Mathwiz

On my XP setup, the Windows Update in the IE8 toolbar is merely an Internet shortcut in the "C:\Documents and Settings\XPMUser\Favorites\Links\Microsoft" directory. Open that directory and you should be able to right-click it, click "Properties," and change the URL. The default is http://windows.microsoft.com/isapi/redir.dll?prd=windowsupdate&clcid=&pver=&ar=WindowsUpdate ... which, when I click it, gives me a Windows 10 page But just change it to the appropriate link above and it should start working again.

Well that explains why I didn't have KB3011780. I had the successor update KB3161561, so it wasn't needed. Obviously it's best to have the latest versions of these updates, listed in heinoganda's post. But you should be protected from the named exploits as long as you have either the original updates or any of their successors.

Microsoft posted this to their Technet blog: https://blogs.technet.microsoft.com/msrc/2017/04/14/protecting-customers-and-evaluating-risk/ It lists exploits known to be used by the NSA in the US, and probably by hackers everywhere; but it's not particularly clear about which updates you need. So I compiled a list for XP: KB958644 (for MS08-067) KB2347290 (for MS10-061) KB3011780 (for MS14-068) KB4012598 (for MS17-010, CVE-2017-0146, and CVE-2017-0147) MS09-050 appears to affect only Windows Server versions, so no update is needed for XP. The other four are available via Windows Update and the Update Catalog. The last two were after XP EOL but the fixes are available for POSReady '09. Checking my own system, I found I had all updates needed except KB3011780 for some reason. So I downloaded that one via the Windows Update Catalog and installed it manually.

OK; I see what it does. It makes .jpeg's smaller. I don't think it will make them render more quickly though; at least, probably not enough to notice. I think the idea is to reduce the amount of time it takes to transfer .jpeg's from a Web server to your PC. So it probably only speeds things up if you run a Web server. It may also help free up space on your HDD, if you have a lot of huge .jpeg's on it.

For Rename, I usually just slow-double-click the file name, which eliminates the chance of accidentally clicking Delete, but I too would like to know if the context menu could be changed. I suppose you could add your own Delete to HKCR/*/Shell, but you'd still need to remove the system-provided Delete. From a UI standpoint it didn't make sense for Microsoft to put a destructive operation between two non-destructive ones (Create Shortcut and Rename). Even with confirmation, there's too much chance of deleting something unintended.

If the PosReady key isn't there under the WPA key, right-click the WPA key, select New / Key, and name it PosReady. Then click the PosReady key. There should be a value named "Installed" on the right. If it's not there, right-click on PosReady, select New / DWORD Value, and name it Installed. Set its value to 1 (0x00000001 in hex).

I tried lowering the priority of svchost.exe with task manager but it wouldn't let me. You're right, it'd make it take even longer to run, but at least it wouldn't slow down everything else as much. Oh, well; I don't need to worry about it again until next month.

I think the big deal isn't so much that it takes so long; it's that it hogs the CPU the whole time. You'd think at least they could put the misbehaving svchost.exe task at a below-normal priority.

Yes, it is listed in Add/Remove Programs. Thanks. I just installed the Flash update and let the WU scan run overnight, and when I came in this AM I had a dozen updates waiting. (Some were for Office.) I installed them all and the WU scan runs fine now. I guess it must have needed another update besides the IE8 one to fix it this month.

Thanks. That's what usually works if you've gone a few months without updates. Unfortunately it didn't work for me this time. After downloading, installing, rebooting, and re-enabling Windows Update, it went back to svchost.exe using 99% again And "review your update history" didn't even show 4012204 as being installed So I guess I'll just have to wait it out....

As of today I still see no updates for either Win 7 or POSReady 09. So just for the heck of it, I went to Windows Update with IE 8 and checked for new updates - and now I'm stuck waiting on the svchost.exe using 99% CPU bug! And it probably won't find anything anyway. Exasperating.

Besaglio gave us the link a few posts ago (this is for the regular version though): Like yours, my FF 45 ESR claimed to be up-to-date. I had to download & install the upgrade manually

If using Firefox, search for the CanvasBlocker add-on. It will block or defeat canvas fingerprinting. Edit: Looks like Sampei.Nihira already has CanvasBlocker Edit 2: Well, that was a bust. Cert. Updater is failing for me with this: Open SrcStore failed => 0x80092003 A search turns up: 0x80092003 = CRYPT_E_FILE_ERROR = An error occurred while reading or writing to the file. Something must have had the cert. stores in use. I closed Excel and Windows Live Mail and tried again, and it worked. But I only got an updated ROOTS.SST

Make sure you don't have any of these keys either: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WindowsEmbedded (you said you removed this one already) HKEY_LOCAL_MACHINE\SYSTEM\WPA\WEPOS HKEY_LOCAL_MACHINE\SYSTEM\WPA\WES And make sure you've installed version 4.5 of the Windows Installer.

I thought this thread was dead, but today, 2/14, I saw our old friend KB2952664 reappear in my update list. I guess it's been reissued? I hid it again, but it makes me wonder if M$ is going to make another push to get Win 7/8.1 users to upgrade to Win 10.

I don't see any Win 7 updates today either, so it might be for all - or at least for more than just the POSReady systems.

While you're there, scroll down a little further and make sure you have TLS 1.0 enabled (and preferably, SSL 2.0 and 3.0 disabled).

That error dialog does not look like a root certificate issue to me. If it were, I'd expect the warning flag on the first line, not the third. To me it looks like a problem with the server configuration. That said, it could be that XP isn't handling new certificate extensions, so it thinks the certificate is invalid for the site even though it actually isn't. Have you downloaded the latest IE 6 updates? (You may need the POSReady '09 hack for this.) BTW, if at some point you want to upgrade from OE 6, I'd recommend Windows Live Mail. It's much more like OE 6 than the Outlook from MS Office, and it will import all your OE 6 mail and contacts. The 2009 version runs on XP, but you'll need the offline installer.

Cryptography 1.7.2 is new. A check with my hex editor shows that it has been updated to OpenSSL 1.0.2k. So it looks like your package is up-to-date after all!

OpenSSL version 1.0.2k has been released, which means there should be a new version of the Python cryptography package soon. The issues fixed in 1.0.2k are listed here. Luckily, nothing looks too serious to me, so folks using Heinoganda's packages (which include OpenSSL version 1.0.2j) probably don't need to worry about upgrading immediately.

I'm all for blocking known bad Web sites, and you can find a simple tool for doing so here: http://accs-net.com/hosts/DNSKong.html But bad sites aren't the only risk to your security online. These days, you could be compromised quite easily by a MITM attack from someone at your ISP. Blocking bad sites will do nothing to prevent that. And no one is trusting that "all" vulnerabilities have been found, by M$, OpenSSL, or anyone else. But "known" vulnerabilities should still be taken care of, especially when it can be done quickly and easily. If you're still using IE 8, I'd put installing the POSReady '09 fixes for it, followed by disabling known-to-be-weak cryptography via the registry, in that category. These are not mutually exclusive ideas. Of course you shouldn't tempt fate by driving through bad neighborhoods, but if your key-less entry system has a known weakness, you shouldn't use your superior discretion in route choice as an excuse to ignore the manufacturer's recall notice. Criminals have been known to work in "nice" neighborhoods too.

The main security weaknesses of (unpatched) IE8 and earlier on XP come from its use of older algorithms that now have known weaknesses. If you wish to use IE8 on XP, I strongly recommend installing POSReady '09 updates, then disabling the older, weaker encryption and hash algorithms: You should also disable SSL 2.0 and SSL 3.0 in Internet Options / Advanced / Security. Enable only TLS 1.0. To use the newer, more secure TLS 1.1 or 1.2 protocols with IE 8, you'll need to install a TLS proxy like ProxHTTPSProxy.

Make sure IE isn't set to use the Proxomitron (localhost / 8080) for http connections. It has to get through on http in order to receive the redirect to https. Also, try Heinoganda's ProxHTTPSProxy version (with the updated Python cryptography package); otherwise you'll probably get a 417 error when Google.pl redirects you to https (unless you have google.pl in your SSL Pass-Thru section).

Well, I tried to deinstall the previous version, but naturally, that didn't work either. I got some error message about the installer patch package being invalid! I've had that sort of thing happen before, so I resorted to the "Windows Install Clean Up" tool and did a rogue deinstall. Then installing the current version worked! I hate "installer hell," but at least it seems to be correctly installed now.

That version of Silverlight fails to install on mine: