Mathwiz

Not so fast. That's an old patch from 2010. M$ just re-released it; that's all. Also, it doesn't appear related to the RDP vulnerability ostensibly closed by the 3rd-party patch. M$ has updated the MSRT, though: https://www.askwoody.com/2017/the-new-xp-patch-kb-982316-is-a-dud-but-the-new-msrt-is-for-real/

Hmm.... I was willing to take a chance, but the web page for the download wouldn't work with Firefox 52.1.2, or IE 8. Had to use IE 11 on a Win 7 machine just to get the Web page to work. I guess if you really are running XP or 2003 you're screwed (unless the page works with Chrome 49). Then they ask for first & last name, COMPANY name, JOB TITLE, BUSINESS email, phone number, country, and (if you select US) state. Seems it's not available to individual XP users! Yet the Terms & Conditions state you get a "personal" license to use the patch. Still trying to decide whether to take the plunge on this one.

Go ahead. I don't know of any reason not to update Windows Installer to v4.5.

So, how do you check your version of the Malware Protection Engine? Here's how: Open MSE Near the upper-right corner of the window, click the down-arrow to the right of "Help." A menu will drop down Click "About" in the menu In the About dialog, the "Engine version" should be 1.1.13704.0 (or later)

Thanks! That worked. As it happens, I don't have Word 2007 installed so I didn't need that last one. It's a bit annoying to have to install several updates manually, or else let it run overnight, each time new updates appear, but eventually everything does seem to finally work.

Well, I keep getting stuck in the dreaded "svchost.exe at 99% CPU." Even tried downloading and installing the cumulative IE8 fixes manually. They installed OK but it didn't help. Guess I'll just have to let it run overnight again

I wasn't even aware of that one! When I tried it, it told me "you need to update your browser" just like the shortcut in the Start menu. The URL is probably stored in the registry somewhere but I don't even know what to search for. Microsoft seeded XP/IE8 with so many "Windows Update" shortcuts it's hard to keep track! There's also one in the start menu (that now says "you need to update your browser") and one in the Favorites bar, under "Microsoft," that goes to the Windows 10 page. The one in the Start menu can't be changed but it can be deleted. I deleted the start menu one and changed the one in Favorites / Microsoft. There's also "Microsoft Update" in the start menu; that's what I normally use. It still works so I kept it.

On my XP setup, the Windows Update in the IE8 toolbar is merely an Internet shortcut in the "C:\Documents and Settings\XPMUser\Favorites\Links\Microsoft" directory. Open that directory and you should be able to right-click it, click "Properties," and change the URL. The default is http://windows.microsoft.com/isapi/redir.dll?prd=windowsupdate&clcid=&pver=&ar=WindowsUpdate ... which, when I click it, gives me a Windows 10 page But just change it to the appropriate link above and it should start working again.

Well that explains why I didn't have KB3011780. I had the successor update KB3161561, so it wasn't needed. Obviously it's best to have the latest versions of these updates, listed in heinoganda's post. But you should be protected from the named exploits as long as you have either the original updates or any of their successors.

Microsoft posted this to their Technet blog: https://blogs.technet.microsoft.com/msrc/2017/04/14/protecting-customers-and-evaluating-risk/ It lists exploits known to be used by the NSA in the US, and probably by hackers everywhere; but it's not particularly clear about which updates you need. So I compiled a list for XP: KB958644 (for MS08-067) KB2347290 (for MS10-061) KB3011780 (for MS14-068) KB4012598 (for MS17-010, CVE-2017-0146, and CVE-2017-0147) MS09-050 appears to affect only Windows Server versions, so no update is needed for XP. The other four are available via Windows Update and the Update Catalog. The last two were after XP EOL but the fixes are available for POSReady '09. Checking my own system, I found I had all updates needed except KB3011780 for some reason. So I downloaded that one via the Windows Update Catalog and installed it manually.

OK; I see what it does. It makes .jpeg's smaller. I don't think it will make them render more quickly though; at least, probably not enough to notice. I think the idea is to reduce the amount of time it takes to transfer .jpeg's from a Web server to your PC. So it probably only speeds things up if you run a Web server. It may also help free up space on your HDD, if you have a lot of huge .jpeg's on it.

For Rename, I usually just slow-double-click the file name, which eliminates the chance of accidentally clicking Delete, but I too would like to know if the context menu could be changed. I suppose you could add your own Delete to HKCR/*/Shell, but you'd still need to remove the system-provided Delete. From a UI standpoint it didn't make sense for Microsoft to put a destructive operation between two non-destructive ones (Create Shortcut and Rename). Even with confirmation, there's too much chance of deleting something unintended.

If the PosReady key isn't there under the WPA key, right-click the WPA key, select New / Key, and name it PosReady. Then click the PosReady key. There should be a value named "Installed" on the right. If it's not there, right-click on PosReady, select New / DWORD Value, and name it Installed. Set its value to 1 (0x00000001 in hex).

I tried lowering the priority of svchost.exe with task manager but it wouldn't let me. You're right, it'd make it take even longer to run, but at least it wouldn't slow down everything else as much. Oh, well; I don't need to worry about it again until next month.

I think the big deal isn't so much that it takes so long; it's that it hogs the CPU the whole time. You'd think at least they could put the misbehaving svchost.exe task at a below-normal priority.

Yes, it is listed in Add/Remove Programs. Thanks. I just installed the Flash update and let the WU scan run overnight, and when I came in this AM I had a dozen updates waiting. (Some were for Office.) I installed them all and the WU scan runs fine now. I guess it must have needed another update besides the IE8 one to fix it this month.

Thanks. That's what usually works if you've gone a few months without updates. Unfortunately it didn't work for me this time. After downloading, installing, rebooting, and re-enabling Windows Update, it went back to svchost.exe using 99% again And "review your update history" didn't even show 4012204 as being installed So I guess I'll just have to wait it out....

As of today I still see no updates for either Win 7 or POSReady 09. So just for the heck of it, I went to Windows Update with IE 8 and checked for new updates - and now I'm stuck waiting on the svchost.exe using 99% CPU bug! And it probably won't find anything anyway. Exasperating.

Besaglio gave us the link a few posts ago (this is for the regular version though): Like yours, my FF 45 ESR claimed to be up-to-date. I had to download & install the upgrade manually

If using Firefox, search for the CanvasBlocker add-on. It will block or defeat canvas fingerprinting. Edit: Looks like Sampei.Nihira already has CanvasBlocker Edit 2: Well, that was a bust. Cert. Updater is failing for me with this: Open SrcStore failed => 0x80092003 A search turns up: 0x80092003 = CRYPT_E_FILE_ERROR = An error occurred while reading or writing to the file. Something must have had the cert. stores in use. I closed Excel and Windows Live Mail and tried again, and it worked. But I only got an updated ROOTS.SST

Make sure you don't have any of these keys either: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WindowsEmbedded (you said you removed this one already) HKEY_LOCAL_MACHINE\SYSTEM\WPA\WEPOS HKEY_LOCAL_MACHINE\SYSTEM\WPA\WES And make sure you've installed version 4.5 of the Windows Installer.

I thought this thread was dead, but today, 2/14, I saw our old friend KB2952664 reappear in my update list. I guess it's been reissued? I hid it again, but it makes me wonder if M$ is going to make another push to get Win 7/8.1 users to upgrade to Win 10.

I don't see any Win 7 updates today either, so it might be for all - or at least for more than just the POSReady systems.

While you're there, scroll down a little further and make sure you have TLS 1.0 enabled (and preferably, SSL 2.0 and 3.0 disabled).

That error dialog does not look like a root certificate issue to me. If it were, I'd expect the warning flag on the first line, not the third. To me it looks like a problem with the server configuration. That said, it could be that XP isn't handling new certificate extensions, so it thinks the certificate is invalid for the site even though it actually isn't. Have you downloaded the latest IE 6 updates? (You may need the POSReady '09 hack for this.) BTW, if at some point you want to upgrade from OE 6, I'd recommend Windows Live Mail. It's much more like OE 6 than the Outlook from MS Office, and it will import all your OE 6 mail and contacts. The 2009 version runs on XP, but you'll need the offline installer.