WildBill Posted December 8, 2011 Author Share Posted December 8, 2011 (edited) One caveat about MS011-013: while I believe I've faithfully ported the patch and it seems to work fine, from my analysis I'm not certain that MS took the patch quite far enough. Maybe I'm just being paranoid, but I might take a second look at their patch tomorrow as I'm not convinced that they fully closed the security hole...Edit...false alarm, it looks okay Edited December 8, 2011 by WildBill Link to comment Share on other sites More sharing options...
WildBill Posted December 9, 2011 Author Share Posted December 9, 2011 (edited) New patch posted: MS11-038 Vulnerability in OLE Automation Could Allow Remote Code Execution (critical). You can find it on the master list... Edited December 9, 2011 by WildBill Link to comment Share on other sites More sharing options...
tomasz86 Posted December 11, 2011 Share Posted December 11, 2011 (edited) Thanks WildBill I prepared a new version of the update.ver making script. It now works not only for updates but for service packs too! It supports only Windows 2000 at the moment but I plan to make it compatible with both XP & 2003. Now you don't even have to unpack updates - you just have to place them in HF. Unpacked or not, they'll still be processed. I also greatly improved the speed of it and made it more "pretty" (files which are being processed are now displayed on the screen).You can download it here. The URL is the same as before. Edited December 11, 2011 by tomasz86 Link to comment Share on other sites More sharing options...
tomasz86 Posted December 12, 2011 Share Posted December 12, 2011 Alright, i will try KDW, didnt know this tool. Also i'd like to know how to add a simple function from one dll into another one using "PE TOOL", is there any how to to do this?The tool i'd like to run under win2k PRO (and 2k PRO server if possible) it's here: hereTo test the tool , you have to install it under XP+ and then copy the install folder or unpack the installer.Thank you for your help.I'm very sorry for such a late reply.I actually managed to install the application in Windows 2000 using KDW and setting OS version to XP SP3 in fcwin2k.exe. The real problem is that there are a lot of dependencies missing, not only the one related to iphlpapi.dll. The dlls from KDW won't be enough to fix them because they lack some functions which are required by the program.I'll try to play with some dlls copied directly from XP and see if it's possible to achieve something. At this moment I'd say there is no more than about 20% chance that it'll run under Win2k. Link to comment Share on other sites More sharing options...
tomasz86 Posted December 16, 2011 Share Posted December 16, 2011 (edited) WildBill,I have just two questions/suggestions for you 1. What do you think about making a v10 of 2479628 (MS11-012) which would include all changes done by me (v9) and you (v7). Having two versions of the same patch is confusing and v9 is already included on the bristols' updates list. Do you have any objections against it? If not, I'd like to ask you to do it or (if you're busy and don't have time) I can do it myself.2. What do you think about making multilanguage updates? Up to now I've prepared multilanguage versions of some of your updates separately but I'd be probably much better if one update was made by just one person to avoid any unexpected issues. Checking if the update is multilanguage is pretty simple. You must just check the same update available for some other language and see if the file included is the same one (its langauge version will be English or "language neutral"). If it is then it means that it's interchangeable between different language versions of Windows and one update can be made for all of them. You just have to edit update.inf like this:[Strings]LangTypeValue = 0x0After doing so the update will install in any language version of Windows. The installer will be in English but it doesn't matter at all.3. I'd like to ask you about unofficial updates' filenames. As you've probably noticed I use the following scheme:Windows2000-UU-(HBR-)KB(zX)XXXXXX-x86-XXX.exeBy doing so it's clear what kind of update it is by just looking at the filename. It's extremely easy to separate official and unofficial updates and HBRs thanks to it. Adding the "z" before 2 in KB2* for new updates makes them listed at the end, after the older ones starting from 8/9. What's you opinion about it? I know you've sticked to the official M$ filename style but wouldn't it be better to have unofficial updates clearly distinguished from the official ones to avoid any misunderstandings?These are just my proposals I just believe that it would be nice to have some kind of "official" structure for the UUs. Please share your opinion about them. Edited December 16, 2011 by tomasz86 Link to comment Share on other sites More sharing options...
tomasz86 Posted December 29, 2011 Share Posted December 29, 2011 I added some new updates.MS07-?: SetupDiGetDeviceRegistryProperty function returns an incorrect RequiredSize value on DBCS characters in Windows 2000Windows2000-UU-HBR-KB888609-v4-x86-ENU.exeMS07-? A microcode reliability update is available that improves the reliability of systems that use Intel processorsWindows2000-UU-KB936357-v4-x86-Global.exeMS11-090: Cumulative Security Update for ActiveX Kill BitsWindows2000-UU-KBz2618451-x86-Global.exeThe first two are recompiled versions of updates made by BlackWingCat. The third one (2618451) replaces 2562937. Link to comment Share on other sites More sharing options...
tomasz86 Posted January 1, 2012 Share Posted January 1, 2012 One more update:MS11-? Security update for Windows Fax Cover Page Editor MFC componentsWindows2000-UU-HBR-KBz2584577-x86-Global.exemfc42.dll 6.2.8092.0mfc42u.dll 6.2.8092.0It's a HBR and replaces 2506212. Link to comment Share on other sites More sharing options...
MacLover Posted January 11, 2012 Share Posted January 11, 2012 I've done some tests with the updates from this month's Patch Tuesday and these are my results:MS12-002: Didn't test this one but it looks like a simple registry fix.MS12-003: Didn't even try as it updates a core system file (WINSRV.DLL)MS12-004: The DirectShow (QUARTZ.DLL,QDVD.DLL) update worked fine but the Windows Multimedia Library (WINMM.DLL,MCISEQ.DLL) part broke sound completely.MS12-005: Works (Seems PACKAGER.EXE hasn't changed much since the NT4 days...)MS12-006: Works thanks to WildBill's MS11-011 and MS11-020 updates. (SCHANNEL.DLL,WINHTTP.DLL) Link to comment Share on other sites More sharing options...
blackwingcat Posted January 11, 2012 Share Posted January 11, 2012 (edited) The worst vulnerability (in windows history) MS12-004, was showed By Microsoft I released MS12-004 for WIndows 2000 Japanese Version yesterday.But I don't have English version WINMM.DLL,MCISEQ.DLL.Is there Anyone provide me the Dlls ? Windows Legacy UpdateI've done some tests with the updates from this month's Patch Tuesday and these are my results:MS12-002: Didn't test this one but it looks like a simple registry fix.MS12-003: Didn't even try as it updates a core system file (WINSRV.DLL)MS12-004: The DirectShow (QUARTZ.DLL,QDVD.DLL) update worked fine but the Windows Multimedia Library (WINMM.DLL,MCISEQ.DLL) part broke sound completely.MS12-005: Works (Seems PACKAGER.EXE hasn't changed much since the NT4 days...)MS12-006: Works thanks to WildBill's MS11-011 and MS11-020 updates. (SCHANNEL.DLL,WINHTTP.DLL) Edited January 11, 2012 by blackwingcat Link to comment Share on other sites More sharing options...
blackwingcat Posted January 14, 2012 Share Posted January 14, 2012 Thx acus.I released English Version MS12-004 for Windows 2000 and XP SP2.You can download My Security Patch siteit includes both KB2598479 and KB2631813. Link to comment Share on other sites More sharing options...
tomasz86 Posted January 16, 2012 Share Posted January 16, 2012 (edited) Thank you MacLover for useful information and thank you BlackWingCat for these updates I've prepared some new updates too.Added:MDAC 2.81 HBR Rollup - 950982, 960071 & 961451 combined into an update rollupScript 5.8 (v2) - updated jscript.dll to the newest version953024,970063 - two new HBRs as one update (files overlap each other)959334 - a new HBR971913 - a new HBR for MSI 3.12584146 - updated version of packager.exe from Jan 2012 Security Bulletin; available in 24 languages2603381 - update from Jan 2012 Security Bulletin (registry fix only)Removed:960071,961451 - merged into one rollup together with 950982Script 5.8 - replaced by Script 5.8 (v2)DownloadPSI've also been testing MS12-006 but I think it'll be better to wait for some time before making a W2K version, just to be sure that there are no issues related to it. Edited January 16, 2012 by tomasz86 Link to comment Share on other sites More sharing options...
tomasz86 Posted January 16, 2012 Share Posted January 16, 2012 I'm not sure about it at this moment but it might be necessary to put 2603381 to HFSVCPACK_SW1 when slipstreaming in HFSLIP. I'll try to test it when I've got some time. Link to comment Share on other sites More sharing options...
tomasz86 Posted January 20, 2012 Share Posted January 20, 2012 I prepared one more update:914783 - XMLLite943729 - new Group Policy preferencesWindows2000-UU-KB914783-KB943729-x86-ENU.exeSlipstreamable from HFSVCPACK_SW1 folder. Link to comment Share on other sites More sharing options...
tomasz86 Posted January 22, 2012 Share Posted January 22, 2012 I prepared a XPS / WIC Full Pack which is inspired by this addon originally made by Yumeyao and updated by ricktendo64. It's not the same as not all files are supported in Windows 2000 (especially the newest versions coming from W7 are usually not). I also added WIC and XPS Viewer. Windows2000-XPSWIC-x86-Global.exe (HFSVCPACK_SW1)WildBill's kernel is requried. Link to comment Share on other sites More sharing options...
tomasz86 Posted February 6, 2012 Share Posted February 6, 2012 (edited) It seems that BlackWingCat has been experimenting with the kernel and CPU/RAM support difference according to the edition of Windows 2000.http://blog.livedoor.jp/blackwingcat/archives/1618044.html#morehttp://blog.livedoor.jp/blackwingcat/archives/1620055.html#moreI'm posting it here because I think it may be interesting, especially for WildBill.By the way, would it be a problem to implement multi-CPU support into your kernel, WildBill?BlackWingCat made this patch long time ago:http://blog.livedoor.jp/blackwingcat/archives/1163868.html Edited February 6, 2012 by tomasz86 Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now