Usher

KB4507704 is still available for Windows 7. I downloaded it yesterday. It's in *.msu file so it should be repacked to use in Windows XP. It looks like there is only update for time zones and their names in all available language packs (plus manifests, certificates, hashes and other bureaucracy).

Do you need update for time zones only or anything else? I can save registry entry for time zones from Windows 7 and share it…

Unfortunately, I can't find KB numbers, only dates and info about Windows Server 2003. I suspect there might be updates for 32-bit version there. On the list you have linked above there are only two strictly related updates: KB4018271 for IE8 x64 and KB948963 for AES. Update for IE is too old to contain properly working TLS 1.1/1.2 implementation (latest fixes were in KB4483187 in December 2018, EDIT: and possibly in cumulative update KB4493435 for IE8 in April 2019), and there is no update for SHA hashes and TLS 1.1/1.2 themselves (they were in KB4019276 for XP 32-bit, released after KB4018271 for IE8 64-bit). Of course, if I find any new info, I will post it here…

AFAIK, you should search for Windows Server 2003 x64 updates.

I suspect that you are asking in the wrong topic. It looks like you have missed updates for certificates (rootsupd, rvkroots) and possibly some other updates described as optional (f.e. timezones). It's really hard to guess with so many updates…

It's not a problem with DSL, I'm afraid, it's about email. In shortest words, if you don't use any proxy or antivirus scanning email messages, use following settings for email: Turn off all SSL versions, turn on all TLS versions in Internet Options (TLS 1.1 and 1.2 are unchecked by default during update) Check (turn on) secure connection for all email accounts in Outlook Express and set proper connection ports: SMTP: secure connection, port 587 POP3: secure connection, port 995 IMAP: secure connection, port 993 Some mail servers may still work with port 465 for secure SMTP connections, but port 587 is a current standard. If any account is unavailable at all in Outlook Express, open webmail for that account in Firefox and check security/encryption properties for that connection. For example, for msfn.org forum you can see the following info in technical details: Encrypted connection (TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, 256-byte keys, TLS 1.2) Acronyms starting with EC are for ECC unsupported by Windows XP, see ECDHE above. Note, that: Encryption details are negotiated starting from the strongest protocols, so OE may work for some account even if Firefox negotiates ECC use in this case. Some email servers (for example Gmail) allow to use weaker protocols for email clients if you change settings in webmail. If you need more info, search for other, more adequate topics.

I'm not sure about TLS 1.3 support with this proxy and I don't remember which crypto libs it uses, so I didn't mention it. Could you provide these details, please?

Starting from January 2018, TLS is a recommended standard for email, see RFC 8314. There were some updates and multiple fixes for encryption, cryptography and other security issues in Windows POSREady 2009 added in 2015-2018. The most important are: Added support for AES-128 and AES-256 encryption (2015+) Added support for SHA-2 (SHA256, SHA384, SHA512) hashes (2017+) Added support for TLS 1.1/1.2 (2017+) However, there is missing support for TLS extensions and TLS 1.3 (standard since August 2018): If the server side uses extension for Server Name Indication (SNI, 2003+), you can ignore warnings that the certificate is issued for another domain. SNI was added to Vista. If the server side uses Elliptic Curve Cryptography (ECC, 2006+) for digital signing in certificate, you can do NOTHING. Windows XP libs cannot verify such a certificate and cannot connect to the server. There are some programs which use either updated OpenSSL libs or Gecko-based engine and can properly work with TLS 1.3 and TLS extensions. For example, Eudora OSE is a fork of Thunderbird so it uses Gecko engine, but it is outdated (2010), so it may not work properly with TLS 1.3 or extensions for TLS 1.2 updated in 2011.

Newer Firefox versions have more advanced JavaScript engine and JS code for that engine won't run in older Gecko based browsers. If you change User-Agent you should always delete the browser cache to reload proper code.

What User-Agent is set in your Serpent browser? For me Firefox 52 in XP works with adblock turned off and User-Agent for Windows 7: Mozilla/5.0 (Windows NT 6.1; rv:52.0) Gecko/20100101 Firefox/52.0

Maybe it's caused by some third party antivirus or security suite?

AFAIK it's been already fixed. I didn't notice it, maybe anyone else could confirm fix?

That's true. In general you will get only notifications about MSRT. MSSE, .Net Framework. MS Office and other non-system updates. However, there have been some extra security updates for Windows XP, so you should expect that some extra updates for Windows 7 will be notified by system WU client in the future.

It's another wording, typical for marketing mumbo-jumbo. AFAIR they haven't changed any word (only KB number and date) in comparison with previous updates (probably didn't even think about it). Final rollup should also have final QFE rollup, it's been just longer delay this time. Now you don't have automatic updates only (with exception for MSRT and MSSE). New updates are still available from Microsoft Update Catalog. I have installed 2 main updates issued for 2020-02: monthly rollup KB4537820 and cumulative update for IE11 KB4537767. No complaints, no problems so far.

Preview rollups for Windows 7 were offered almost every month, usually a few day later than regular updates. They contain the same updates as regular rollups, but some files have QFE patches. In Windows XP regular updates and QFE patches were provided in a single installer file.