abbodi1406

Scroll towards the end of the archived ryanvm link he posted above, and you will find link for BuildEnviroment.7z

How would have skipped Spectre/Meltdown patches when all Security Only Updates include ntoskrnl.exe?

UpdRoots process the files based on the parameters not filename, e.g. if you run updroots.exe delroots.sst it will add the certificates not delete them Usage: UpdRoots [options] <SrcStoreFilename> Options are: -h - This message -d - Delete (default is to add) -l - Local Machine (default is Third Party) -u - Add to disallowed root store based on some checking, updroots.sst contain certificates that can be downloaded separately from WU (manually or using CertUtil –generateSSTFromWU), e.g. http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/8F43288AD272F3103B6FB1428485EA3014C0BCFE.crt authroots.sst certificates are not downloadable separately from WU

KB930916 does not exist for XP x64 there are many updates that replace KB930627 and take place, e.g. KB2876331 or KB3069392 you can find all windowsupdate (public and custom support) links for Windows XP x64 Edition here https://msfn.org/board/index.php?showtopic=182599

Usually for Vista and Win7, it's enough to change wuauserv ServiceDll registry to point to modified file (e.g. wuaueng2.dll)

This page now provide the SHA-2 signed dotnetfx35.exe (it's signed since July 2021, but the server timestamp for the file is February 2022) https://dotnet.microsoft.com/en-us/download/dotnet-framework/net35-sp1 they also signed the inner installers (exe, msi, msp..), but the content is still the same old dotnetfx35.exe

Adding g_sconsumersite manually to fe2.update url (to open MU site) prevent the redirection loop with www.update url http://fe2.update.microsoft.com/microsoftupdate/v6/default.aspx?ln=en&g_sconsumersite=1 the site opens in Win 7 / 8.1 too (not that it would work)

What files are missing from the full .Net 3.5 offline installer? you can build .NET 3.0 SP2 installer manually from dotnetfx35.exe https://docs.microsoft.com/en-us/archive/blogs/astebner/creating-an-administrative-install-point-for-the-net-framework-2-0-sp1 https://docs.microsoft.com/en-us/archive/blogs/astebner/creating-an-administrative-install-point-for-the-net-framework-3-0-sp1 those guide are for SP1, but works the same for SP2 similar guide https://docs.bmc.com/docs/ServerAutomation/89/deploying-net-653397308.html FYI, standalone installer for .NET 3.0 SP2 actually exist, but it's not directly acquirable you can find it within the VS 2008 bootstrapper packages https://docs.microsoft.com/en-us/archive/blogs/astebner/vs-bootstrapper-packages-for-net-framework-2-0-sp2-and-3-0-sp2-available-for-download click on Download location to get packages_setup.exe then extract adtbs_sp2oob.cab/adtbs_sp2oob.msi then use lessmsi to extract adtbs_sp2oob.msi or install the whole package and find the installers under C:\Program Files\BootstrapperPackages

https://msfn.org/board/topic/182599-nt-5x-windows-update-urls-dump-inc-custom-support-updates/

@Boss Did you verify the new certificate is properly trusted? i.e. check authroot.stl signature and you may need to redo steps in https://support.microsoft.com/en-us/topic/3acf0348-0f81-7c79-7029-a7c6c861cdfc

@Boss based on picture 6, parent "Microsoft Root Certificate Authority 2010" is not properly trusted in your os http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt CertUtil -addstore Root MicRooCerAut_2010-06-23.crt

@mockingbird Are you sure the msp files from the corresponding loc updates did not replace KB4504738/KB4504702/KB4493218 files in Updates folder? i mean these updates, you should only extract the language msp file from them: msoloc2010-kb2956076-fullfile-x86-glb.exe powerpointloc2010-kb4092435-fullfile-x86-glb.exe wordloc2010-kb4461625-fullfile-x86-glb.exe KB4011610 is provided as text file that contain the download links you should choose and download the right file per Office language (e.g. eqnedt322010-kb4011610-fullfile-x86-en-us.exe) KB3001652 is VC runtime (similar to VC++ redists), it's not actual update for Office 2010 itself

https://aka.ms/framework-sha1-retirement

Hence the description "Custom Support Updates", AKA internally for paid companies it had been known for years that XP SP3 got those custom unpublished updates, but now we know that W2k and W2k3 got them too custom updates for W2k started in 2014-06, at the same time when the custom support program started for XP SP3 the links are public, the updates are not blocked for installation, what would be suspicious?

Might be another bummer for XP Microsoft to use SHA-2 exclusively starting May 9, 2021 KB5003341: Issues you might encounter when SHA-1 Trusted Root Certificate Authority expires