Jump to content

An XP Update Observation


Monroe

Recommended Posts

Just finished installing the April 2014 XP updates on my machine ... went back to recheck everything with the Windows Update Tool on IE8 ... all updates were OK except that I found that I now needed an older Root Certificates update from November 2013.

Update for Root Certificates for Windows XP - November 2013 (KB931125)

I had installed the last Root Certificates from March 2014 with the March updates ...

Update for Root Certificates for Windows XP - March 2014 (KB931125)

so why I now had to go back to November 2013, I don't know. I installed it and went back for a recheck and all updates are installed ... wanted everything correct for an image backup later.

Just a heads up to others to double check the Roots Update ... may just be something with my computer setup.

...

Link to comment
Share on other sites


REALLY confused Update check! You're also aware of a KB for Revoking Root Certificates, right?

It also has a date "slightly newer" than the Nov2013 RootCerts but "slightly older" than the Mar2014 RootCerts.

http://support.microsoft.com/kb/2917500

Something's goofy about Win/MS Update site. :unsure:

edit - and oddly enough, there's an OLDER RVKROOTS KB here -

http://support.microsoft.com/kb/2728973

http://www.microsoft.com/en-us/download/details.aspx?id=30281

Edited by submix8c
Link to comment
Share on other sites

Thanks submix8c ... I have never completely understood Root Certificates. I've read your links ... I don't understand exactly what I'm reading. I think for now I will stick with my image backup with the XP March updates. I was just experimenting with the April updates to see if everything was OK.

I was waiting to see if anyone else posted that they also had the November 2013 Root Certificates update show up after having the March Root Certificates already installed.

Again, if this is not happening to anyone else then I have to figure it's on my end.

Should I fool around with more Root Certificate updates from those links you posted or just stop with the November 2013 update ... tempted to install the March 2014 RC update again to see what the Windows Update Tool reports.

Link to comment
Share on other sites

OK I found out this all happened near the end of March ... this is from the Wilders Security Forum dated April 08 2014 ...

Very strange - MS root certs for XP

Discussion in 'other security issues & news' started by FanJ, Apr 8, 2014 at 3:12 PM.

http://www.wilderssecurity.com/threads/very-strange-ms-root-certs-for-xp.362462/

(yes, I know that MS is stopping updates for XP and that today was the latest)

System: Windows XP Dutch

As you may know: updates for MS root certs on XP are optional and are differently handled compared to newer Windows versions.

The latest update for root certs for XP was from March 2014, which I had installed.

See http://www.wilderssecurity.com/threads/update-root-certs-for-windows-xp-march- 2014.361286/

Today I see that there is an update for root certs for XP dated November 2013.

To be honest, I am kind of flabbergasted that I was offered an update from November 2013 while I had installed the update from March 2014.

I am wondering whether other users on XP are seeing the same. Probably on other language versions of MS XP.

What is going on here? Is this right? Is there an error on the MS Dutch update site? Is this also happening on other language versions of XP?

Anyone know more about this? Any input is more than welcome!

Maybe I will try to upload some screenshots but I don't know whether I will succeed with that on the new board forum software.

.........

also from DSL Reports ... 25 March 2014

http://www.dslreports.com/forum/r29130460-Update-for-Root-Certificates-for-Windows-XP-recalled-on-3-25-2014-

Update for Root Certificates for Windows XP recalled on 3/25/2014?

Hello.

I just checked my two/2 XP SP3 machines' Windows Updates and noticed "Update for Root Certificates for Windows XP [November 2013] (KB931125)".

According to both machines' histories, I got "Update for Root Certificates for Windows XP [March 2014] (KB931125)" on 3/11/2014.

What's going on? Did MS recalled March 2014's root certificates?

------

Thanks for raising the question.

The same thing as you noticed, has also been noticed by folks at Wilders:

»www.wilderssecurity.com/threads/···.362462/

(with link to this thread here at DSLR/BBR)

Edited by monroe
Link to comment
Share on other sites

+1 I keep MS Updates disabled, so I only get them when I go explicitly to the MS Update site (and then use the Custom option).

The log below shows the Nov 2013 Root Certificates were available again on Mar 19, a full week + 1 day after Mar 11 (which was Patch Tuesday)! I bet MS messed up bad with the March 2014 Root Certificates, and revoked them silently right afterwards. :P

Excerpts from the MS Update History of one of my XP SP3 machines.

[...]

Windows XP Update for Root Certificates for Windows XP [Nov 2013] (KB931125) Wed, Mar 19, 2014 Microsoft Update

[...]

Windows XP Update for Root Certificates for Windows XP [Mar 2014] (KB931125) Thu, Mar 13, 2014 Microsoft Update

[...]

Windows XP Update for Root Certificates for Windows XP [Nov 2013] (KB931125) Sat, Nov 23, 2013 Microsoft Update

[...]

All other machines received the returning Nov 2013 after this month's patch Tuesday (because I didn't go to MSU site last month with the other machines).

Link to comment
Share on other sites

Exactly the same thing happened on my machine with the root certificates apparently rolling back to an older version.

Puzzled me too, glad I wasn't the only one!

Presumably root certificate updates have now ended for XP along with everything else, but what about the updates that the OS does regularly automatically, which seem to happen regardless of whether automatic updating is enabled in Windows Update?

I mean the "crypt32" entries that appear in the Windows Application log -

"Successful auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>"

and

"Successful auto update retrieval of third-party root list cab from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>"

Will they now end as well, and will the OS constantly throw error messages into the log because it can't find the update?

:)

Link to comment
Share on other sites

Dave-H ... are the XP updates really done for April, who can say? Now that this November 2013 Root Certificates question is going around the web ... could MS fix and update and release a new RC later in the month or before Update Tuesday in May? Would that not still be considered an "April last XP update" ? I don't know. Thanks to dencorso and his logs, we have a pretty good idea when the March RC update was pulled.

So who knows if there still might be something released before May 13th or on May 13th ... to make things right. Kind of a shoddy way to send XP out ... you would think all the "final updates" should have been 100% correct and up to date ... just my thoughts.

I sort of asked what you are asking under another post about possible more updates for IE8 and MS Office 2000 ... since I had an Office 2007 update for Office 2000 this month (April).

This thread: Another XP Update Question ... Sort Of !

Link to comment
Share on other sites

My understanding would have been ongoing that Office 2007 updates would only be available for Vista, 7 and 8. IE 6 updates only for Server 2003, and IE 8 only for Server 2003, Vista and 7. For Office 2000, if you installed the Office 2007 Compatibility Pack, I think Microsoft Update detects those binaries as "Office 2007 being installed", and thus provides an update, but that's a one-off.

Link to comment
Share on other sites

You are probably right with future updates for MS Office. I do have the Office 2007 Compatibility Pack installed and I found out early on when the first Office 2007 update showed up, that it was "probably" OK to install the update and the later ones also ... but I had to research it all out to be sure.

I for one would be interested in what you might discover in those ISOs ... almost seems to easy, has to be a trip wire in there somewhere.

...

Edited by monroe
Link to comment
Share on other sites

almost seems to easy, has to be a trip wire in there somewhere.

...

Interesting you said that for it reminded me about the conversation I had with my dad last week. We were talking about XP EOL and he said something that caught my attention. He said that he wouldn't be shocked if M$ purposefully stated to sabotage windows XP to make it unsafe and unstable. (Maybe by giving out XP security holes or a "Reverse" update) Sadly I don't want to admit it, but I too can sadly see M$ doing something that low. If they will do that I dont believe so, but their actions in the last couple of years really doesn't help make it seem a possibility :ph34r: .

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...