Mathwiz

Regarding the title of this thread, something just occurred to me: once you've installed all the updates you intend to, now would be a good time to make a full system backup. That way, if you ever need to restore, you'll be able to restore a fully-patched system and not have to worry about whether Windows Update still works for XP.

The add-on's options dialog has a warning that can be ignored: Of course, that warning actually applies only to Firefox, which no longer runs the add-on as of FF 57. "Serpent" add-on technology is not "modernizing;" that was the whole point of forking the browser in the first place! So go ahead and enable the "Save Page In Archive" option; there's nothing to fear.

Here's a link to the MAFF/MHTML add-on for FF 52: http://maf.mozdev.org/installation.html. Click "final version" to download and install. "Previous versions" link appears broken, but previous versions are available via the Classic Add-ons Archive (which is itself an add-on!) Should work on all UXP and Moebius browsers (FF 52.x/PM/NM/Basilisk/Serpent). You can then set your FF-family browser as the default for opening .mht[ml] files as above. If you use the IE Tab 2 extension, make sure to delete the rule that causes .mht[ml] files to open in an IE tab; otherwise they'll still be opened with IE and still be vulnerable to the exploit! Edit: Alternatively, I believe Opera 12.18 will open .mht[ml] files. Not sure about later, Chromium-based versions of Opera.

I'm going to go out on a limb and guess that it's the same mistake they made with XP Embedded. If so, simply typing regsvr32 msi.dll would fix it.

Well 60 ESR is quite a bit further along than 53 and uses FF's Quantum rendering engine. (In fact, AIUI that's why Mozilla delayed the ESR releases from 59 to 60 this time around; they didn't want another pre-Quantum ESR to maintain.) I'm sure with enough time and effort anything is possible, but it would be much harder to backport anything using Quantum to XP, even if it's "just" an email client. Is there anything in particular you're looking to get from Thunderbird 60 ESR?

Asked and answered:

Sorry; my post was supposed to be in response to this I didn't see the updates today that he did.

For me it did. I couldn't install the other (good) Office 2010 update until I removed it.

Not seeing anything new here

Since M$ screwed up KB4494528, I decided to check what it's supposed to do: OK, haven't run in to that one, but now I'm wondering... what did KB4486464 do? Geez - can't M$ even manage to put all the relevant info into one Web page? CVE-2019-0636 is: Is the "specially crafted application" called notepad.exe, by any chance? M$ rates it as "important" but that "vulnerability" doesn't sound too serious to me.... KB4486464 was part of February's Patch Tuesday. Perhaps we should remove that one too?

I got the same message. I think the "server" it's referring to is the Windows Installer service, broken by KB4494528. Pretty sneaky of M$ to give us an update that breaks Office 2010 along with another update that breaks the ability to uninstall the first update. Edit: on the very last Patch Tuesday, no less!

I do find the PC security center pretty useless. Mostly it just (incorrectly) reports that Windows Firewall isn't turned on, or that I have no AV software enabled, for a few minutes during boot-up. As for automatic updates, I still need them for Office 2010, but have long had mine set to "Notify me but don't automatically download or install them." Seems like a reasonable compromise: when the rare update appears, I get the yellow shield, then I click on it and see what's available. Then if I want it, I just download & install it via Microsoft Update; if not, I hide it and the yellow shield goes away.

Well, now there is a replacement (KB4462223), but it doesn't work on XP either: So I'd say, sadly, no; we'll never see a fix for MSO.DLL that runs on XP. Many of the previous updates to MSO.DLL had to do with the Japanese calendar, so they weren't a big deal unless you live in Japan or do business with folks there; but this latest broken update "resolves a remote code execution vulnerability ... when Microsoft Office does not correctly handle certain files. To learn more about the vulnerability, see Microsoft Common Vulnerabilities and Exposures CVE-2019-0801." Luckily, it doesn't sound like the vulnerability is particularly easy to exploit: Since we can't patch the vulnerability, XP users just need to be wary of downloaded Excel or PowerPoint files. I would hope your favorite antivirus or anti-exploit software gets a definition update to check for the new exploit.

That explains this: I made the mistake of installing POSReady updates first, then trying to install Office updates. As a result, my installer was broken. Removed & hid 4494528, and 4464520 installed straight away.

Two new Office 2010 updates today. 4462223 replaces previously released security update 4462174. Naturally it updates MSO.DLL so I was suspicious and didn't install it. 4464520 "resolves a remote code execution vulnerability that exists when the Microsoft Office Access Connectivity Engine incorrectly handles objects in memory," according to M$. However, I couldn't install it via Microsoft Update. Now trying a manual download & install; stay tuned.... Edit: Manual install failed also. The update seems to be failing when trying to access a Microsoft server

Well, I thought we'd seen the last of this, but I just hit the svchost.exe at 99% bug again. Guess I'll have to download & install the IE8 cumulative update manually, just like the old days Edit: Sure enough, that fixed it; as soon as I installed it and rebooted, I got offered the other 13, plus a couple of Office 2010 updates. @Dave-H, have you taken a look at today's Office 2010 updates yet?

I think it's less a matter of updates than of software. You can put an XP system behind an external firewall and make it very tough for a hacker to compromise, but if Web sites start using ECMAScript 2018/2019 features in their JavaScript and there isn't a compatible Web browser that runs on XP, then it'll be game over for a lot of folks. That's what eventually killed Win 98 for most intents and purposes. There have also been a lot of non-browser software packages that have stopped supporting XP in the last several months. PotPlayer was the most recent example. But that doesn't drive obsolescence the way the Web does. Older versions of other software don't gradually stop working over time the way Web browsers do.

Found a problem (don't know if I'd call it a bug, but it's a problem for me): the installer uses wget, and wget doesn't use system proxy settings. As a result, downloads fail on my work PC and I just get an empty folder. (Of course I can download the "old-fashioned" way just fine, since my browsers do use system proxy settings.) Luckily there's a simple workaround, by setting some environment variables. The following batch file does the trick for me: set http_proxy=http://127.0.0.1:8079 set https_proxy=http://127.0.0.1:8079 "Roytam Browser Installer.exe" Of course, others will need to change the http/s_proxy settings according to their own needs. (Actually I think the installer just uses http, so the set https_proxy line probably isn't needed; but just in case....) HTH

Whew - 230 MB? No thanks. I'll just stick with PotPlayer Mini. Too bad you can't just install Korean without also installing Chinese & Japanese.

It wouldn't surprise me if Primetime requires considerably more CPU horsepower than the built-in ffvpx decoder. If so, ffvpx would be the preferred choice unless you're having issues with it.

Very unusual to support Vista but not XP. Most developers just drop both at once and jump to Win 7. My guess would be that they started using Windows Media Foundation, which was introduced in Vista. The funny thing is, if you open the installer .exe with 7-Zip, there's even a PotPlayerXP.exe packed within the installer! Which doesn't crash, but looks like this:

Advanced Chrome does the same thing: about page claims copyright 2019. I'm not seeing any Internet access when the about page is accessed, so I guess it isn't downloading it. Must be just plugging the current year. I'd guess they were assuming that no one would remain on an outdated browser for three years Rest assured, the "true" copyright date is 2016, regardless of what that page claims....

I would guess that portions of the about page are downloaded, and that the copyright notice reflects the copyright date of that downloaded content. Which is misleading, of course. But since copyrights last 95 (!) years anyway ("thanks" Disney!), it's not as if the difference between 2016 and 2019 matters much.

Strangely, on one of my PC's, those prefs were already present and defaulted to 2. Also the one I mentioned, media.gmp-eme-adobe.visible, was already present and defaulted to true. So all I had to do on that PC was update Serpent/Moebius and Primetime automagically appeared. Edit: Scratch that. I had downloaded the wrong update! Turns out Serpent/UXP has all three prefs set by default; thus you wouldn't ordinarily have them as user prefs. That explains why, when you migrate your user prefs to Serpent/Moebius, they aren't set and need to be set after migration. (BTW, this is one of the advantages of an installer. Makes it easier to download the correct version into the correct directory.) A while ago there were some reports of problems with the built-in decoder. IIRC the biggest problem was distorted audio. Sometimes a simple user-agent spoof would fix it by causing the site to use a different codec, so Primetime wasn't always needed. @roytam1 has been good about keeping the built-in media libraries up-to-date on Moebius, so maybe that audio issue has passed.

ICYMI: IOW, with his latest updates to Serpent/Moebius, you can now install the Adobe Primetime CDM and use it for HTML5 video, instead of Serpent's built-in support. You may want to try this if you run into issues with the built-in support, such as distorted audio. If you "cheated" like I did and copied your Serpent/UXP profile over to Serpent/Moebius, and had Primetime installed on UXP, you're probably 90% of the way home. All you need to do is recreate the media.gmp-eme-adobe.visible boolean pref and set it to true. Primetime should appear in about:addons since the other prefs from your UXP install should still be there. Of course, if it doesn't work, check all the prefs mentioned in the Primetime thread. As with UXP, you'll need to set media.ffvpx.enabled to false to force Moebius to use Primetime for HTML5; otherwise Moebius will use its built-in support by default.