Explorer09

And one update for Office Word 2003. (MS12-029 KB2598332 will soon be replaced)

I'll make a simple table of what should have done: | I have KB2618451 | Don't have KB2618451 I have KB2736233 | Outcome A | Outcome B Don't have KB2736233 | Outcome C | Outcome D Outcome A: Report that KB2618451 is unneeded. Outcome B: Do nothing. Let it pass. Outcome C: Notify the user about the KB2736233 if he turns on the Advisory option. Outcome D: Tell the user that he needs either KB2736233 or KB2618451.

An out-of-band security update has been released today (21 Sep 2012): 2744842 | MS12-063 | IE security | download (IE6):34747 download (IE8):34749 | replaces (MS12-052) KB2722913

Microsoft does release some security updates that are not in Patch Tuesday. But only if the update is urgent as you said. 2744842 | MS12-063 | IE security | download (IE6):34735 download (IE8):34731 | replaces (MS12-052) KB2722913

Try downloading it here: http://unattended.msfn.org/unattended.xp/view/web/15/

The filenames in my patch and in the original code are extracted files, so there's no error. rvkroots.exe and rootsupd.exe (along with other EXEs) are extracted into "WORK\I386E" by the script, so inside "WORK\I386E" you won't find any names that look like rvkroots.exe or rootsupd.exe. Except these: updroots.exe (Main executable inside rvkroots.exe and rootsupd.exe. Should be the same file.) authroots.sst (from rootsupd.exe) delroots.sst (from rootsupd.exe) roots.sst (from rootsupd.exe) disallowedcert.sst (from rvkroots.exe) updroots.sst (from rootsupd.exe) rvkroots.inf (INF files are handled in another part of the script.) rootsupd.inf (INF files are handled in another part of the script.) advpack.dll and w95inf16.dll and w95inf32.dll (These are used to parsing INF files and are useless to HFSLIP.)

I see. Perhaps MS want to give companies some transition period to upgrade their certificates. Just a guessing.

I've prepared a list of the updates releases this month (August 2012). I think it will be useful. August 2012 Patch Tuesday KB number | MS bulletin | description | download links | updates replaced | other notes Windows XP x64 2722913 | MS12-052 | IE security | 30591 30528 | replaces (ms12-037) 2699988 2705219 | MS12-054 | browser.dll & netapi32.dll | 30543 | replaces (ms08-067) 958644 2712808 | MS12-054 | localspl.dll | 30606 | replaces (ms09-022) 961501 2731847 | MS12-055 | win32k.sys | 30605 | replaces (ms12-047) 2718523 2706045 | MS12-056 | jscript & vbscript 5.8 | 30510 | replaces (ms11-031) 2510531 and non-security 2632503 | x64 only 2661254 | advisory | crypt32.dll | 30494 | | see below 2732052 | | timezone update | 30548 | replaces 2633952 and 2698707 | Note: 2661254 + 2728973 (rvkroots.exe) replaces 2718704. 2661254 is not a high-priority update AFAIK. EDIT: I forgot the timezone update, now added.

Ok. I have finished downloading my Patch Tuesday updates. And here's the list. August 2012 Patch Tuesday KB number | MS bulletin | description | download links | updates replaced | other notes Windows XP x86 2722913 | MS12-052 | IE security | 30527 30532 | replaces (ms12-037) 2699988 | 2723135 | MS12-053 | rpdwd.sys | 30590 | replaces (ms12-036) 2685939 | xp x86 only 2705219 | MS12-054 | browser.dll & netapi32.dll | 30497 | replaces (ms08-067) 958644 | 2712808 | MS12-054 | localspl.dll | 30529 | replaces (ms09-022) 961501 | 2731847 | MS12-055 | win32k.sys | 30564 | replaces (ms12-047) 2718523 | 2661254 | advisory | crypt32.dll | 30503 | | see below 890830 | MSRT 4.11 | | 16 | replaces v4.10 | Note: 2661254 + 2728973 (rvkroots.exe) replaces 2718704. 2661254 is not a high-priority update AFAIK. office 2003 2687323 | MS12-060 | mscomctl | 30623 | replaces (ms12-027) 2597112 | 2687324 | MS12-043 | msxml5 | 30631 | replaces (ms08-069) 951535 | revised bulletin 2687403 | | outlfltr | 30632 | replaces 2598343 office 2007 2596615 | MS12-057 | mso | 30614 | replaces (ms11-073) 2584063 | 2596754 | MS12-057 | msconv97 | 30633 | replaces (ms10-105) 2288931 | 2687441 | MS12-060 | mscomctl | 30619 | replaces (ms12-027) 2598041 | 2596856 | MS12-043 | msxml5 | 30626 | none | revised bulletin 2687400 | | outlfltr | 30642 | (you know which) Note: 2596615 and 2596856 are also offered to people who installed the Compatibility Pack.

Double post. Because I've made a patch to support rvkroots.exe update in the HF folder. The patch is this: Replace line 2395-2406 of hfslip-1.7.10_beta_J_v9.cmd with the following code IF EXIST WORK\I386E\updroots.exe ( IF EXIST WORK\I386E\authroots.sst ( REN WORK\I386E\authroots.sst authroot.sst ECHO>>SOURCESS\I386\TXTSETUP.SIF authroot.sst = 1,,,,,,,998,0,0,authroots.sst&ECHO>>SOURCESS\I386\DOSNET.INF d1,authroot.sst ECHO>>WORK\HFSLIPCMDP1.TXT %%SYSTEMROOT%%\HFSLIP\updroots.exe %%SYSTEMROOT%%\HFSLIP\authroots.sst ) IF EXIST WORK\I386E\delroots.sst ( ECHO>>SOURCESS\I386\TXTSETUP.SIF delroots.sst = 1,,,,,,,998,0,0&ECHO>>SOURCESS\I386\DOSNET.INF d1,delroots.sst ECHO>>WORK\HFSLIPCMDP1.TXT %%SYSTEMROOT%%\HFSLIP\updroots.exe -d %%SYSTEMROOT%%\HFSLIP\delroots.sst ) IF EXIST WORK\I386E\roots.sst ( ECHO>>SOURCESS\I386\TXTSETUP.SIF roots.sst = 1,,,,,,,998,0,0&ECHO>>SOURCESS\I386\DOSNET.INF d1,roots.sst ECHO>>WORK\HFSLIPCMDP1.TXT %%SYSTEMROOT%%\HFSLIP\updroots.exe -l %%SYSTEMROOT%%\HFSLIP\roots.sst ) IF EXIST WORK\I386E\disallowedcert.sst ( REN WORK\I386E\disallowedcert.sst rvkcert.sst ECHO>>SOURCESS\I386\TXTSETUP.SIF rvkcert.sst = 1,,,,,,,998,0,0&ECHO>>SOURCESS\I386\DOSNET.INF d1,rvkcert.sst ECHO>>WORK\HFSLIPCMDP1.TXT %%SYSTEMROOT%%\HFSLIP\updroots.exe -l -u %%SYSTEMROOT%%\HFSLIP\rvkcert.sst ) ECHO>>SOURCESS\I386\TXTSETUP.SIF updroots.exe = 1,,,,,,,998,0,0&ECHO>>SOURCESS\I386\DOSNET.INF d1,updroots.exe IF EXIST WORK\I386E\updroots.sst ( ECHO>>SOURCESS\I386\TXTSETUP.SIF updroots.sst = 1,,,,,,,998,0,0&ECHO>>SOURCESS\I386\DOSNET.INF d1,updroots.sst ECHO>>WORK\HFSLIPCMDP1.TXT %%SYSTEMROOT%%\HFSLIP\updroots.exe %%SYSTEMROOT%%\HFSLIP\updroots.sst ) ) And the rvkroots.exe will work in the HF folder when running HFSLIP. Seriously, without this patch, HFSLIP will (unintentionally) fool the slipstreamed Windows, thinking that the update was installed successfully. hfslip-rvkroots-support.patch.txt

Speaking of rvkroots.exe. I found that the rootsupd.exe (root certificates update) is specially handled by the HFSLIP script. I guess this is why it worked when putting rootsupd.exe in HF folder. (Line 2395-2406) IF EXIST WORK\I386E\updroots.exe ( REN WORK\I386E\authroots.sst authroot.sst ECHO>>SOURCESS\I386\TXTSETUP.SIF authroot.sst = 1,,,,,,,998,0,0,authroots.sst&ECHO>>SOURCESS\I386\DOSNET.INF d1,authroot.sst ECHO>>SOURCESS\I386\TXTSETUP.SIF delroots.sst = 1,,,,,,,998,0,0&ECHO>>SOURCESS\I386\DOSNET.INF d1,delroots.sst ECHO>>SOURCESS\I386\TXTSETUP.SIF roots.sst = 1,,,,,,,998,0,0&ECHO>>SOURCESS\I386\DOSNET.INF d1,roots.sst ECHO>>SOURCESS\I386\TXTSETUP.SIF updroots.exe = 1,,,,,,,998,0,0&ECHO>>SOURCESS\I386\DOSNET.INF d1,updroots.exe ECHO>>SOURCESS\I386\TXTSETUP.SIF updroots.sst = 1,,,,,,,998,0,0&ECHO>>SOURCESS\I386\DOSNET.INF d1,updroots.sst ECHO>>WORK\HFSLIPCMDP1.TXT %%SYSTEMROOT%%\HFSLIP\updroots.exe %%SYSTEMROOT%%\HFSLIP\authroots.sst ECHO>>WORK\HFSLIPCMDP1.TXT %%SYSTEMROOT%%\HFSLIP\updroots.exe %%SYSTEMROOT%%\HFSLIP\updroots.sst ECHO>>WORK\HFSLIPCMDP1.TXT %%SYSTEMROOT%%\HFSLIP\updroots.exe -l %%SYSTEMROOT%%\HFSLIP\roots.sst ECHO>>WORK\HFSLIPCMDP1.TXT %%SYSTEMROOT%%\HFSLIP\updroots.exe -d %%SYSTEMROOT%%\HFSLIP\delroots.sst ) However the script does nothing to handle rvkroots.exe. EDIT: I found a bug in the code above. The script does not slipstream these registry entries that will be added after applying rootsupd.exe. EDIT2: It's not a bug. Sorry, my mistake.

I meant the Windows directory. %ProgramFiles% can have spaces ("Program Files") but I don't think that the Windows directory can. You are right, the Windows directory needs to follow the 8.3 filename convention. I tested just now. If it doesn't, an error message "The directory name is invalid. Directory names must contain 8 or less valid characters." will appear.

I didn't test this, but if %systemroot% contains spaces, I think this patch will fail.

2719985 replaces these two updates: 973687, 2079403. So if rulman integrated 973687 or 2079403 after 2719985, the update would be undone.

When I attached my .reg file, I mean it is possible to integrate those registry entries directly into nLite.inf, just like the old KB2718704 update did. Your UDC script only scheduled the program to run when the Windows setup starts to install hotfixes. I personally don't like your method.

I've converted that update into an .reg files that can be used in HFSLIP:

Double post. I've installed the update and extracted 28 new registry entries in the update. I think this could make slipstreaming much easier. See the attached .reg file. rvkroots.exe should modify other certificate entries as well, but I found that it was only the header that was changed, so it won't matter. Edit (14 July 2012): I upload a new version because I forgot this registry entry in the previous one: ; Windows Update checks this. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{C3C986D6-06B1-43BF-90DD-BE30756C00DE}] "Version"="1,0,2195,0" Mirrors: http://ge.tt/9Xyy0VK/v/0 , http://dl.dropbox.com/u/70170658/msfn/rvkroots-certs.reg rvkroots-certs.reg

Note that the KB2698365 update (MS12-045) does NOT replace the KB2419632 update, because KB2419632 contains an additional "odbc32.dll" file. And there is one Office 2003 update release this month: KB2598361 MS12-046 (replaces KB976382 in MS10-031)

What about the crypt32.dll file in the KB2718704 update? Does KB2728973 patch that file? EDIT: I figured it out. No, rvkroots.exe does not contain the file, so it does NOT replace KB2718704.

nLite can integrate KB2686509 without any problems, except KB2686509 can not be "directly integrated" by design. In fact the KB2686509 update installs nothing in your computer. It's a file checker that check if all your keyboard layout file are all in "%Windir%\System32". If not it will generate a "%windir%\FaultyKeyboard.log" and let the update fail. So what can people do when the update fails is either of these: 1. Ignore the update. 2. Delete the registry entries that refer to the files that are not in System32 folder. 3. Copy those keyboard layout files to System32. Hope this helps

It would be better if they use simpler language like "You also need the .NET 2.0 and .NET 3.5 updates above." avoiding the term "incremental" or "cumulative". By the way, .NET 3.5 does include .NET 3.0 and .NET 2.0, so you can call it cumulative. But .NET 4.0 is not, and I personally avoid using .NET 4.0 apps.

This page lists the known Windows XP CD labels: http://www.tacktech.com/display.cfm?ttid=342 According to the page "AX2PXFPP_EN" is the Retail version of Windows XP Professional x64, without SP2. "ARMPXOEM_EN" is the OEM version. @krick: It seems that your disc is slipstreamed by someone else. The original disc shouldn't have the \AMD64\SVCPACK directory.

Finally I get it. It was my mistake all the time. When I said I checked Windows Update, I did so only once. I didn't realize that KB2345886 and KB970430 two updates are offered at the second check. OK, both KB2345886 and KB970430 are high-priority updates, and require KB968389 (also high-priority) to be installed first.

-X- got one thing wrong here. KB2707511 alone cannot replace KB2676562. It's the combination of KB2707511+KB2709162 that replaces KB2676562. | KB2676562 | KB2707511 | KB2709162 Win32k.sys | 5.1.2600.6206 | no | 5.1.2600.6228 (reg entry) | yes | no | yes Ntkrnlmp.exe | 5.1.2600.6206 | 5.1.2600.6223 | no Ntkrnlpa.exe | 5.1.2600.6206 | 5.1.2600.6223 | no Ntkrpamp.exe | 5.1.2600.6206 | 5.1.2600.6223 | no Ntoskrnl.exe | 5.1.2600.6206 | 5.1.2600.6223 | no (The "reg entry" mean the SessionImageSize registry entry. "No" means the update does not contain the file/registry.)

I got the claim about what you said in Microsoft's article. Thanks. By the way, I found some more items on the list that need to be corrected. KB936357 (Intel CPU update) - This is a high-priority update. KB971029 (Autorun patch) - This is a high-priority update, too. KB2492386 - This is offered as optional updates in Windows Update. KB982316 - Not offered in my Windows Update. (I think this should be optional.) KB2345886 - Not offered in my Windows Update. (I think this should be optional.)