VistaLover

Page saved for posterity in the webarchive: https://web.archive.org/web/20170810231809/http://www.msfn.org/board/topic/176902-enabling-tls-1112-support-in-vistas-internet-explorer-9/ @Ruan Welcome to MSFN (apparently a little too late ) Thanks for your kind words...

... I was about to post August 2017 updates for WS2008, applicable to Windows Vista SP2, in this thread, when I became aware of the devastating news... I usually hesitate to register to forums, what with making my e-mail address available to others, but never for a moment on MSFN; it's true I only joined one and a half years ago, but was a guest many years prior... The wealth of information that has accumulated over the years is simply overwhelming; it'd be such a pity if all went away just like that... Thanks to all members who already gave me 32 reps with just 34 posts - I pale in comparison to all the knowledgeable people here... @2008WindowsVista Vista being my preferred OS, I have always valued greatly your Vista related posts; I fear I might have to move to Win7 or Win8.1 soon as my main OS (but no way to Win10), your Vista transformation guides of Win7 and (yet to be published) Win8.1 was one of the few reasons I'm even considering the OS upgrades... Are they to be found somewhere else? I think I'll pm you my e-mail address so you could please notify me of your eventual new "home"... I really do not know if I'll be able to back up anything (the real question is where to start from?); 12 August 2017, but at what time and on what timezone? I am myself on UTC+03:00 currently (EEST), so little time left... I suspect Google cache will retain some pages for some days, but... At the forum maintainers: Thank you for an excellent service to a broader community

... First thing I did was to have a read of wiki's entry for IE10; according to them, there were in total six IE10 Platform Previews released; the first two ran on Win7+, but the last four ran only on Win8. Did your successful test involve IE10 Platform Preview 1 ? It appears that "the first preview release came four weeks after the final release of Internet Explorer 9", so it might be that the code hadn't diverged much then from IE9 Final, hence your ability to run it on Vista... I managed to grab myself a copy of iepreview.msi file, with a digital signature of 2011-11-22 (probably Platform Preview 2), but am reluctant to run it on my main Vista SP2 laptop; what impact, if any, did it have running on your system? Running just the extracted iepreview.exe (hence in semi-portable mode), how was the (installed) version of IE9 affected? ... and what about file associations and the like? Intriguing as your experiment seems, I think it's just that - an experiment; this IE10PP(1?) can't be used as a permanent replacement to IE9, plus it won't receive any security updates from MS; while, OTOH, IE9, with all its inherent flaws, will be patched until Jan 2020... BTW, have you tried running the .msi directly? I did myself; it doesn't warn me of an incompatible OS, in fact it appears as though the installation will proceed once I accept ToS: I haven't though, and cancelled the installation... OTOH, trying to run IE10-Windows6.1-x86-en-us.exe (off-line installer for Released IE10 for Win7) alerts me to the fact that: On a later date, when I'm feeling more adventurous, I might create a Restore Point and then go on with the ie10pp installation, just for the sake of it...

I've already mentioned this issue: Original post is about implementing TLS 1.1/1.2 support to IE9; it will allow for opening HTTPS websites that were previously inaccessible to IE9, because it would go as far as TLS 1.0. Sadly, the recent MS update has nothing to do with IE9's rendering engine, which is what's used to properly display (render) a loaded webpage . For sites that do open but don't display correctly (and/or are not fully functional) you'll have to use another, more modern, browser that supports more recent Javascript and CSS code needed to render them correctly; apologies, but I'm not an expert in HTML and web design, so my terminology might be somewhat off, but I think you still get the picture (... or lack of it, if it fails to render in IE9 ! ). Please have a read of this older forum thread ; WS 2008 SP2 is already inside Extended Support (i.e. no new features, only security updates issued for it), so I was pleasantly surprised by KB4019276 which, depending on how you look at it, could be considered as a new OS feature; OTOH, it can simply fall inside the "security" category, since it improves the "security" protocols used when accessing HTTPS web places... I don't think that MS will issue any future updates in the remaining 2.5 years (till WS 2008 SP2 becomes EOL) that would enable an upgrade of IE9's layout engine - security: YES, they are still catering for that; functionality: THEY SIMPLY DON'T CARE; else they would've upgraded their own browser to IE10 or IE11 (possibly after a Vista/WS 2008 SP3 and/or a second Platform Update...).

As all of you Vista users surely know, IE9 is the last version of the MS supplied browser that can be installed on that OS. It has several prerequisites, notably KB948465 (SP2 for Vista SP1), KB971512 (Windows Graphics, Imaging, and XPS Library) and KB2117917 (Platform update supplement for Windows Vista); you can read more here. MS had continued patching security vulnerabilities in IE9 on Vista SP2 via "Cumulative Security Updates for Internet Explorer 9 on Windows Vista SP2" up until Vista's EOL on April 11th of this year (update KB4014661). MS will continue patching IE9 on Windows Server 2008 SP2 (as, again, it's the last version installable there, too) until that product reaches its (Extended Support) EOL in 2020. If you have been following our Server 2008 Updates on Windows Vista thread, then you should have already installed follow-ups KB4018271 (May 2017), KB4021558 (June 2017) and KB4025252 (July 2017). For the rest of this post I'll assume your Vista SP2 OS (ergo IE9 copy) is fully updated even with post EOL updates intended for WS2008SP2; e.g. on my setup (Vista SP2 Home Premium 32bit), "About Internet Explorer" looks like: For those of you out there with an intention to using IE9 as your main browser on Vista, sadly, you'd have come to the conclusion it's only half-usable currently, at best; this is a result of: 1. Most modern sites have removed support for IE9 completely, via UA string sniffing: Somes sites (like Youtube) offer a workaround, for others it may be necessary to spoof the actual UA string as one from a later OS+IE version (e.g. via the "Set UA String" IE addon). 2. Many sites have moved to recent web design, so they don't render correctly (if at all) in IE9, even in "Compatibility View" (well, actually, this is to be expected; CV means the site was optimised for IE8-); FWIW, even MS pages don't display correctly now in IE9 . 3. A third scenario I find quite irritating is that many sites fail to load at all in IE9 if they use the HTTPS protocol; with the recent move of many major sites to the more secure, encrypted, HTTPS, "allegedly" to increase user privacy and security, I found the list of "secure" sites not opening in IE9 growing at a high rate; of course there's always Firefox, but it's IE9 we're discussing here... Upon investigation, I discovered this is due to IE9 on Vista only supporting TLS protocol v1.0; this is considered by today's standards no longer secure enough, so many sites using HTTPS have moved to the more secure versions 1.1, 1.2, even to 1.3! Fortunately, a recent MS update (intended for the WS2008SP2 OS) can be applied on Vista SP2 that will implement TLS 1.1/1.2 support on Vista's IE9, too! ; I have spoken about this important update here. 1. Install then KB4019276 2. Reboot the Vista machine 3. After restart, launch the Registry Editor (regedit), preferably as Administrator. 4. Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\CRYPTO\TLS1.1 5. Delete the "OSVersion"="3.6.1.0.0" subkey; BTW, I don't know which WinOS that string refers to (Win6.1=Win7) 6. Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\CRYPTO\TLS1.2 7. Again, delete the "OSVersion"="3.6.1.0.0" subkey. Exit Registry Editor. 8. Launch IE9; Tools -> Internet Options -> Advanced tab -> Scroll all the way down to "Security": Prior to KB4019276 and registry manipulations, only "Use TLS 1.0" had been available on Vista; you should have already unchecked the older "Use SSL 2.0/3.0" options, to avoid being targeted by "POODLE" attacks; uncheck "Use TLS 1.0" (optionally also "Use TLS 1.1") and check "Use TLS 1.2". 9. Click Apply, OK, then exit IE9. 10. Upon restarting IE9, you'll find you can now visit all those sites that previously would not load due to unsupported TLS protocols: 10. You can verify further that indeed 1.2 is being used during server-client negotiations via specialised sites or via IE9's native GUI: I honestly hope you'll find my post to be of value; enjoy your more secure (than ever before?) Vista OS!

Source: Description of Software Update Services and Windows Server Update Services changes in content for 2017 Tuesday, July 18, 2017 Non-security Updates 1. July, 2017 Preview of Quality Rollup for .NET Framework 2.0 SP2, 4.5.2 and 4.6[.1] on Windows Server 2008 SP2 (KB4032116); MS Catalog link: KB4032116 This is a .NET Framework bundle update, that breaks down to the following individual ones: 1a: May 2017 (Yes, May) Preview of Quality Rollup for .NET Framework 2.0 SP2 on Windows Server 2008 SP2 (KB4014592); I haven't been able to find concrete info on why this was re-released; FWIW, if you have been following this thread, you should've already installed this as part of the May 2017 .NET FW updates, as outlined here ; no need to re-install if already inside your list of installed .NET FW updates. 1b: July, 2017 Preview of Quality Rollup for the .NET Framework 4.5.2 on Windows Server 2008 SP2 (KB4024845); if (by choice) you're still on .NET Framework 4.5.2, then this one's for you... 1c: July, 2017 Preview of Quality Rollup for the .NET Framework 4.6 (and 4.6.1) for Windows Server 2008 SP2 (KB4024848); if on .NET Framework 4.6[.1], that's the one for you (i.e omit the previous one). But be careful: It has another one as a prerequisite: D3D Compiler Update for Windows Server 2008 SP2 (KB4019478) You must first install (manually) KB4019478 (I wasn't asked for a reboot afterwards) and then proceed to install KB4024848; the latter took some time, but did install successfully (reboot required): PS: While file NDP46-KB4024848-x86.exe obviously pertains to .NET Framework 4.6, when actually running it one sees references to .NET Framework 4.7 (also, file version is stated as 4.7.2102.5); this has me believe it actually adds 4.7 features to the 4.6.1 installed version of .NET Framework (whereas, as you know, 4.7 itself won't install on Vista SP2). 2. Update for Windows Server 2008 SP2 (KB4019276); MS Catalog link: KB4019276 This is a most important update, as it implements TLS 1.1/1.2 support systemwide (to the whole OS); you can read more at MS's KB article. TLS 1.2 is the recommended standard for server-client authentication via the HTTPS protocol, recent Firefox and several other browsers already offer support for the next iteration, TLS 1.3. One can't help but wonder why this wasn't offered earlier for the Vista OS (NT6.0), while it was still under Extended Support ; as said, it's a significant security and performance enhancement to the NT6.0 platform, making it overall more secure and robust, in tune with current tightened internet security implementations. I will post a separate topic on how to enable TLS 1.1/1.2 support on Internet Explorer 9, Vista SP2 version - I don't have WS 2008 SP2 to check, but on my Vista SP2 Home Premium (x86) OS, just installing KB4019276 (and rebooting) wasn't enough . KB4019276 requires a reboot afterwards, other than that it installed fine:

You are welcome ... Just a small oversight on my part that I'd like to address: Inside the "Palemoon" directory resides another .dll related to MS VS2013, file vcomp120.dll, still on the old version 12.0.21005.1. I advised deleting only files msvcp120.dll and msvcr120.dll (the latter is the one that appeared in your appcrash log) and according to your post that alone worked; however, just to be on the safe side, I would also advise deleting (outdated) vcomp120.dll, too; can you check for me, please? As for the video playback issue of PM 27.3.0 x64, I followed your conversation with the developer here onwards, plus read the related GitHub issue; on my 32bit platform, I fail to duplicate your issues even when I deselect "Enable MSE for WebM video"; deselecting that GUI option sets in about:config media.mediasource.webm.enabled;false The following prefs are in their default state: media.mediasource.enabled;true media.mediasource.format-reader.mp4;true media.mediasource.mp4.enabled;true With the above prefs, in a fully updated Windows Vista SP2 32bit running PM 27.3.0 (32bit), Youtube are streaming via their HTML5 player DASH, avc1 (h264) encoded, MP4 streams: As posted previously, if I set media.mediasource.webm.enabled;true then YT prefer to serve their VP9 encoded WebM streams. The PM developer said that he has no access currently to a Vista OS; the fact that their "new" MSE mp4 format reader works in Vista 32bit but not on Vista 64bit is probably something that needs to be communicated to him, for eventual fixes - AFAICT, WMF/MSE on Vista shouldn't behave differently depending on OS architecture . Some words on the browser (PM) itself: I have always been a Mozilla Firefox person myself (since v2.0.0.x); a browser is a kind of app I always like to test, so I have tested PM several times in the past - as long as Fx was/is supported on Vista, I had no real reason to convert to PM. I will continue using Fx 52.x.x ESR as my main browser on Vista until, itself, is being EOL'd, but PM is an option I seriously consider after that time... The cruel fact is that PM has simply now diverged too far from being a Fx/Gecko fork; many of the Fx addons I currently rely upon will simply not work on it; some have PM equivalents, others not; the whole PM ecosystem is now (with the Goanna 3.2 platform) significantly different to Fx and AMO; AMO treats PM 27.3.0 as Fx 27.9, despite PM having in its UA Firefox/45.9. Most 27+ Firefox addons are old and unsupported, newer versions of them use newer SDKs incompatible with PM. So a definite loss of some functionality with the eventual move to PM... . And news for a long-term Vista support isn't good either; the next platform (UXP) that will follow Goanna won't be targeting Vista...

... Whatever your video playback issues are with PaleMoon 27.3.0 x64 on Vista SP2 x64, they must be specific to that architecture . In the release notes to 27.3.0, it is stated that On my environment, i.e. Vista Home Premium SP2 32bit with all post EOL MS updates, no Flash NPAPI installed, portable PaleMoon 27.3.0 (32bit), YouTube does play fine via their HTML5 player, serving DASH, VP9 encoded, streams: Plus, when visiting youtubehtml5 I pass all six of those tests (white ticks inside blue squares). If not already, go to Options -> Content -> Video and select all 3 "Enable" options: I also have no problems playing back local MP3/M4A/MP4 files...

Sadly, I'm on 32bit Vista HP SP2, so can't test this myself - but I did download "Palemoon-Portable-27.3.0.win64.exe" and extracted it with 7-zip. File msvcr120.dll that ships with it is on version 12.0.21005.1 (dig. sig. 20131005), which is already outdated, since MS has issued several updates to it; their "Microsoft Visual C++ 2013 Redistributable" package was on version 12.0.30501.0 (dig. sig. 20140501), while update KB3138367 installs version 12.0.40649.5 (dig. sig. 20160216). But I think your issue with Palemoon x64 on Vista/WS2008 falls into what is described in Update for Visual C++ 2013 and Visual C++ Redistributable Package : Vista/WS2008 do not support AVX state saving, hence (outdated) msvcr120.dll crashes... Install KB3179560 (dig. sig. 20160707) from that page (I would suggest both x86 & x64 .exe files, English - US locale), delete msvcp120.dll & msvcr120.dll from the "Palemoon" directory and then reboot - palemoon.exe 64bit should be able to load the updated versions of these dlls from System32 - if not, do as advised by burd Hope I've helped

Greetings from tropical Greece (36 Celsius as I write ). I really think that post should have been placed in the Updates Thread , the one you started! Well, no-one claimed exclusivity here, it's not like someone's discovered a new element, given past experience from POSReady updates ported to XP (and Server 2012 ported to Win8). Perhaps the "Sardoc" person did, in fact, got his/her idea from us (in which case a mention would've been proper), or perhaps not; either way, it's not like "water been spilt on sugar" (Greek proverb!). What I'm worried the most is the event Microsoft block the installation of WS2008 updates on Vista, as they did with their "Malicious Software Removal Tool" - which will run on WS2008 but not on Vista, despite both being Windows-6.0 .

... Haven't you read the part of my post about media playback (and some gfx) capabilities of Fx 53 being seriously impaired on Vista? Fx 53 on Vista will never work the same as the 52esr branch, because under the hood some functionalities that still work in 52esr don't on 53; just compare the youtubehtml5 score of 53.0.3 (on Vista) to 52.2.0esr (on Vista): E.g., this icecast mp3 stream will play natively in a tab on 52esr, 53 won't be able to play it (and may offer to download instead, or open via a dedicated player) ...

While the proper .exe setup won't install on Vista itself, you can download and install on Vista the portable (PAF) setup, available from portableapps repo: https://downloads.sourceforge.net/portableapps/FirefoxPortable_53.0.3_English.paf.exe So no need for a Win7+ box; I have used myself pe_patch.exe http://www.the-sz.com/products/pe_patch/ to change subsys version to 6.0; place pe_patch.exe inside /App/firefox/ and simply drag & drop firefox.exe onto it - its GUI opens; just manually change "Sub System Version", then click "Save" & "Exit" in the bottom. What pe_patch.exe patching does is actually reverting bugzilla bug 1322646 ; since the Firefox 53.0 code doesn't include functions not present in the Vista (in fact XP, too) kernell, the patched firefox executable will perfectly launch on Vista SP2 (should also do on XP SP3 !). While Fx 53.0.3 should be fine on Vista for casual browsing, your "it works flawlessly" statement is, sadly, not entirely true . The Firefox devs (namely a Japanese guy who harbours some unusual aversion to Vista) were very quick/keen to excise vital Vista support code; I tried to fight their decisions in the relevant bugzilla bugs back in the day, but, as you may assume, to no avail... In fact, at the initial bugs, Mozilla were to only drop support for XP, but, in another Google Chrome aping, Vista was put in the same boat... But I'm going OT here... Bug 1324183 has removed WMF support from Firefox on Vista, so Fx 53.0.x can't use system codecs (MP3, AAC, h264) to play back standalone .mp3/.mp4/.m4a media files or play back mp3/mp4 streams via HTML5. Adobe CDM has been removed, so has support for Quicktime/VLC NPAPI plugins, so media playback is a serious drawback here... Another bug (1329547) completes what 1324183 started... You can check yourself by visiting HTML5 test or youtube html5 . In another bug, WebGL(2) renderers, at least on my machine, can't use D3D11 and fall back to D3D9x; in Fx 52.2.0, about:support, graphics section: WebGL Renderer Google Inc. -- ANGLE (Software Adapter Direct3D11 vs_4_1 ps_4_1) WebGL2 Renderer Google Inc. -- ANGLE (Software Adapter Direct3D11 vs_4_1 ps_4_1) In Fx 53.0.3: WebGL Renderer Google Inc. -- ANGLE (Mobile Intel(R) 965 Express Chipset Family Direct3D9Ex vs_3_0 ps_3_0) WebGL2 Renderer WebGL creation failed: * Error during ANGLE OpenGL init. * Error during ANGLE OpenGL init. * Error during ANGLE OpenGL init. * Error during ANGLE OpenGL init. * Error during ANGLE OpenGL init. * Exhausted GL driver caps. There is additional XP/Vista specific code that was removed in the transition from 52.0 -> 53.0, I can't go on in detail here, so after my curiosity tests running 53.0.x, I saw no real gain in running that on Vista and went back to the supported 52ESR branch (currently on 52.2.0). And to save someone the trouble of trying to launch Fx 54.0 on Vista just by lowering subsys version, it doesn't work : ... As was reported by me 14 months ago ; again, the portable installation was used. Opera 37.0.2178.54 is based on Chrome 50.0.2661.102 code, so that is why it runs fine on Vista: As Opera 36 for XP/Vista has turned out to be a sort of a "joke" (hasn't been updated since August 2016), why not use (on Vista) Opera 37 ? They should be probably equally vulnerable, security-wise ...

Hi @Vistaboy and welcome to the MSFN forums Obviously, this is not the right thread to discuss this, but... On Windows 7 and earlier, WD != MSE; I think when you install MSE, WD is disabled by default - WD is a sort of antimalware app, while MSE can be regarded as a full blown security suite . While many 3rd party Security Suites can happily coexist with standalone WD (I know Kaspersky can, but even then it is advised you disable the real-time component of WD), MSE must be the only Internet Security Suite running on your system, to avoid conflicts... And in the case of both WD & MSE, some higher CPU/RAM consumption is expected/justified during the time WU checks for (and installs, according to WU settings) definitions updates (usually once daily) and during the time a scheduled scan is performed. If you did experience quite random significant CPU usage due to MSE, then you should investigate possible conflicts particular to your setup... Just my 2cent here...

Thursday, May 25, 2017 High Priority/Non-Security Update May 25, 2017: Update for Windows Server 2008 SP2 (KB4023136) Finally released, this is 2017 - Morocco Ramadan DST changes (MUC link), it was announced for WS2008SP2 on May 18th (see here). IMHO, it's safe to disregard if not inside Morocco...

While I see you're referring to major security (and other) updates for the whole OS, I have Windows Defender enabled and I still see that "icon" pop up in the tray area to prompt me to install def updates for WD; and if you happen to have installed other MS products for which MS support is still ongoing, then, I assume, that WU icon in the tray area is still relevant...

Hello As posted, if you search on Microsoft Update Catalog for KB4019291 - May 2017, Preview of the Quality Rollups for the .NET Framework 2.0 Service Pack 2, 4.5.2, and 4.6[.1] for Windows Server 2008 Service Pack 2 - and click on download with Mozilla Firefox, in the pop-up that opens you get three individual links for KB4014592: May 16, 2017: Quality Rollup for the .NET Framework 2.0 SP2 for Windows Server 2008 SP2 KB4014613: May 16, 2017: Quality Rollup for the .NET Framework 4.5.2 for Windows Server 2008 SP2 KB4014606: May 16, 2017: Quality Rollup for the .NET Framework 4.6[.1] for Windows Server 2008 SP2 You'll have to download & install windows6.0-kb4014592-x86(or -x64).msu regardless, which is the 2.0SP2 update. Then, if you're on 4.5.2 you'll have to download & install NDP45-KB4014613-x86(or -x64).exe, else if you're on 4.6/4.6.1 download & install NDP46-KB4014606-x86(or -x64).exe I can't answer those questions . I went for the latest installable version, which on Vista SP2 is 4.6.1. If you're on 4.5.2, as I see it you'll be prompted to update via WU to 4.6, the last officially supported version. As that is an in-place replacement of 4.5.2, all the 4.5.2 related updates will be uninstalled when you upgrade to 4.6, and then WU should offer you all the relevant 4.6 security and quality updates released for Vista until EOL, April 11th 2017. From then on, you should manually install all 4.6 released updates for WS2008SP2. If you manually update from 4.5.2 to 4.6.1, WU will not offer you any further updates - see also my previous post here ; all further updates will have to be installed manually. The "source" link I referenced does have such info; e.g. on KB4019291 it states: "Supersedes: KB3216520 on Windows Server 2008". But yes, I agree it's a pain in the rear end to keep track of...

Source: Description of Software Update Services and Windows Server Update Services changes in content for 2017 Tuesday, May 16, 2017 Optional/Non-Security Updates May 2017, Preview of the Quality Rollups for the .NET Framework 2.0 Service Pack 2, 4.5.2, and 4.6[.1] for Windows Server 2008 Service Pack 2 (KB4019291) This is a bundle, which contains: 1. May 16, 2017: Quality Rollup for the .NET Framework 2.0 SP2 for Windows Server 2008 SP2 (KB4014592) 2. May 16, 2017: Quality Rollup for the .NET Framework 4.5.2 for Windows Server 2008 SP2 (KB4014613) 3. May 16, 2017: Quality Rollup for the .NET Framework 4.6[.1] for Windows Server 2008 SP2 (KB4014606) (2 or 3 should be chosen and installed according to the version of .NFW you're on...) Thursday, May 18, 2017 High Priority/Non-Security Update May 18, 2017: Update for Windows Server 2008 SP2 (KB4023136) This is actually 2017 - Morocco Ramadan DST changes and the individual update for WS 2008 SP2 will be published in the coming days:

It was never my intention to show any hint of disrespect, so my sincere apologies if it came through that way . I only suggested (without giving it much thought, apparently) what appeared to me as a convenience for fellow Vista users (i.e. ease of access, much like what is being currently done in that other Vista thread, "Last versions of software for Windows Vista and Windows Server 2008"). Again, sorry for any misunderstanding caused!

No, it did not error out when I tried to install it - if you inspect my "Installed Updates" (second) screenshot you'll see it there; I just thought, after reading what it patches, that it should be redundant for Vista ... You probably know a lot more on this than I, so it's up to you what you do ; thanks again!

You are welcome @greenhillmaniac and thanks for creating the MEGA repo; is the link to it going to be stickied in the Windows Vista forum? Or, possibly, could a mod let you create a "new" #1 post in this current thread, which could, hopefully, be updated every month from now on? And a clarification about "Update for .NFW 4.6[.1] on Windows Server 2008 (KB4020503)", published May 2nd: The relevant KB article details that it patches an error specific to "Windows PowerShell v3.0+"; since PS v3.0 isn't available on Vista SP2, I would argue that patch (that I did include in my list in my previous post and you, too, included in your repo) isn't strictly needed on Vista SP2 ...

Today (May 15th 2017) I hunted down and installed all non-security and security Windows Updates destined for Windows Server 2008 SP2 32bit (that were published after April 11th 2017) onto my Windows Vista SP2 32bit laptop; together with security updates for .NET Framework 2.0 SP2, this is how it looks in the "Installed Updates" section of my WU: Further updates for installed .NET Framework 4.6.1 (not officially supported on either Vista SP2 nor WS 2008 SP2, but still installable on both these OSes, see here) were also hunted down and installed: So far, everything seems to be working as expected... @2008WindowsVista wrote: > I didn't try any updates related to .NET Framework, as I couldn't figure out how to obtain them. Well, my starting point for locating all Windows Updates is the following MS page: Description of Software Update Services and Windows Server Update Services changes in content for 2017 This gets updated in chronological order, whenever new updates are published... You can isolate WS 2008 SP2 updates and via the KB links you can hopefully arrive to individual WUC links (and pray that the catalog site isn't crawling like a worm...). Hence, for updates issued after April 11th 2017 (Vista's EOL), I have written down the following list of updates: April 18th (nonsecurity) Update for Windows Server 2008 (KB4015193) May 2nd Update for .NFW 2.0 SP2 on Windows Server 2008 (KB4020511) Update for .NFW 4.6[.1] on Windows Server 2008 (KB4020503) May 9th Cumulative Security Update for IE9 (KB4018271) Security Update for Windows Server 2008 (KB4018466) Security Update for Windows Server 2008 (KB4018556) Security Update for Windows Server 2008 (KB4018821) Security Update for Windows Server 2008 (KB4018885) Security Update for Windows Server 2008 (KB4018927) Security Update for Windows Server 2008 (KB4019149) Security Update for Windows Server 2008 (KB4019204) Security Update for Windows Server 2008 (KB4019206) (nonsecurity) Update for Windows Server 2008 (KB4020535) "Security Update for Windows Server 2008 (KB4018196)" does not install on (client) Vista SP2, because it strictly affects a Server function (Windows DNS Server Denial of Service Vulnerability in Microsoft Windows Server 2008: May 9, 2017); as for "Malicious Software Removal Tool - May 2017 (KB890830)", it has already been discussed in this thread... .NET Framework: May, 2017 Security Only Update for .NFW 2.0 SP2, 4.6[.1] on WS 2008 SP2 (KB4019109) => [Security Only Update for the .NFW 2.0 SP2 for WS 2008 SP2 (KB4014575) & Security Only Update for the .NFW 4.6[.1] for WS 2008 SP2 (KB4014591)] May, 2017 Security and Quality Rollup for .NFW 2.0 SP2, 4.6[.1] on WS 2008 SP2 (KB4019115) => [Security and Quality Rollup for the .NFW 2.0 SP2 for WS 2008 SP2 (KB4014502) & Security and Quality Rollup for the .NFW 4.6[.1] for WS2008 SP2 (KB4014511)] NB: If you install the "Security and Quality Rollup" bundle, you need not also install the standalone "Security Only Update"; if you have not yet moved to 4.6[.1] and are still on 4.5.2, you should locate the corresponding updates for that version of .NFW ! For future reference, I will conclude by posting some helpful (to me at least) links (with the hope the mods do not mind...) :

Thanks to both @segaklon and @dencorso for their replies Yep, it's nice to know MSE can still be used on Vista!

@dencorso wrote: > Seems to me nobody did the test Apologies, I am indeed on Vista Home Premium SP2 x86, but am currently running Kaspersky Internet Security, which is incompatible with MSE . Windows Defender is only used for on-demand quick scans... It would've been a hassle for me to test MSE: 1. Uninstall KIS, then reboot. 2. Use Kaspersky Removal Tool (all settings are lost), then reboot. 3. Install MSE, then reboot. 4. Do various tests with MSE. 5. After I was finished testing, I would uninstall MSE (possibly aided by MSE Removal Tool ) then reboot. 6. Then go through the trouble of re-installing and reconfiguring KIS (another reboot required), followed by a lengthy definitions update with possibly another reboot required after that... So, a definite NO-GO it was for me... Just some additional info: On both following official MS links for MSE: https://support.microsoft.com/en-us/help/14210/security-essentials-download https://www.microsoft.com/en-us/download/details.aspx?id=5201 Vista SP1+ (both 32 & 64bit) "appears" to be supported . Both those links fetch the current client version of MSE, which is 4.10.209.0 - is this the one reported broken by @Werewolf at this previous post? I presume they disabled it via a definition update, am I correct? Version 4.4.304.0 reported as working by @segaklon has a digital signature from October 2013; is this version good/efficient enough? And how was 1) its definitions update performed, 2) itself prevented from upgrading to 4.10.209.0 ? Apologies for being a pest, I just want to establish what my options are when my KIS licence expires... Regards

Many thanks for the info . In my eyes, this looks like a promising replacement to MSRT that I could download and manually run every month... To be on the safe side, I did create a Restore Point before letting it perform a quick scan; that took ca. 12min (I recollect MSRT taking somewhat less, perhaps 7-8 min), 0 infected files were found, so all OK !

I was dismayed to discover they were that quick to remove Vista Support from MSRT - I distinctly remember that on my (now decommissioned) XP SP3 desktop, WU continued to find updated versions of MSRT many months after XP SP3 was EOL'd... But given how swift they were to disable MSE on Vista after April 11th, I can't say I was surprised ... So, Windows-KB890830-V5.48.exe wouldn't run on Vista; previous version Windows-KB890830-V5.47.exe (for April 2017) is the last that would... They have issued a statement, to be found on https://support.microsoft.com/en-us/help/890830/remove-specific-prevalent-malware-with-windows-malicious-software-removal-tool I suspect there now is a built-in OS version check that hinders v5.48 from running the scan on Vista ; I'll leave the task to the real experts (to query if it's even possible to lift that restriction), but as Vista and Server 2008 are both NT 6.0, I'm curious as to how they implemented it... I've never been much dependent on MSRT, so I'll not lament its deprecation on Vista... Does anyone have any prior experience with Microsoft Safety Scanner ? Latest version 1.0.3001.0 doesn't complain when started on Vista SP2, but I haven't let it perform the scan yet