POSReady 2009 updates ported to Windows XP SP3 ENU

[Mcinwwl]

Uh, how many of home users use RDP? I'd say disabling it seems to be pretty wise security advice.

[heinoganda]

The tapicust.dll contained in KB982316 is only needed when the patch is run and is not copied as a file to the %windir%\system32 and %windir%\system32\dllcache folders. This patch changes the access rights to the "MACHINE\Software\Microsoft\Windows\CurrentVersion\Telephony" registry path.

Info:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Telephony\Terminal Manager
Entry for Terminal Services Manager to manage RDP connections.
 

Excerpt from update_SP3GDR.inf or update_SP3QFE.inf:

[Configuration]
    UninstallCustomizationDLL=tapicust.dll
    CustomizationDll=tapicust.dll
    noPNPfiles=1
    InstallationType        = Hotfix
    InstallLogFileName      = %SP_SHORT_TITLE%.log
    UnInstallLogFileName    = %SP_SHORT_TITLE%Uninst.log
    UnInstallDirName        = $NtUninstall%SP_SHORT_TITLE%$
    EventLogKeyName         = NtServicePack
    EventLogDllName         = spmsg.dll

[PreRequisite.Uninstall]

[SecurityRegistryAfterInstall]
    "MACHINE\Software\Microsoft\Windows\CurrentVersion\Telephony",2,"D:P(A;CIOI;GR;;;BU)(A;CIOI;GRGWSD;;;PU)(A;CIOI;GR;;;NS)(A;CIOI;GR;;;LS)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"

Whether this patch is installed can be checked with an existing entry in the registry
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\KB982316".

Edited May 27, 2017 by heinoganda

[niko32]

Thanks Mathwiz, and heinoganda for clarifications.

So if I manually change permissions (remove full access for Network Service users) for HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Telephony and it's subfolders (subkeys) :), I don't really need to install this update?

Edited May 27, 2017 by niko32

[heinoganda]

The question I can not answer clearly. If you found in Registry the key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\KB982316"?

[niko32]

No, there's not that key in registry, because I never installed it.

But I did change manually permissions for HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Telephony and accordingly to it's subkeys (unchecked full control for Network Service users).

So if that's all update KB982316 do, then I guess I'm good.

Edited May 27, 2017 by niko32

[glnz]

Two Qs to the team -

1)  Will the latest May 22 MSRT (MRT.exe) run on our Win XP SP3 machines that we've kept updated with the POS hack?  (Microsoft Update does NOT present it to me for download or installation.)

2)  A search in my XP Registry does NOT show any entry for KB982316.  However, my Microsoft Update does NOT present it to me for download or installation.  Should I look for it manually and install it?

Danke.

Edited May 27, 2017 by glnz

[niko32]

Well I'm not nearly that knowledgeable as the team leaders here.

But short answer to question 2 is that KB982316 just adds extra protection for not that likely threat. Mathwiz and heinoganda explained it in more details. I guess it all depends how paranoid you feel.

I think I did manually what this patch does, but i was just tinkering a little bit for fun.

[heinoganda]

1 hour ago, glnz said:

Will the latest May 22 MSRT (MRT.exe) run on our Win XP SP3

No, does not work!

1 hour ago, glnz said:

A search in my XP Registry does NOT show any entry for KB982316

This update can only be downloaded manually.

[Dave-H]

IIRC all versions of MRT.exe after version 5.39.12900.0 just throw an error message if you try to run them on XP.

I had no entry for KB982316 originally in my registry either, but having installed it , I now do.
Looking at previous posts, I don't think it's a fix that's relevant except in particular circumstances, but I'm assuming there's no harm in having it installed anyway.

 

[SD73]

I did not have the patched either.  However, after using the link Bersaglio posted it's installed and running!  Thanks guys!

[heinoganda]

@glnz

Who has the choice has the qual! 
Almost forgotten, Bitteschön!

@ All

Now it is time to wait until the next horror message comes due to NSA exploits. 

[glnz]

Esteemed colleagues and pen-pals - Although I too had assumed that recent versions of mrt.exe would not run on our immortal XPs, please see

LINK TO ASK WOODY POST

Is it possible that MS decided to make this mrt.exe more universally usable, as it is specifically a defense against WannaGetABeer ?

Those of you with extra experimental XP machines - WannaTry?

Edited May 27, 2017 by glnz

[Dave-H]

Well that verson does not work for me.
As expected, the KB890830 version just says it's not a valid Win32 application if I try to run it on XP.


 

Edited May 27, 2017 by Dave-H
Correction

[glnz]

Dave-H - You are correct.  Same here.  I'll go back to AskWoody and give PKCano a piece of your mind.

[dencorso]

By my reckoning, you might as well give PKCano a bigger piece of MSFN's collective mind:
There's no way it'll run on unmodified XP SP3 (w/ POSReady trick).
I've just downloaded the Windows-KB890830-V5.48.exe PKCano's given a link to.
By looking at it through PE-Explorer, I see "Subsystem Version = 6.0", so I know it wants at least Vista to run.
And, BTW, that's what makes it throw the infamous "Not a valid Win32 application." error.
But I don't give up easily so, after patching it to "Subsystem Version = 5.0", meaning 2k, I give it a shot at running and get: