Mcinwwl Posted May 27, 2017 Share Posted May 27, 2017 Uh, how many of home users use RDP? I'd say disabling it seems to be pretty wise security advice. Link to comment Share on other sites More sharing options...
heinoganda Posted May 27, 2017 Share Posted May 27, 2017 (edited) The tapicust.dll contained in KB982316 is only needed when the patch is run and is not copied as a file to the %windir%\system32 and %windir%\system32\dllcache folders. This patch changes the access rights to the "MACHINE\Software\Microsoft\Windows\CurrentVersion\Telephony" registry path. Info:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Telephony\Terminal Manager Entry for Terminal Services Manager to manage RDP connections. Excerpt from update_SP3GDR.inf or update_SP3QFE.inf: [Configuration] UninstallCustomizationDLL=tapicust.dll CustomizationDll=tapicust.dll noPNPfiles=1 InstallationType = Hotfix InstallLogFileName = %SP_SHORT_TITLE%.log UnInstallLogFileName = %SP_SHORT_TITLE%Uninst.log UnInstallDirName = $NtUninstall%SP_SHORT_TITLE%$ EventLogKeyName = NtServicePack EventLogDllName = spmsg.dll [PreRequisite.Uninstall] [SecurityRegistryAfterInstall] "MACHINE\Software\Microsoft\Windows\CurrentVersion\Telephony",2,"D:P(A;CIOI;GR;;;BU)(A;CIOI;GRGWSD;;;PU)(A;CIOI;GR;;;NS)(A;CIOI;GR;;;LS)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)" Whether this patch is installed can be checked with an existing entry in the registry "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\KB982316". Edited May 27, 2017 by heinoganda Link to comment Share on other sites More sharing options...
niko32 Posted May 27, 2017 Share Posted May 27, 2017 (edited) Thanks Mathwiz, and heinoganda for clarifications. So if I manually change permissions (remove full access for Network Service users) for HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Telephony and it's subfolders (subkeys) :), I don't really need to install this update? Edited May 27, 2017 by niko32 Link to comment Share on other sites More sharing options...
heinoganda Posted May 27, 2017 Share Posted May 27, 2017 The question I can not answer clearly. If you found in Registry the key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\KB982316"? Link to comment Share on other sites More sharing options...
niko32 Posted May 27, 2017 Share Posted May 27, 2017 (edited) No, there's not that key in registry, because I never installed it. But I did change manually permissions for HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Telephony and accordingly to it's subkeys (unchecked full control for Network Service users). So if that's all update KB982316 do, then I guess I'm good. Edited May 27, 2017 by niko32 Link to comment Share on other sites More sharing options...
glnz Posted May 27, 2017 Author Share Posted May 27, 2017 (edited) Two Qs to the team - 1) Will the latest May 22 MSRT (MRT.exe) run on our Win XP SP3 machines that we've kept updated with the POS hack? (Microsoft Update does NOT present it to me for download or installation.) 2) A search in my XP Registry does NOT show any entry for KB982316. However, my Microsoft Update does NOT present it to me for download or installation. Should I look for it manually and install it? Danke. Edited May 27, 2017 by glnz Link to comment Share on other sites More sharing options...
niko32 Posted May 27, 2017 Share Posted May 27, 2017 Well I'm not nearly that knowledgeable as the team leaders here. But short answer to question 2 is that KB982316 just adds extra protection for not that likely threat. Mathwiz and heinoganda explained it in more details. I guess it all depends how paranoid you feel. I think I did manually what this patch does, but i was just tinkering a little bit for fun. Link to comment Share on other sites More sharing options...
heinoganda Posted May 27, 2017 Share Posted May 27, 2017 1 hour ago, glnz said: Will the latest May 22 MSRT (MRT.exe) run on our Win XP SP3 No, does not work! 1 hour ago, glnz said: A search in my XP Registry does NOT show any entry for KB982316 This update can only be downloaded manually. Link to comment Share on other sites More sharing options...
Dave-H Posted May 27, 2017 Share Posted May 27, 2017 IIRC all versions of MRT.exe after version 5.39.12900.0 just throw an error message if you try to run them on XP. I had no entry for KB982316 originally in my registry either, but having installed it , I now do. Looking at previous posts, I don't think it's a fix that's relevant except in particular circumstances, but I'm assuming there's no harm in having it installed anyway. 1 Link to comment Share on other sites More sharing options...
SD73 Posted May 27, 2017 Share Posted May 27, 2017 I did not have the patched either. However, after using the link Bersaglio posted it's installed and running! Thanks guys! Link to comment Share on other sites More sharing options...
heinoganda Posted May 27, 2017 Share Posted May 27, 2017 @glnz Who has the choice has the qual! Almost forgotten, Bitteschön! @ All Now it is time to wait until the next horror message comes due to NSA exploits. Link to comment Share on other sites More sharing options...
glnz Posted May 27, 2017 Author Share Posted May 27, 2017 (edited) Esteemed colleagues and pen-pals - Although I too had assumed that recent versions of mrt.exe would not run on our immortal XPs, please see LINK TO ASK WOODY POST Is it possible that MS decided to make this mrt.exe more universally usable, as it is specifically a defense against WannaGetABeer ? Those of you with extra experimental XP machines - WannaTry? Edited May 27, 2017 by glnz Link to comment Share on other sites More sharing options...
Dave-H Posted May 27, 2017 Share Posted May 27, 2017 (edited) Well that verson does not work for me. As expected, the KB890830 version just says it's not a valid Win32 application if I try to run it on XP. Edited May 27, 2017 by Dave-H Correction Link to comment Share on other sites More sharing options...
glnz Posted May 28, 2017 Author Share Posted May 28, 2017 Dave-H - You are correct. Same here. I'll go back to AskWoody and give PKCano a piece of your mind. Link to comment Share on other sites More sharing options...
dencorso Posted May 28, 2017 Share Posted May 28, 2017 By my reckoning, you might as well give PKCano a bigger piece of MSFN's collective mind: There's no way it'll run on unmodified XP SP3 (w/ POSReady trick). I've just downloaded the Windows-KB890830-V5.48.exe PKCano's given a link to. By looking at it through PE-Explorer, I see "Subsystem Version = 6.0", so I know it wants at least Vista to run. And, BTW, that's what makes it throw the infamous "Not a valid Win32 application." error. But I don't give up easily so, after patching it to "Subsystem Version = 5.0", meaning 2k, I give it a shot at running and get: 1 Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now