heinoganda

There was an update for an ECC certificate, as this certificate is not supported under Windows XP and there were no other changes, so an info on this update was superfluous. New: CN = Microsoft ECC TS Root Certificate Authority 2018 O = Microsoft Corporation L = Redmond S = Washington C = US

@yuhong Because of the updates KB4034775 and KB4458006, the updates KB4042007, KB4050795, KB4093257 and KB4463573 should be considered as well, as they also update components of MS Jet 4.0! If KB4034775 is only supported by SSE2 processors, then it can be assumed that all follow-up updates, where the same files of KB4034775 are included, will also need SSE2 processors!

@dencorso You were faster than me, but still it would be good to include this information in the first post of this topic. That could be updated by the "resident supermegaüberhyper-ultraparanoid" from time to time!

As for your question, the settings are OK. At KB4459091, here an update was released which addresses an issue in KB4019276.

Update for TLS (KB4019276) released! This update addresses an issue where it was not possible to disable TLS 1.0 and TLS 1.1 with FIPS mode enabled. http://www.catalog.update.microsoft.com/Search.aspx?q=KB4459091 http://download.windowsupdate.com/c/msdownload/update/software/updt/2018/10/windowsxp-kb4459091-x86-embedded-enu_6f260244fafd69643591ded6624997eb2211b627.exe

To install KB4457046 you need .NET Framework 4 Extended (dotNetFx40_Full_x86_x64.exe + Finnish language pack). Unfortunately, only .NET Framework 4 Client is offered at WU / MU, hence the current problem with KB4457046 that can only be installed if .NET Framework 4 Extended is installed.

Since Chromium is being further developed and also JavaScript, it remains clear that various plugins are no longer compatible with Chromium 49. In Advanced Chrome, the JavaScript is older than by Chromium 49. On Google Chrome 49, I could to persuade μBlock 1.17.0 still working , for this which I have adapted the file manifest.json ("minimum_chrome_version": "49.0") and have taken over the file "asset-viewer.js" from the μBlock version 1.16.20.

It was only a matter of time before older Chromium versions are no longer supported by μBlock (last version which supports Chromium 49 is version 1.16.20). For this reason, you can download an older version from Github in the following link and run it in developer mode under Extensions. https://github.com/gorhill/uBlock/releases

With the registry entries only TLS 1.0, TLS 1.1 and TLS 1.2 has been activated.

Only KB4019276 and current cumulative update for IE8 (KB4462949) is needed! KB3055973 was replaced by KB3081320 and KB3081320 by KB4019276. Following the settings for the registry so that TLS 1.1 and 1.2 can be selected in IE8. Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\CRYPTO\TLS1.2] "OSVersion"=- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\CRYPTO\TLS1.1] "OSVersion"=- [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings] "SecureProtocols"=dword:00000a80

@Tangy Use Regedit to delete the Cert_Updater entry (under HKEY_LOCAL_MACHINE\SOFTWARE delete Cert_Updater) and then execute Cert_updater 1.6 again. The default values are then re-entered in the registry including the change of the download URL's.

No, you do not have to. Do you see the picture of this post?

@Dave-H That may be because I have implemented a Webspider function, where only on the sst file of comparison URLs accesses and if new is downloaded first. This function can also be disabled in the registry under "HKEY_LOCAL_MACHINE\SOFTWARE\Cert_Updater" for the entry "webspider_to_compare" (Default 1, Off 0). Here is a scan of Virustotal

Cert_Updater updated to version 1.6 Corrected several bugs, optimized the program, improved some features, an additional function implemented and download URL's updated. to the updated version

Update for root certificates: New: CN = Fina Root CA O = Financijska agencija C = HR CN = Hongkong Post Root CA 2 O = Hongkong Post L = Hong Kong S = Hong Kong C = HK CN = Hongkong Post Root CA 3 O = Hongkong Post L = Hong Kong S = Hong Kong C = HK URL update for Cert_Updater (insert the following code into a new text file, rename file extension txt to reg and execute it to update these entries in the registry or enter the changed URLs manually in the registry): Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Cert_Updater] "SST_Download_URL"="http://wsus.ds.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en" "SST_Download_URL_D1"="http://ds.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en" Those using heinoganda's Cert_Updater.exe should run it ASAP. Others needing a redistributable rootsupd.exe should follow his instructions for creating their own, or PM at 5eraph for an updated EXE file.

Cert_Updater updated to version 1.5 Corrected several bugs, optimized the program and improved some features. to the updated version

@Dave-H An error is still at the beginning and end to see again in the HTTPS proxy console, open the config.ini file in the HTTPS proxy directory, add the following entrie under [SSL pass-thru] and start HTTPS proxy again as usual. *push.opera.com* The next coming update of HTTPS Proxy will apply these entries. If you have such yellow error messages on certain web pages you can communicate them via PM. Otherwise, only Windows system log remains to see if this error still occurs.

@Dave-H Quit HTTPS Proxy, open the config.ini file in the HTTPS Proxy directory, add the following entries under [SSL Pass-Thru] and start HTTPS Proxy again as usual. *sync.opera.com* *autoupdate.geo.opera.com* Check if the error messages on the console of HTTPS Proxy still exist and if the error still occurs under Windows system log.

@Dave-H Do you have HTTPS proxy running when using Opera? If so, look for the console of HTTPS Proxy if there are yellow entries in the connections when syncing with Opera.The address (URL) of the yellow entry with the error message is needed (best the complete message) and if necessary an entry must be inserted at the config.ini.

KB4074852 and KB4134651 no longer play a role, both have been replaced by KB4134651-v2. If KB4134651-v2 is installed from MS (oleaut32.dll version 5.1.2600.7494), the file oleaut32.dll has a size of 534 KB (546,816 bytes). In the modified KB4134651-v2, the file oleaut32.dll was taken from KB4018556-v2, only the file version was changed from 5.1.2600.7248 to 5.1.2600.7494 and has a size of 550 KB (563,200 bytes). If KB4134651-v2 is installed as a modified variant, the file oleaut32.dll should be present in the folders %windir%\system32 and %windir%\system32\dllcache with the file version 5.1.2600.7494 with a file size of 550 KB (563,200 bytes). If KB4074852 and/or KB4134651 is installed, the modified update KB4134651-v2 can be easily installed, but if KB4134651-v2 is installed from MS, it must first be uninstalled. By the way, there are also problems with WLAN with KB4134651-v2 from MS.

@Dave-H It would be an advantage if you could find the certificate in the below displayed HEX data, with this error message. The problem is because of the Avast with a certificate with outdated encryption technology for me too, because at Avast the Windows XP support on the technical state of April 2014 has stopped (root certificate with outdated and unsafe encryption technology are still used). This seems to happen when the definition data is updated, which is not a problem because a backup server works with modern encryption technology. For today is once over and will go to sleep.

@BTTB In any case, the POSReady updates were installed with the parameter -n (-nobackup), which means that they can not be uninstalled regularly. If updates are installed via AU / WU or MU this is not the rule. Furthermore, a big thank you to @Mathwiz, who drew your attention to the fact with KB4134651-v2. From me you have only the "remedy" to uninstall the original update KB4134651-v2, so you could install the modified KB4134651-v2 correctly. An info in the first post of this topic regarding KB4134651-v2 would be appropriate, as long as no adequate update is available. Hopefully the MS will finally wake up and bring the oleaut32.dll file back to a state where all Windows XP variants work correctly again.

@BTTB I wrote to you via PM that you have to uninstall KB4134651-v2 and not KB4134651. The file version of KB4134651-v2 is higher than that of KB4134651, so it is sufficient to uninstall KB4134651-v2! If you can not uninstall KB4134651-v2, I can create a suitable uninstaller for you (ENU, DEU and FRA possible).

Cert_Updater updated to version 1.4 Various features implemented so that no obsolete sst files are installed. It is now possible to use additional download sources for existing download sources (up to 5), one another download source has already been added. Further information can be found in the file "Info Version 1.4.txt". to the updated version

As of Windows Vista, the functionality of UPHClean has been integrated, not UPHClean itself. UPHClean version 2.0.49.0 is, to my knowledge, a beta version. The last official version of UPHClean was version 1.6g from August 2012. Download version 1.6g from Wayback Machine