heinoganda

Simply put the updates NDP30SP2-KB3048073-v2-x86, NDP40-KB2979575-v2-x86, NDP40-KB3048074-x86 and NDP40-KB3072309-x86 are no longer needed, they are superfluous. About why the older updates are unnecessary, should simply look for the latest updates from Microsoft on the support side and the replaced Updates are listed under "Update replacement information". This is the same as I would for a new installation, install all updates for Internet Explorer 8 since it was released, although currently only two are needed for this (KB2598845 and KB3104002). This topic has also been discussed here in the thread. Here's a comparison of NDP40-KB3072309-x86 and NDP40-KB3099866-x86: @hmuellers Just a note, if it would be here all the users just do not care, this thread would be empty.

@hmuellers For .NET Framework replaced Updates: NDP30SP2-KB3048073-v2-x86 replaced by NDP30SP2-KB3072308-x86NDP40-KB2979575-v2-x86 replaced by NDP40-KB3097994-x86NDP40-KB3072309-x86 replaced by NDP40-KB3099866-x86

@SD73 In reference to my post http://www.msfn.org/board/topic/171814-posready-2009-updates-ported-to-windows-xp-sp3-enu/?p=1102863 you should check if "KB3072630" is installed, which is also "KB942288-v3" installed.

@5eraph Came out from the date of publication, of course, the creation date is endowed earlier. Then of course this is not an error, ultimately I think it does not matter. Was probably so little irritated. Info: Last Download the Files authroots.sst, delroots.sst and updroots.sst have the Date 2015/11/20. @pcalvert You can choose what you would you rather do. It is enough if you execute Cert_Updater.exe, just as if you execute RvkRoots.exe. One of them is sufficient.

@5eraph Thanks for the info, but at the date of publication, an error has crept in, who was on 2015/12/08, according to Security Advisories. @all Now To date, in each case an update for the .NET Framework 2.0 and .NET Framework 3.0 is missing.

@5eraph The root certificates (rootsupd.exe) were also republished!

@hmuellers "Cert_Updater.exe" must be carried out again, because the current files (*.sst) each are times downloaded currently from MS. It must be run again only "Cert_Updater.exe". Simply put, the tool "Cert_Updater.exe" can be used each time to update the certificates.

@5eraph Imagine that the tool for users interesting is where still use the Windows Update function. For November we are still missing an update for the .NET Framework 2.0 (KB3097993 expected), then we are also completely as far as the Windows XP updates. Noted time on the edge of RDP 7.0 for XP updates KB3023299 (tswbprxy.exe) and KB3075221 (mstscax.dll) were not disclosed. Since I myself updates tinkered with the help of the updates for Vista (identical files from RDP 7.0), where function properly. Is there maybe even official updates?

@5eraph Thanks for the info to update the root certificates. (November 2015) @all where the downloader and updater program (Cert Updater.exe) use. To update root certificates for November 2015, any possible "Cert_Updater.exe" are running again.

@dencorso That was good, a way you've forgotten to show that the user may tinker the two updates itself together after the guidance. Think of the normal user wants to keep the system functioning only up to date is likely to go well with the updater and does not rely on the updates in the future newly created are available. (Then there are even four alternatives)

@vinifera The small downloader and updater for certificates based on the turtorial have previously published. @all In this context I have just a conversation with Monroe (PM) based on the topic "Certificates manager Question" where it sometimes comes to SHA-2 certificates. Currently one needs KB3055973 to get more functionality. Because this update can be installed only on the English version of Windows XP, users can get this as a multilingual version by request (PM).

@jaclaz Finally you will be enlightened. With the theme of DirectX for XP projects, although I have read on the edge of something but is concerned that I did not care because I do not have games that require it. Think then every have at least something to laugh at my last posts. (Because you can never know for sure what malicious software is because maybe still included.) Thank you! @vinifera Hope you're not angry with me. Have been informed precisely about the "alky" project.

(off topic) @vinifera Take me not bad, based on the theme alcohol you're right. What does alcohol do with this topic? Excuse me just makes me laugh or have I understood something wrong. (The wording "alky" (An alcoholic or mean the Program Alcohol) is a bit problematic for the translator.)

(off topic) @vinifera You apparently successfully vaccinated MS. Remember vaccines can have side effects. Joking apart, I would be more concerned about a variety of updates that since making yourself and your computer in the style of Windows 10 glasses. Tagged "Customer Experience and diagnostic telemetry", which sounds very harmless but it is demonstrated in my eyes a fire hazard. (demonstrably be with under Screenshoots transferred to MS when installing programs) Moreover, this forum is to share experiences and knowledge, but not for selective misinformation what div. companies a lot of money to pay so that it brings the press under the User. This is my contribution to the legal API's topic!

@hmuellers Have it changed in "Do you want to update certificates?", think this is ok. (Thank you for the suggestion)

@hmuellers At times before the end of support, and at the present time these two updates were only to undo in the corresponding are removed certificates by hand in the Certificate Manager. (Thanks for the hint, I have created until now, and I'm going to change immediately, will not affect the function.)

@ Dave-H If you are a few posts back go there a lot to read, I use the latest version numbers were where officially in updates where to refer on WU and MU (especially were offered in May 2014. by WU and MU otherwise an older update, I'm a bit careful because nobody knows what that MS still in the future at WU and MU incorporates for queries, especially for Windows XP.) The Cert Updater incidentally is no version number, to the confusion not able to finish.

@ Dave-H Excuse my bad English, you need no new program as long as the download links work. If MS updated the certificates then this program will download the newer root certificates and revoked certificates (https://technet.microsoft.com/en-us/library/security/dn904173.aspx). It is enough to run it every 3 months, except at times when there is an Security Advisory announcement due to uncertain certificates. (Which I'll announce in this forum also).

@Dave-H Not quite: when you run the program the current root certificates and rekoved certificates are freshly downloaded and then updated thereafter. It can be executed at any time to update the certificates, but an Internet connection to MS is required, in order for it to be able to retrieve the latest certificates.

For all who are interested in an independent Update Root Certificates and revoked certificates, I want to offer a small downloader and updater (available now) without version confusion. Download Download 2 Archive Password: S4QH5TIefi7m9n1XLyTIZ3V5hSv4se1XB6jJZpH5TfB6vkJ8hfRxU7DWB2p Eliminates misspellings, change from "Continue updating?" to "Do you want to update certificates?" thanks @hmuellers update 10/05/2018 Version 1.6 Corrected several bugs, optimized the program, improved some features, an additional function implemented and download URL's updated. update 09/29/2018 Version 1.5 Corrected several bugs, optimized the program and improved some features. update 09/25/2018 Version 1.4 Various features implemented so that no obsolete sst files are installed. It is now possible to use additional download sources for existing download sources (up to 5), one another download source has already been added. Further information can be found in the file "Info Version 1.4.txt". update 06/29/2018 Version 1.3 Added feature, more information in "Info Version 1.3.txt" in the download. update 02/16/2016 Version 1.2 Due Country-specific formats of date display, partly the creation date of sst files was not correctly displayed. update 12/18/2015 Version 1.1 The creation date of the downloaded sst files appears.

@Dave-H Be worried, yes, but do not panic. Have you viewed the link at (Security Advisories), as some will be explained with regard also to obtain the update. Since the 4 currently revoked certificates are listed by the way. That you have more certificates may be because that your Windows already a very long time is in use where just already often a non-existent root certificate from Microsoft (crypt32) or you have certificates imported. On my host PC I have collected 456 certificates .

@hmuellers Quite simple really, look here https://technet.microsoft.com/en-us/library/security/3097966.aspx there are listed the current revoked certificates. Then look in your Certificate Manager on revoked certificates if present, would currently 68 certificates to be listed as disabled. By POSReady 2009 trick I have when I check by IExplorer the updates no corresponding update available to this day. (The same with automatic updates) Have times after the update (KB2677070) sought where the function of automatic update of revoked certificates implemented, there was no update for Windows XP incl. Div. Derivatives such as POSReady 2009 provided. Just because you entry in a registry making means that this is still far from this feature available. (The only thing that has Windows XP, which is at an unknown root certificate that is downloaded when needed at Microsoft. This has absolutely nothing to do with revoked certificates.) In short words, a way how to make do I have provided, ultimately can handle everyone as he wants, otherwise I am very realistic and facts speak for themselves. In .NET Framework I thought of update rollups that are of particular interest for new installations. (There are any resembled the *.msp files within a Hotfixinstallerpaket summarized)

@hmuellers Damage can be a root certificates update is not (Unfortunately, I do not know what the future Microsoft still plans), but safety relevant are the revoked certificates! (Since it's enough if automatic updates are enabled, you might get accidental harmful update because the safety chain is open.) On the subject of the .NET Framework installation with update (.NET 3.5 and 4) I have times with the "hotfixinstaller" in the update packages deals. Now, all .NET 3.5 updates, and .NET 4 updates have each combined into one package. A test installation under VMware with a processor (2.4 Ghz) and 512MB memory (Complete .NET 3.5 & 4) I have 25 minutes. required! What do you think about it?

@hmuellers Firefox and Oracle Java has its own certificate management and is not dependent on the Windows Internal Certificate Management. By comparison, Chrome, IExplorer, automatic updates, RDP 7 (Encrypted connection possible), ect . is dependent on the Windows Internal Certificate Management. Note: My .NET lists I have also been updated. @Dave-H Regarding the "crypt32" entries in the eventlog means that the root certificates in Windows is updated, if a certificate is detected that does not originate from a certified body. So to say only to need. (this function applies to experts as controversial possibly vulnerable, since possibly someone one could foist a rotten root certificate.) What however with revoked certificates under Windows XP (as Windows Vista automatically) does not take place! "rootsupd.exe" is of interest for a new installation or if this function (crypt32) subsequently uninstalled / deactivated. Here is a list of root certificates from Windows XP to New installation and running "rootsupd.exe": Here is a list of rekoved certificates from Windows XP to New installation and running "rvkroots.exe" (Security Advisories): Based on the lists, you can look in the Certificate Manager and make a comparison.

@glnz How are you, you have already installed the updates? If so far everything has worked out?