Jump to content

POSReady 2009 updates ported to Windows XP SP3 ENU

glnz

By glnz
in Windows XP

 Share

Recommended Posts

cc333

cc333

Posted
Posted (edited)

http://www.houstonchronicle.com/business/technology/article/Global-extortion-cyberattack-hits-dozens-of-11142481.php

Apparently XP was a major target, since the mainstream version (i.e., not updated with POSReady patches) is still vulnerable, and is still widely used within the affected organizations due primarily to severe budget cuts in their IT departments.

As a result, I think today it can be said that, once and for all, plain XP is definitely not safe. Not even good browsing habits or firewalls could stop this, apparently.

Of course, those of us who regularly apply POSReady updates to our XP systems are supposedly safe, since POSReady was patched for this particular vulnerability (those money-starved IT depts. would benefit greatly from this I think; it's technically not a supported configuration, and would thus create more headaches, but it's free compared to a complete upgrade).

EDIT: XP x64, however, was not patched. Since that is based on Server 2003, I wonder how trivial it would be to backport relevant updates from Server 2008 (it's NT6 vs. 2003's NT5, but maybe they're similar enough??). Of course, if it could be done, it probably would've been done by now, so it's probably impossible....

c

Edited by cc333
Link to comment
Share on other sites

Roffen

Roffen

Posted
Posted

"Internet Explorer 8 is not compatible with your system.

You are running Windows XP 32-bit. Although Internet Explorer 8 will not run on your system, you can download Internet Explorer 8 for other operating systems."

I am not even allowed to get a look at my downloads, but that was working as it should only a few days ago.

Is version 8 the only one usable on XP?,

Link to comment
Share on other sites
heinoganda

heinoganda

Posted
Posted (edited)

@Dave-H

17 hours ago, Dave-H said:

The first attempt on my netbook scanned for 16 hours before finally showing the list.

Complement:
It is known that WEPOS / POSReady 2009 is not intended for use on a desktop computer and officially no Office products are supported! As we could see, WU / MU regularly is no longer supported under IE. Now the fact is the WU / MU (only available via links), with the most recent cumulative update for IE8, works perfectly however only as long as there is no update for an Installed Office product. It also means that the most recent updates have to be installed manually for the installed Office products before running WU / MU on IE. Due to the current situation, automatic updates should be disabled so that the system does not cause any unnecessary CPU load.

Link for latest updates for Office 2007 products in the Download Center

At the moment, it is a way to the goal! As far as I'm concerned, I'm going to think about the next time because of a little helper, where, by means of published download links, the necessary updates are downloaded and installed. Finally, only a cross-check with WU / MU.

:)

Edited by heinoganda
Link to comment
Share on other sites
Dave-H

Dave-H

Posted
Posted

I would imagine that this problem will go away soon, as surely updates for the Office 2007 Compatibility Pack will end sometime this year, as it's ten years old.
That's usually the nominal cut-off point for support.
:)
 

Link to comment
Share on other sites
jaclaz

jaclaz

Posted
Posted
4 hours ago, cc333 said:

http://www.houstonchronicle.com/business/technology/article/Global-extortion-cyberattack-hits-dozens-of-11142481.php

Apparently XP was a major target, since the mainstream version (i.e., not updated with POSReady patches) is still vulnerable, and is still widely used within the affected organizations due primarily to severe budget cuts in their IT departments.

As a result, I think today it can be said that, once and for all, plain XP is definitely not safe. Not even good browsing habits or firewalls could stop this, apparently.

Of course, those of us who regularly apply POSReady updates to our XP systems are supposedly safe, since POSReady was patched for this particular vulnerability (those money-starved IT depts. would benefit greatly from this I think; it's technically not a supported configuration, and would thus create more headaches, but it's free compared to a complete upgrade).

EDIT: XP x64, however, was not patched. Since that is based on Server 2003, I wonder how trivial it would be to backport relevant updates from Server 2008 (it's NT6 vs. 2003's NT5, but maybe they're similar enough??). Of course, if it could be done, it probably would've been done by now, so it's probably impossible....

c

From your source:

Quote


... enters companies and organizations when employees click on email attachments, then spreads quickly internally from computer to computer when employees share documents and other files.


 

An image is worth a thousand words:

http://scienceblogs.com/insolence/wp-content/blogs.dir/445/files/2012/04/i-8bdf6089f2aa915f34a3cf7cc1c35975-funny-pictures-cat-says-your-disease-is-incurable.jpg

jaclaz
 

Link to comment
Share on other sites
TrevMUN

TrevMUN

Posted
Posted (edited)
Quote

An image is worth a thousand words:

http://scienceblogs.com/insolence/wp-content/blogs.dir/445/files/2012/04/i-8bdf6089f2aa915f34a3cf7cc1c35975-funny-pictures-cat-says-your-disease-is-incurable.jpg

jaclaz

And yet it's implied from the story that WannaCry will infect documents and attachments sent by infected computers.

That could mean that the initial infection isn't from a source most savvy people would identify as an obvious malware attempt, but could come in the form of attachments from people they know, already infected with the ransomware.

However, WannaCry is exploiting the SMBv1 vulnerability of which I posted a thread a month or two ago. From what was said to me elsewhere, and what observations were made in that thread, that exploitation only helps WannaCry infect a network using SMBv1 protocol without any need to transmit infected files via e-mail or document sharing. So what's the deal here?

Will plugging the SMBv1 leak stop WannaCry entirely, or just keep your machine safe on a network until you happen to touch an infected file?

EDIT: McAffee has some information about how WannaCry works, including how it infects machines, which I found just now. I edited my latest post in that other thread to reflect this.

Edited by TrevMUN
Link to comment
Share on other sites
mixit

mixit

Posted
Posted (edited)

Didn't see this posted yet, so:

The KB4012598 patch for the SMBv1 vulnerabilities exploited by WannaCrypt/WCry ransomware has also been released by MS for the following otherwise no longer supported Windows versions: Windows Server 2003 SP2 x64, Windows Server 2003 SP2 x86, Windows XP SP2 x64, Windows XP SP3 x86, Windows XP Embedded SP3 x86, Windows 8 x86, Windows 8 x64. (Edit: Vista x86 and x64 also have this as Vista was still supported when the initial patches came out in March.)

In other words, those still using plain XP without getting on the POSReady update train can now get this SMBv1 patch as well. (For those using POSReady updates, this patch has already been superseded by this month's KB4018466.)

There are direct download links in the MS blog post referenced above, or you can get them from http://www.catalog.update.microsoft.com/Search.aspx?q=kb4012598

Edit: For those curious about such things: the code in the patched "normal" XP binaries looks to be exactly identical to their Embedded counterparts, only the timestamps, version numbers, checksums, debug info GUIDs and the installer INF file OS version checks differ.

Edited by mixit
1
Link to comment
Share on other sites
Dave-H

Dave-H

Posted
Posted

That's good to see, although a saying about horses and stable doors springs to mind!
:lol:
Hopefully at least it will prevent any re-occurrence, at least in the short term.
:)
 

Link to comment
Share on other sites
TrevMUN

TrevMUN

Posted
Posted

This is awesome. I wasn't expecting Microsoft to do that. I guess they see goodwill as a higher weighted objective compared to using this incident to push more people into abandoning XP (or Vista for that matter).

Link to comment
Share on other sites
cc333

cc333

Posted
Posted (edited)

I saw that just now. There was only one other time that Ms released an update for an EOL'ed OS, wasn't there?

Well, nevertheless, it makes me feel a bit better about XP x64!

And yes, the article did mention that the initial infection needed to be initiated by a person. I just forgot to mention it, as it was very late when I wrote that post.

EDIT: Note, however, that Vista was conspicuously not included in this post-EOL update.

Perhaps MS should reconsider "un-EOL"-ing these Windows versions for a time, given how they are apparently still being used in significant numbers.

c

Edited by cc333
Link to comment
Share on other sites
mixit

mixit

Posted
Posted (edited)
55 minutes ago, cc333 said:

EDIT: Note, however, that Vista was conspicuously not included in this post-EOL update.

That may just be an omission in the blog post (I copied the version list from there), both x86 and x64 Vista versions seem to be available at the Catalog site. Edit: Looks like Vista was still supported when this patch initially came out in March. Hard to keep track of all these EOL dates.

Edited by mixit
Link to comment
Share on other sites
jaclaz

jaclaz

Posted
Posted
11 minutes ago, cc333 said:

I saw that just now. There was only one other time that Ms released an update for an EOL'ed OS, wasn't there?

Well, nevertheless, it makes me feel a bit better about XP x64!

And yes, the article did mention that the initial infection needed to be initiated by a person. I just forgot to mention it, as it was very late when I wrote that post.

EDIT: Note, however, that Vista was conspicuously not included in this post-EOL update.

Perhaps MS should reconsider "un-EOL"-ing these Windows versions for a time, given how they are apparently still being used in significant numbers.

c

And, if you want to thank someone for limiting the spreading of the virus (actually only preventing the encryption) by sheer luck (but sometimes things go better than one would expect :)), check here:

https://www.malwaretech.com/2017/05/how-to-accidentally-stop-a-global-cyber-attacks.html

jaclaz
 

Link to comment
Share on other sites
glnz

glnz

Posted
  • Author
Posted

Replying to mixit's post above at LINK -->

So, if we POS people have previously installed KB4012598 in mid-March and recently installed KB4018466 (which I did three days ago), we're as good as we can be on our old beat-up XP SP3 x86 machines?  We don't need to throw our PCs down the garbage chute before they explode?  Or add more electrical tape to the front panel?

Just want to be sure I don't have to put on my sneakers and bomb-disposal gear.  (I suppose Dave-H would call them "trainers" and "UXB tunics".)

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...