly the same as October and November one. Same file, same checksums. Makes me think Microsoft has abandoned this version, but will keep checking anyway.

 



#83 Sardoc

Sardoc
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:06 PM

Posted 08 January 2018 - 04:11 PM

Just to let everyone know. I'll do the updates for January later on in the month. The reason is that the update that's supposed to mitigate Meltdown and Spectre attacks might cause blue screens on Windows 7 with certain AMD processors. I definitely know it's likely to cause a blue screen loop on Athlon 64 X2 processors.

 

I don't know how it'll affect WS2008 or if it's going to be released for that system at all, but I'd rather not risk it. Will wait until the update has been properly tested and any re-releases or further updates follow if necessary.



#84 NickAu

NickAu

    Bleepin' Fish Doctor


  • Moderator
  • 13,570 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:127.0.0.1 Australia
  • Local time:12:06 AM

Posted 10 January 2018 - 11:29 PM

 

My operating system (OS) is not listed. When can I expect a fix to be released?

Addressing a hardware vulnerability with a software update presents significant challenges and mitigations for older operating systems and can require extensive architectural changes. We are continuing to work with affected chip manufacturers and investigating the best way to provide mitigations, which may be provided in a future update. Replacing older devices running these older operating systems should address the remaining risk along with updated antivirus software.

Note

 

Products currently out of both mainstream and extended support will not receive these OS updates. We recommend customers update to a supported OS version.

We will not be issuing updates for Windows Vista or Windows XP-based systems including WES 2009 and POSReady 2009.

 

 

Although Windows Vista and Windows XP-based systems are affected products, Microsoft is not issuing an update for them because the comprehensive architectural changes required would jeopardize system stability and cause application compatibility problems. We recommend that security-conscious customers upgrade to a newer supported operating system to keep pace with the changing security threat landscape and benefit from the more robust protections that newer operating systems provide.

https://support.microsoft.com/en-sg/help/4073757/protect-your-windows-devices-against-spectre-meltdown



#85 Sardoc

Sardoc
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:06 PM

Posted 11 January 2018 - 04:47 PM

This whole thread is about applying WS2008 patches to Vista by taking advantage of identical codebase. The link you provided states very clearly that it's "coming" to WS2008 SP2, though it hasn't been released yet. It's just a matter of waiting for it, and then, as usual, trying to apply the same patch to Vista and seeing what happens.


Edited by Sardoc, 11 January 2018 - 04:47 PM.


#86 esrman

esrman

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:08:06 AM

Posted 12 January 2018 - 04:51 AM

My vista has lost the msu file to install downloads.

 

Any clue as to how to reinstall it?

 

SFC/Scannow doesn`t replace it.

 

Howie


Edited by esrman, 12 January 2018 - 04:53 AM.


#87 Sardoc

Sardoc
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:06 PM

Posted 12 January 2018 - 06:42 PM

Hello esrman,

 

What do you mean by "lost the msu file"?

 

Do you mean the file association ("open with...") or something else? I'll need a few more details please.



#88 esrman

esrman

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:08:06 AM

Posted 12 January 2018 - 07:57 PM

Wthout the msu file one cannot install msu updates. Which it seems is most of them.

 

On my computer the msu file is nowhere on my puter.

 

I have no idea wherei t went,how it got deleted.

 

Its no longer listed in default programs.

 

Vista home premium

 

Howie



#89 Sardoc

Sardoc
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:06 PM

Posted 12 January 2018 - 08:15 PM

Right... I think I get it. Try this link and see what happens.



#90 esrman

esrman

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:08:06 AM

Posted 13 January 2018 - 12:30 AM

MSU is now  in the program associations selections.

 

I get an error when pening wusa.exe

 

 

installer encountered an error:0xc8000222

Howie






1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users