heinoganda

This problem was known Therefore KB4018556 was published in a revised version again (KB4018556-v2).

There is also a belated security update from MS. WindowsXP-KB4025409-x86-XXX.exe 07/13/2017 Infos: https://support.microsoft.com/en-us/help/4025409/security-update-for-the-windows-elevation-of-privilege-vulnerability https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8563 https://support.microsoft.com/en-us/help/4034879/how-to-add-the-ldapenforcechannelbinding-registry-entry Applies primarily to clients that are logged on to a domain.

Update with 2 more root certificates: CN = Application CA G4 Root O = LGPKI C = JP CN = PosDigicert Class 2 Root CA G2 O = Digicert Sdn. Bhd. C = MY Those using heinoganda's Cert_Updater.exe should run it ASAP. Others needing a redistributable rootsupd.exe should follow his instructions for creating their own, or PM at 5eraph for an updated EXE file.

Small info: Have my Google Chrome PPAPI Flashplayer Updater uploaded again because the download had expired.

Since July 2013 the updates for all XP variants are only published in the QFE branch. KB4032782 solves the problems with printing under IE8. Anyone who does not print via Internet Explorer anyway can rest assured to wait for the next cumulative update for IE8 in July 2017 where this update is introduced. (There may be users who want to print from Internet Explorer shortly content of websites.) I can confirm, but the link to Microsoft Update still does not work on the Windows Update page.

When downloading the definition updater, there are the files "Readme first.txt" and "Info.txt", where the call parameters are described in the latter. MSE_DEF_UPD.exe /aig (To execute via the task manager) (as User "NT AUTHORITY\SYSTEM") Create a Corresponding Task in the Task Manager, and the definition updater is run at regular intervals.

There was also an update for IE8 KB4032782 Info: https://support.microsoft.com/en-us/help/4032782/a-blank-page-or-404-error-prints-when-you-try-to-print-a-frame-in-ie Regarding Petya's nemesis since the user should not open each attachment at an e-mail, especially with unknown origin! It should with older Office versions not be opened attachments with rtf documents! With Wordpad under Windows XP, this gap was closed by KB4014793 in April 2017! More Infos: https://www.bleepingcomputer.com/news/security/wannacry-d-j-vu-petya-ransomware-outbreak-wreaking-havoc-across-the-globe/

On the one hand, there were updates for the .NET Framework 3.5 and 4 packages which were not offered via AU / WU / MU, on the other hand, several updates were not required by a newer one where MS has not documented! Just open the patch files (ending msp) with 7zip and see if a newer patch the corresponding files are present.

Opera 12.18 is not a Chromium based browser, so no PPAPI Flashplayer works!

It does not surprise me, especially since the updates are available. Well, the users installing the POSReady Updates have already received these updates partially at an earlier date. MS does not want to stand as a guilty after the WannaCry attack, as it is to be expected that even more NSA tools are used.

Unfortunately the search is still missing KB4012583 and KB3197835 for Windows XP sp3! In addition, "Microsoft security advisory 4025685: Guidance for older platforms: June 13, 2017" has been informed about these updates!

For Updates simply the download links via the WSUS Catalog (for example, to KB3118304), since each user can choose the language that the required. For the Windows XP updates, disable automatic updates, first install the Cumulative Update for Internet Explorer 8 every second Tuesday of the month and then start a manual search in Windows Update (Disable Microsoft Update) in IE. http://update.microsoft.com/windowsupdate Unfortunately, I can not offer a better solution, so many scenarios have already played many times, with no better way to avoid the high CPU utilization at svchost.

Disable Automatic Updates and restart the computer, which allows the processor load to go to a normal level. Is a newer Office version installed?

@bluebolt Try the links from this comment. Here is always the latest version of the Flashplayer's available.

Correctly. @glnz Regarding the security updates that MS officially offers for Windows XP sp3 for download are not needed when POSReady updates are installed! For those who do not install POSReady updates: Have a comment added with the available updates for Windows XP sp3.

Available updates for Windows XP sp3 (not required if POSReady updates are installed!): KB4012598 http://www.catalog.update.microsoft.com/Search.aspx?q=KB4012598 sp3 KB4012583 http://www.catalog.update.microsoft.com/Search.aspx?q=KB4012583 sp3 KB4022747 http://www.catalog.update.microsoft.com/Search.aspx?q=KB4022747 sp3 KB4018271 IE http://www.catalog.update.microsoft.com/Search.aspx?q=KB4018271 sp3 KB4018466 http://www.catalog.update.microsoft.com/Search.aspx?q=KB4018466 sp3 KB3197835 http://www.catalog.update.microsoft.com/Search.aspx?q=KB3197835 sp3 KB4024323 http://www.catalog.update.microsoft.com/Search.aspx?q=KB4024323 sp3 KB4024402 http://www.catalog.update.microsoft.com/Search.aspx?q=KB4024402 sp3 KB4025218 http://www.catalog.update.microsoft.com/Search.aspx?q=KB4025218 sp3 KB4019204 http://www.catalog.update.microsoft.com/Search.aspx?q=KB4019204 sp3 If the following updates do not exist, install them. KB2705219 http://www.catalog.update.microsoft.com/Search.aspx?q=KB2705219 xp KB2347290 http://www.catalog.update.microsoft.com/Search.aspx?q=KB2347290 xp

It is the official version 49, but with updated components (Translater, PPAPI Flashplayer ect.) without interfering with the support ending with Windows XP. For a flawless function on websites with modern encryption I use additionally a local HTTPS proxy.

Regarding EsteemAudit, MS has released a security update (KB4022747, gpkcsp.dll) for the corresponding SmartCard component! Info: https://support.microsoft.com/en-us/help/4022747/security-update-for-windows-xp-and-windows-server-2003 (The download links on this website do not work) Related Downloads: http://www.catalog.update.microsoft.com/Search.aspx?q=KB4022747

It is correct that only the latest version can be downloaded, but I have archived offlineinstaller of older Google Chrome versions. With below for the last working version under Windows XP (49) I created my own installer, where at least various components are up-to-date.

This assertion I can contradict! Downloadlink for x86 / x64, as well as for business x86 / x64. What some users have not yet known is Google Chrome and Firefox WebRTC have implemented where it is possible to an IP backtrace despite VPN or proxy. Both Web browsers use the same stun server (stun.l.google.com). Nevertheless, I would be very pleased if Google Chrome after the versions 49 could work again.

Frankly, I do not panic, especially since I have a firewall installed on the computers where generally only of the RDP ports for the local network pass. As I wrote in a previous comment, the restriction of the authorization for RDP by KB982316 and on the other hand by the deactivation of the possibility of a registration by SmartCard are sufficient to stop EsteemAudit. The actual vulnerability with SmartCard is not solved because a patch is needed by MS. (Apparently, the NSA needs this backdoor for other dirty tricks.) A test with the Esteemaudit metasploit showed me that the countermeasures work. In short, there will never be a 100% secure Windows!

Do not believe any statistic they have self not falsified. The graphical presentation speaks for itself! Apparently, a lot of money has been paid to marketshare, so that the statistics should convince the last XP users to move to Windows 10 (Soon including patented censorship technology). Recent discoverie, the earth is now flat!

On the one hand, access rights to RDP are restricted with KB982316 and on the other hand, EsteemAudit can no longer rely on the vulnerability in the gpkrsrc.dll file (resources for Gemplus cryptographic service providers) through the entry in the registry (GroupPolice). In the end, the vulnerability in the file gpkrsrc.dll (SmartCard) remains. Maybe the pressure is increased by the corporations where Windows XP (including variants like POSReady 2009) and Server 2003 is still in use, that comes someday a patch. Incidentally, the test only works on Linux with wine.

The entry does not exist, but if this key is entered this, the smart card authentication is disabled in RDP and thus the authentication at EsteemAudit stopped. Specifically, it is about a vulnerability in the file gpkrsrc.dll (resources for Gemplus cryptographic service providers). This makes EsteemAudit ineffective. Even I use RDP to access some computers in the internal network. KB4018556 (KB4018556-v2) works perfectly for me, no problems.

Reading about EsteemAudit: https://researchcenter.paloaltonetworks.com/2017/05/unit42-dissection-esteemaudit-windows-remote-desktop-exploit/ Possible Countermeasure: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services] "fEnableSmartCard"=dword:00000000 To test: https://github.com/BlackMathIT/Esteemaudit-Metasploit