Explorer09

Does Windows Update checks about this registry entry? HKLM,"SOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\KB2638806","Installed",0x10001,1 I can guess the reason. KB960803 and KB2638806 patch no files in the Windows directory. What the installer was doing is copying the Winhttp.dll into a cache folder (%windir%\WinSxS). Since Windows Update cannot tell the exact path where the file is copied, it will check the "Installed" registry entry. The same problem should happen with KB2659262, am I right?

There is one update replacement that Kurt_Aust did not find. KB960803 (MS09-013) WinHTTP - Replaced by KB2638806 (MS12-006).

Added.

I hope this can save Mimo's time. May 2012 Patch Tuesday Windows XP - new updates: http://www.microsoft.com/en-us/download/details.aspx?id=29783 MS12-034 KB2660649 Windows Journal (Tablet PC Edition only) http://www.microsoft.com/en-us/download/details.aspx?id=29741 MS12-034 KB2659262 GDIPlus http://www.microsoft.com/en-us/download/details.aspx?id=29781 MS12-034 KB2676562 Kernel http://www.microsoft.com/en-us/download/details.aspx?id=29804 MS12-034 KB2686509 http://www.microsoft.com/en-us/download/details.aspx?id=29712 Advisory KB2695962 ActiveX Killbits Malicious Software Removal Tool 4.8.6201.0 Office 2003 - new updates: http://www.microsoft.com/en-us/download/details.aspx?id=29752 MS12-034 KB2598253 GDIPlus http://www.microsoft.com/en-us/download/details.aspx?id=29717 MS12-030 KB2597086 Excel http://www.microsoft.com/en-us/download/details.aspx?id=29740 MS12-029 KB2598332 Word http://www.microsoft.com/en-us/download/details.aspx?id=29725 KB2598343 Outlook junk email filter Obsolete updates: KB2412687 in MS11-029 replaced by KB2659262 (MS12-034) KB2641653 in MS12-018 replaced by KB2676562 (MS12-034) KB2633171 in MS11-098 replaced by KB2676562 (MS12-034) KB2647518 (ActiveX Killbits) replaced by KB2695962 KB972580 in MS09-062 replaced by KB2598253 (MS12-034) KB2344911 in MS10-079 replaced by KB2598332 (MS12-029) KB2596954 in MS11-096 replaced by KB2597086 (MS12-030) KB2464603 (Word) replaced by KB2598332 (MS12-029) KB2598292 (Outlook junk email filter) replaced by KB2598343 Notes: 1. KB2686509 update should go to HFSVCPACK_SW1 folder while the other updates go to HF. 2. Microsoft made a mistake in the MS12-034 bulletin. KB2598253 replaces KB972580 instead of KB2289187. 3. KB2676562 also has the registry entry "SessionImageSize" as KB2641653 does.

In case someone is reading this old thread... April 2012 Patch Tuesday New updates: KB2656369 (MS12-025, Download) | ndp2.0sp2 | May 2012 Patch Tuesday New updates: KB2604092 (MS12-035, Download) | ndp2.0sp2 | KB2604110 (MS12-035, Download) | ndp3.0sp2 | KB2656407 (MS12-034, Download) | ndp3.0sp2 | KB2604111 (MS12-035, Download) | ndp3.5sp1 | Obsolete: KB2518864 (MS11-044) is replaced by KB2604092 (MS12-035). KB2572073 (MS11-078) is replaced by KB2604092 (MS12-035). KB2633880 (MS12-016) is replaced by KB2604092 (MS12-035).

This post is for advanced users. nLite contains the boot sector file that mobiletech was talking about. It's named "boot.bin" and located in your nLite installation directory. Note, however, the boot sector that is included in the official WinXP SP3 disc is different from the "boot.bin" above. I don't know the exact reason, but I suspect that Microsoft have re-assembled the code to improve compatibility with AMD64 architectures.

Does this bug happens on other file types? If so, then we have to be careful of these files, too. (Overlapping files that do not have .exe or .dll extension) afd.sys KB2509553 KB2592799 mswrd8.wpc KB973904 KB2485663 srv.sys KB2345886 KB2508429 tcpip6.sys KB978338 KB2509553 I hope someone can check these out.

I thought you were familiar with command prompts, but it's okay that you are not. What I was telling you to do is to extract several files that was in your disc. These files should be patched by nLite when you told it to slipstream the update. Before I explain step by step, you have to know these two things: 1. All files that has an underscore (_) as the end of their file extension are actually cabinet (.CAB) files. 2. You can read and extract their contents using any file archiving software, such as 7-zip. Then, if you have your disc ready, you can check whether you have slipstreamed KB2675157 by checking the files and the registry. Files 1. Explore the I386 folder in your disc. 2. Find these files, and extract everyone to a temporary folder (or onto your desktop). browseui.dl_ html.ie_ ieencode.dl_ iepeers.dl_ mshtml.dl_ mshtmled.dl_ mstime.dl_ shdocvw.dl_ tdc.oc_ url.dl_ urlmon.dl_ wininet.dl_ 3. For every file you extracted, right-click it and choose "Properties". Then click the "Version" tab. You shall see the file version that matches this: tdc.ocx - 1.3.0.3131 html.iec and ieencode.dll - 2011.1.31.10 All other files - 6.0.2900.6197 If not, then your update has not been integrated correctly. Registry KB2675157 or other IE security updates also add some registry entries on your computer. That's why I told you to upload the NLITE.IN_ file. nLite stores the registry changes there. But I don't think I need to explain this since your problem isn't there.

I think there are some people in this forum who wonder how nLite slipstream updates. (such as these people) Personally I don't use nLite much. I prefer slipstreaming the updates myself rather than using such tool (just because I cannot trust the latter). However I did some experiments with nLite and I can share what I found here. My OS is Windows XP Professional SP3 (x86). I only tried the "Hotfixes, Add-ons and Update Packs" feature, which I'm interested in the most. Then I use Process Monitor and file difference tools to track nLite's actions. Here is the result - how nLite slipstream (regular) Windows XP updates. (Please note that there might be errors in the info below.) 1. Extracting the update contents nLite extracts all update packages by running this command with each package: "windowsxp-kbXXXXXX-x86-enu.exe" -q /X:"%CDPath%\hottemp" (Assume %CDPath% is the path to your Windows installation CD files, and your Windows XP is English version.) Then, nLite will check whether it is possible to use steps 2 to 4 below to integrate the update. In a few cases, nLite will say it cannot and asks user if he wants to use the regular integration methods. The "regular integration methods" provided by nLite is actually running this command: "windowsxp-kbXXXXXX-x86-enu.exe" -q /integrate:"%CDPath%" 2. Extracting the cabinets For some updates, it is necessary to extract the cabinets. nLite first tests them using 7-zip: 7z.exe t I386\%cab_file_to_extract%.cab Then they are extracted internally. nLite seems to invoke functions in the library called cabinet.dll. Extracted contents of DRIVER.CAB is stored in "%CDPath%\drivertmp". Extracted contents of SP3.CAB is stored in "%CDPath%\sp3tmp". 3. Replacing patched files nLite picks the files of the SP3QFE branch only. GDR branches are generally ignored. For each patched files, nLite looks up the files of the same name in I386 folder or the temp folders in previous step, extract it and compare the versions. nLite gives a warning when the version of CD files is newer than the patch, and asks user whether to replace the files. 4. Creating the registry patch file - nLite.inf The registry changes in each update can be found in the [Product.Add.Reg] section of the "update_SP3QFE.inf" file. nLite reads this and stores the registry entries in nLite.inf. (Unfortunately this causes a bug, see this thread.) nLite.inf is meant to be installed at the same time when Windows installs optional components. nLite.inf and nHelper.exe are compressed and copied to the CD. (NLITE.IN_ and NHELPER.EX_) 5. Updating INF files These files are changed by nLite (in chronological order): HIVECLS.INF (Only optimizes the file. No entries are added or removed.) HIVEUSD.INF (Only optimizes the file. No entries are added or removed.) SVCPACK.INF (Adds the catalog files to be installed.) NLITE.INF SYSOC.INF (Adds this entry, then optimizes.) [Components] nLite = ocgen.dll,OcEntry,nLite.inf,HIDE,7 6. Compressing cabinets DRIVER.CAB and SP3.CAB are re-compressed by nLite. (This takes a REALLY long time on my computer.) 7. Updating INF files again FONT.INF (Only optimizes the file. No entries are added or removed.) HIVESYS.INF (Only optimizes the file. No entries are added or removed.) INTL.INF (Only optimizes the file. No entries are added or removed.) WBEMOC.INF (Two entries are commented out by nLite, I don't know the reason.) [WBEM.CopyMOFs] ;napclientprov.mof ;napclientschema.mof TXTSETUP.SIF - nLite did three things here. First, in [FileFlags] section, some additional file flags are added. Second nLite adds these two entries in the [sourceDisksFiles] section: [SourceDisksFiles] nhelper.exe = 1,,,,,,,2,0,0 nlite.inf = 1,,,,,,,20,0,0 Third, the TXTSETUP.SIF file is opimized. DOSNET.INF (Adds these entries, then optimizes.) [Files] d1,nhelper.exe d1,nlite.inf [OptionalSrcDirs] svcpack HIVEDEF.INF (Only optimizes the file. No entries are added or removed.) HIVESFT.INF (Adds this entry, then optimizes.) [AddReg] HKLM,"SOFTWARE\Microsoft\Driver Signing","Policy",0x00000001,0 SVCPACK\HFINT.DAT (Only updates that are done using "regular integration methods" will have entries here.) 8. nLite deletes the file "nl_proc.log" in I386 folder. "nl_proc.log" is a temporary file that is used to indicate an unfinished nLite session. ----

Sorry for late reply. But your problem doesn't seem to be in the registry, so I think you need to check the files. If you still have the slipstreamed disc, try this in your command prompt: cd %YourDisc%\I386 mkdir %TEMP%\extract for %i in ( browseui.dl_ html.ie_ ieencode.dl_ iepeers.dl_ mshtml.dl_ mshtmled.dl_ mstime.dl_ shdocvw.dl_ tdc.oc_ url.dl_ urlmon.dl_ wininet.dl_ ) do expand -r %i %TEMP%\%extract explorer %TEMP%\extract Then, check if the file versions match the following: tdc.ocx - 1.3.0.3131 html.iec and ieencode.dll - 2011.1.31.10 All other files - 6.0.2900.6197 If one of these doesn't match, then your KB2675157 wasn't integrated correctly.

First, Killjoy, you have integrated KB2492386, so feel free to delete KB955759. Second, KB961118 is a high-priority update but it's offered only after you installed .NET Framework. I should have told -X- about this (but he didn't add it to the list). Third, I cannot know why you can't integrate KB2675157. Could you please attach the nLite.in_ file in your i386 folder of your disc, so that I could look at the problem?

KB971513 is an optional update. -X-'s page list only high-priority updates and that's why he never mentions the KB971513. Am I right? EDIT: One more thing. For a few updates, you should expect to get those "file is not present in ISO to be updated" dialogs. Because these updates do contain files not present in the disc (for some reasons). Here they are: KB2564958 (file: uiautomationcore.dll) KB2603381 (file: customaddreg.dll) KB2661637 (file: iacenc.dll) Time zone updates such as KB2633952 (file: tzchange.dll) EDIT: Still another thing. I checked Killjoy's list of updates he integrated and I see no problem except 971513 and 955759. I have mentioned 971513 already, but for 955759, I think it could be removed as well. Because, the high-priority 955759 update can be replaced by the optional 2492386 and Killjoy have decided to integrate 2492386.

Those dialogs are expected. nLite is simply complaining that either (1) the file in the patch is not present in the CD, or (2) the file in the CD is newer than the patch. EDIT: Wait a minute! Killjoy, you don't need the KB971513 as it was replaced by KB2564958. Remove KB971513 and you'll fix your problem.

How about using a newer version? I forgot to say that Windows 7's makecab (6.1.7600.16385) can run on Windows XP. I'm not sure about Win 2000, though.

Okay, you convinced me to test a little further. I downloaded another version of makecab.exe. This time it's 5.00.2134.1, and it works properly. Now I can say it's a regression of makecab (5.1.2600.5512). EDIT: I tested also makecab.exe version 6.1.7600.16385, which comes from Windows 7. It works properly too. Only the Windows XP version of makecab.exe has this bug.

HFSLIP uses makecab.exe for making cabinets. However, I found a problem with makecab that I advice HFSLIP authors not to use it. The problem (probably a bug) is this: makecab will store the file creation date as the modification date of the files inside the cabinet. People can try this: 1. Assume that you have the program to change the file date, such as NirSoft's File Date Changer. 2. Create a text file named "test.txt". 3. Use the File Date Changer to change the file created date to 1/1/2002, and the modified date 4/4/2004. 4. makecab /d compressiontype=LZX /d compressionmemory=21 test.txt test.tx_ 5. Open the cabinet with an archive viewer (such as 7-Zip), and check the modified date of test.txt. I tested this with makecab.exe 5.1.2600.5512(WindowsXP), and the date is 1/1/2002 instead of 4/4/2004. [update: Only this version has this problem, other version of makecab.exe works fine.] This problem become serious to me when I make cabinets across different folders. I often copy the files between folders and copying the files changes the file creation date of the new file. Then, makecab both files, and the two cabinets will be different even though their contents are the same file. In contrast, cabarc.exe (another cabinet utility), did this right. In the step 4, trying this instead of makecab will give you the correct file modified date. cabarc /m LZX:21 N test.tx_ test.txt HFSLIP could use another version of makecab or cabarc here to eliminate the problem.

Speaking of this update. -X-, you have made an error in your Obsolete Update list. It's 2641653 that replaces 2660465, not the other way around. (Update: there's no error there.)

First, it was Microsoft Update that offered me this update, even though I don't have Visio. Second, I did observe that my Omfc.dll gets patched after the update. About Omfcu.dll ...... I don't know, but I Google'd it and it seems that the file is from Visio, not from standard Office.

The file-checker for Office 2003 needs to be updated. These 2 updates are released on the Patch Tuesday this month: KB2597112 (MS12-027 - Windows Common Controls vulnerability) KB2598292 (Outlook Junk Email Filter), replacing KB2598246 (UPDATE: KB2598343, released on May 2012, replaces KB2598292) In addition, Mim0, would you please also add these notes to your list? The optional KB2449798 replaces the security update KB980373. The optional KB2464603 is required before installing Office File Validation add-in, and KB2464603 replaces security update KB2344911. (see this page) (UPDATE: KB2464603 is replaced by KB2598332 (MS12-029)) EDIT: Here's another update that you might need to add to your list: KB2493523 (MS11-055 - Microsoft Visio) This is an older security update. Although it talks about the Microsoft Visio vulnerability, it patches OMFC.DLL and it's offered to people who do not have Visio. (see FAQ #2 of this page) Explorer

No it didn't. But I often slipstream updates on my own (without nLite), and I discover this during the process. (Windows Update have its own problem - there are a few updates that WU cannot detect whether you've installed them correctly. This is one of the cases.)

-X- and tomasz86, thank you both for help. I was too busy yesterday to post the details. Yes, I was referring to the [win32k.Add.Reg.Session] section. If I read the inf correctly, it adds the entry when the value is not present, or the value is less than 0x10. My freshly-installed Windows doesn't have this value, so it should be added.

(I'm not sure if this is a place to file bugs. Please let me know if it is not.) The KB2641653 update for Windows XP x86 checks this registry value and adds it when it's not present. HKLM, "SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management", "SessionImageSize", 0x10001, 0x10 However, this entry is not brought to the installation CD when I use nLite to slipstream the update. This means the value will be missing in your new installed, nLited Windows. I have a workaround for this: 1. After slipstreaming with nLite, extract the NLITE.IN_ in your i386 folder (of your installation files). 2. Open the extracted NLITE.INF, and add this line to somewhere in the [T] section HKLM, "SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management", "SessionImageSize", 0x10001, 0x10 3. Save the file. 4. Compress the file with NLITE.INF cabarc or makecab, replacing the original NLITE.IN_ . cabarc -m LZX:21 N "I386\NLITE.IN_" "NLITE.INF" Update (May 2012): The new KB2676562 update replaces KB2641653, but the registry entry "SessionImageSize" is also present in KB2676562. This means the same bug will happen in slipstreaming KB2676562.

And hj_fr is right about KB953595. Yes, it is unnecessary because it's an optional hotfix. I'll correct the list. EDIT: I was wrong again. It's not just an optional hotfix. The reason KB953595 is unnecessary is because it is included in the installer of .NET 3.5 SP1.

Microsoft tend to not mention the update replacement if the 2 updates are in different category. For example, KB2572073 is a security update while KB976569 is not, but if you compare the file versions you'll see that one update supersedes the other. Files KB976569 version | KB2572073 version mscordacwks.dll: 2.0.50727.3607 (GDR) | 2.0.50727.3625 (GDR) mscordacwks.dll: 2.0.50727.4413 (LDR) | 2.0.50727.5681 (LDR) mscorlib.dll: 2.0.50727.3607 (GDR) | 2.0.50727.3625 (GDR) mscorlib.dll: 2.0.50727.4413 (LDR) | 2.0.50727.5681 (LDR) SOS.dll | 2.0.50727.3625 (GDR) SOS.dll: 2.0.50727.4413 (LDR) | 2.0.50727.5681 (LDR) mscorwks.dll: 2.0.50727.3607 (GDR) | 2.0.50727.3625 (GDR) mscorwks.dll: 2.0.50727.4413 (LDR) | 2.0.50727.5681 (LDR) For the KB982524 update, you should manually extract the contents in the EXE file, then notice the file NDP30SP2-KB977354.msp exists.

Here are more updates that are missing from your list. And one more thing, the KB2626416 update is not required in standard Windows XP, so you may remove it. (It's for Active Directory which has to be installed separately.) Security Updates: KB923561 MS09-010 Update for Windows WordPad Converter http://download.microsoft.com/download/E/9/5/E9529AB5-7DC4-468F-885D-211B77661DF8/WindowsServer2003.WindowsXP-KB923561-x64-ENU.exe KB924667 MS07-012 Vulnerability in Microsoft Foundation Classes could allow for remote code execution KB924667 is replaced by KB2387149 (MS10-074) + KB2506212 (MS11-024) KB946026 MS08-007 Vulnerability in WebDAV Mini-Redirector could allow remote code execution http://download.microsoft.com/download/2/0/a/20a92aa6-7c94-45da-94d0-5a5f19272b77/WindowsServer2003.WindowsXP-KB946026-x64-ENU.exe KB950762 MS08-036 Vulnerabilities in Pragmatic General Multicast (PGM) could allow denial of service (Rmcast.sys) http://download.microsoft.com/download/e/6/2/e622e1f6-4159-442b-8f96-5bcaf2e9a87f/WindowsServer2003.WindowsXP-KB950762-x64-ENU.exe KB950974 MS08-049 Vulnerability in Event System could allow remote code execution (Es.dll) http://download.microsoft.com/download/4/e/3/4e375028-e8b5-474f-80b1-17222f3d03ff/WindowsServer2003.WindowsXP-KB950974-x64-ENU.exe KB952004 MS09-012 Security update for MSDTC Transaction Facility http://download.microsoft.com/download/4/2/9/42995D5F-A89B-4E22-969A-6508B771BE6E/WindowsServer2003.WindowsXP-KB952004-x64-ENU.exe KB956802 MS08-071 Vulnerabilities in GDI could allow remote code execution (Gdi32.dll) http://download.microsoft.com/download/8/6/C/86C1FF51-5572-49D9-AC67-68BB983C420E/WindowsServer2003.WindowsXP-KB956802-x64-ENU.exe KB958644 MS08-067 Vulnerability in Server service could allow remote code execution (Netapi32.dll) http://download.microsoft.com/download/5/8/1/5811b6cc-5884-4486-b05d-de69f0e94f67/WindowsServer2003.WindowsXP-KB958644-x64-ENU.exe KB959426 MS09-015 Blended threat vulnerability in SearchPath could allow elevation of privilege http://download.microsoft.com/download/D/4/0/D40FD065-1222-49D7-9B04-78A291727FD7/WindowsServer2003.WindowsXP-KB959426-x64-ENU.exe KB960803 MS09-013 Vulnerabilities in Windows HTTP services could allow remote code execution KB960803 is replaced by KB2638806 (MS12-006) KB961501 MS09-022 Vulnerabilities in the Windows Print Spooler could allow remote code execution (Localspl.dll) http://download.microsoft.com/download/A/6/2/A621EA77-2D06-459C-9C56-6CBAC0674F06/WindowsServer2003.WindowsXP-KB961501-x64-ENU.exe KB2124261 MS10-065 Security update for Internet Information Services ASP (asp.dll) http://download.microsoft.com/download/3/F/F/3FF67D69-A090-4310-B56F-7BCCAB7D6EAA/WindowsServer2003.WindowsXP-KB2124261-x64-ENU.exe KB2347290 MS10-061 Vulnerability in Print Spooler Service Could Allow Remote Code Execution (Spoolsv.exe) http://download.microsoft.com/download/C/2/D/C2DA99E2-5B44-478A-AEAE-5385A168EE23/WindowsServer2003.WindowsXP-KB2347290-x64-ENU.exe KB2479943 MS11-015 Vulnerabilities in Windows Media Could Allow Remote Code Execution (sbe.dll) http://download.microsoft.com/download/E/B/2/EB2DFA3B-9298-4785-A2C4-C2531CF26D0C/WindowsServer2003.WindowsXP-KB2479943-x64-ENU.exe Important (non-security) updates: KB927891: You receive an access violation error and the system may appear to become unresponsive when you try to install an update from Windows Update or from Microsoft Update http://download.microsoft.com/download/0/d/8/0d81edae-b04c-4953-bf43-fe9e1a1c8a72/WindowsServer2003.WindowsXP-KB927891-v5-x64-ENU.exe KB936357: A microcode reliability update is available that improves the reliability of systems that use Intel processors http://download.microsoft.com/download/6/2/e/62ea90be-4add-4608-8bc1-7e8ccbf5ab90/WindowsServer2003.WindowsXP-KB936357-x64-ENU.exe KB968389: Extended Protection for Authentication http://download.microsoft.com/download/5/D/4/5D4F16C0-F329-493E-8280-DC75BC3F8491/WindowsServer2003.WindowsXP-KB968389-x64-ENU.exe Notes: 1. The optional update KB971737 replaces KB960803. 2. If you have the optional update KB2492386 installed, then KB923561 can be replaced by KB2492386+KB979687+KB2485663.