Usher

Is this Windows installation tweaked in any way? Did you install MSI 4.5 (WindowsXP-KB942288-v3-x86.exe)?

The files contain only certificates with different timestamps, there is no specific metadata with global timestamp inside. The updater always shows timestamps taken from the server. If you re-upload any old file, it will have a new timestamp.

The last (third) screenshot is new, see the date 8/3/2020 (August 3).

That's not true. There are two unchanged files: roots.sst is the same as it was 2 years ago, dated 2018-04-18; disallowedcert.sst is the same as it was a year ago, dated 2019-08-13. They were just freshly copied to that download server, other servers may still keep old copies.

How do you want to do it? You can't change any WU client file - they must have valid digital signatures.

@max-h I mean function available as a shell extension. Right click the cab file in Windows Explorer, then select its properies from the context menu and you will understand…

Signature checking function provided in Windows XP works only for files less than 512 MiB.

Wrong address. It's here (HTTP, not HTTPS): http://www.update.microsoft.com/microsoftupdate/v6/default.aspx Edit: I can connect to WU, but there's error 0x80244019 when trying to search for updates.

Well, finally I understood what MS did to KB4507704 for Windows XP Embedded. It's an update by downgrade described using corporate newspeak ;-) You should just read list of updates here: https://support.microsoft.com/en-us/help/914387/how-to-configure-daylight-saving-time-for-microsoft-windows-os in reverse order: 1. Go to May 2019 update - it's KB4501226 described here: https://support.microsoft.com/en-us/help/4501226/dst-changes-in-windows-for-morocco-and-palestinian-authority As you should know, there was an update for Windows XP Embedded, but now it's removed. Explanation is in the newer update so… 2. Go up to July 2019 update - it's KB4507704 with note "This update was revised on August 13, 2019, to apply to Windows Embedded POSReady 2009" and explanation about fix for Morocco: "The base time for the "Morocco Standard Time" time zone in Windows did not update correctly to UTC+01:00 as expected in the Windows DST update that was installed on May 21, 2019 (KB 4501226). Instead, the system clock shows an incorrect base time of UTC+02:00. This update resets the base time to UTC+01:00." Now what was revised: Some stupid person mistakenly counted KB4507704 as a fix only for Morocco, related strictly to broken change for Morocco in KB4501226 and ignored other changes (for Brazil and Palestina). So when Ramadan in 2019 was ended, they removed both updates for Windows XP Embedded – the broken one and the fix – and they called it "Update revised for Windows Embedded POSReady 2009". Conclusion: Don't install KB4501226 and fix for KB4507704, prepare fix for KB4557900 (May 2020 update) – again for Morocco… (and other changes).

KB4507704 is still available for Windows 7. I downloaded it yesterday. It's in *.msu file so it should be repacked to use in Windows XP. It looks like there is only update for time zones and their names in all available language packs (plus manifests, certificates, hashes and other bureaucracy).

Do you need update for time zones only or anything else? I can save registry entry for time zones from Windows 7 and share it…

Unfortunately, I can't find KB numbers, only dates and info about Windows Server 2003. I suspect there might be updates for 32-bit version there. On the list you have linked above there are only two strictly related updates: KB4018271 for IE8 x64 and KB948963 for AES. Update for IE is too old to contain properly working TLS 1.1/1.2 implementation (latest fixes were in KB4483187 in December 2018, EDIT: and possibly in cumulative update KB4493435 for IE8 in April 2019), and there is no update for SHA hashes and TLS 1.1/1.2 themselves (they were in KB4019276 for XP 32-bit, released after KB4018271 for IE8 64-bit). Of course, if I find any new info, I will post it here…

AFAIK, you should search for Windows Server 2003 x64 updates.

I suspect that you are asking in the wrong topic. It looks like you have missed updates for certificates (rootsupd, rvkroots) and possibly some other updates described as optional (f.e. timezones). It's really hard to guess with so many updates…

It's not a problem with DSL, I'm afraid, it's about email. In shortest words, if you don't use any proxy or antivirus scanning email messages, use following settings for email: Turn off all SSL versions, turn on all TLS versions in Internet Options (TLS 1.1 and 1.2 are unchecked by default during update) Check (turn on) secure connection for all email accounts in Outlook Express and set proper connection ports: SMTP: secure connection, port 587 POP3: secure connection, port 995 IMAP: secure connection, port 993 Some mail servers may still work with port 465 for secure SMTP connections, but port 587 is a current standard. If any account is unavailable at all in Outlook Express, open webmail for that account in Firefox and check security/encryption properties for that connection. For example, for msfn.org forum you can see the following info in technical details: Encrypted connection (TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, 256-byte keys, TLS 1.2) Acronyms starting with EC are for ECC unsupported by Windows XP, see ECDHE above. Note, that: Encryption details are negotiated starting from the strongest protocols, so OE may work for some account even if Firefox negotiates ECC use in this case. Some email servers (for example Gmail) allow to use weaker protocols for email clients if you change settings in webmail. If you need more info, search for other, more adequate topics.