POSReady 2009 updates ported to Windows XP SP3 ENU

[XPHomeSP3]

23 hours ago, win32 said:

Since it was released in July 2019 and is a non-security update, it probably falls into the same category as the Windows 2000 updates and wasn't meant for public release.

Well, here's the thing with this theory:

If you go to the Microsoft page for How to Configure Daylight Saving Time for Microsoft Windows Operating Systems and scroll down to July 2019 update section and expand it, you will see they have the following information:

Note: This update was revised on August 13, 2019, to apply to Windows Embedded POSReady 2009

It would seem to me it was indeed meant for public release but someone at Microsoft somehow overlooked the fact it was supposed to be added to the update catalog.  (Of course, I could be completely wrong though.)

I have also tried to post a comment about this fact at the Time Zone Updates for Brazil are Available blog posting at the Microsoft Daylight Saving Time & Time Zone Blog but it refuses to let me do so for some reason.  (Maybe Microsoft knows we're on their trail.)  

Perhaps while I'm minding the register at one of my supermarkets in Casablanca someone here could kindly try and post a comment on my behalf (or your behalf) and see if we can get an answer from someone.

[FranceBB]

@XPHomeSP3 Done!

Quote

Hi there,

sorry for the very late reply, but I'm a Windows Embedded POSReady customer and I didn't receive the update through Windows Update when it was released. 

I noticed that on this page Link in the "July 2019 update" it says "this update was revised on August 13, 2019, to apply to Windows Embedded POSReady 2009" so it should be publicly available for people to download, however it isn't: letting the OS search for it within Windows Update doesn't show any new update and there's no sign of it in the Microsoft Update Catalog: KB4507704 I mean, it's there for pretty much every OS but not for Windows Embedded POSReady 2009. Is there a way we can get the update on our tills?

 

Thank you in advance,

Frank.

 

[XPHomeSP3]

Well done and thank you, FranceBB!

While eagerly awaiting a positive response from Micorosft regarding your inquiry, I'll be making sure the produce section is well stocked and it's newly installed POSReady 2009 register is ready for the KB4507704 update to be applied.

[win32]

Quote

Hi @francebb 

 

according to the first post here, Microsoft released the updates containing the new DST rule for the OS's in July/2019...But as you can see in this article below, the OS version you mentioned is not supported anymore since April/2019...So I believe that you must not expect for updates for it....

Check this out:
     End of support for Windows Embedded 2009 (published: January 29, 2019)
     https://support.microsoft.com/en-us/help/4489209/end-of-support-for-windows-embedded-2009

 

Regards.

The runaround.

But the guy seems to be a

Quote

Staff Software Engineer for collaboration/mail products

So he may not be able to do much for Windows.

[XPHomeSP3]

8 hours ago, win32 said:

The runaround.

But the guy seems to be a

So he may not be able to do much for Windows.

Maybe not, but, if you're so inclined, I would suggest you reply with something along the lines of, 

"Well, could you kindly explain why Microsoft would make an update available for a system that is out of support yet has publically available information with clear instructions for obtaining it for said system here:

https://support.microsoft.com/en-ca/help/4507704/dst-changes-in-windows-for-brazil-and-morocco "

Keep shaking the apple tree.  Something will hopefully fall out of it soon. 

Edited April 28, 2020 by XPHomeSP3
fixed typos

[Mcinwwl]

Well, MU keeps surprising me with new updates:

Fun fact is, that I've been actively looking for driver updates for the printer up to 2015 via hp website and nothing popped up. now I get new updates every month

I found out that newest for XP 32bit is 11.1.1.9 on some shady website, but I'll wait a month longer to see If I'll get new offering with next patch Tuesday.

[FranceBB]

I wanna talk about 0patch again.

I installed it on my system which is fully updated and it found a whopping number of vulnerabilities which can be patched. I'm gonna share a few screenshots. I also checked the service and it's using as little as 9 MB of RAM when it's in the tray icon. Free licence costs nothing, the premium one is €22.95 per year per computer. Do you think it's worth it?

As to the 2020 updates, I'm particularly interested in those that are offered by 0Patch for Windows XP:

CVE-2020-0683, CVE-2020-0883, CVE-2020-0668, CVE-2020-0729, CVE-2020-0687

Edited April 28, 2020 by FranceBB

[Guest]

No, it's not worth it.

All vulnerabilities that interest you in 2020 have an  Exploitability Index Works = 2

Quote

 

2 – Exploitation Less Likely

Microsoft analysis has shown that while exploit code could be created, an attacker would likely have difficulty creating the code, requiring expertise and/or sophisticated timing, and/or varied results when targeting the affected product. Moreover, Microsoft has not recently observed a trend of this type of vulnerability being actively exploited in the wild. This makes it a less attractive target for attackers. That said, customers who reviewed the security update and determined its applicability within their environment should still treat this as a material update. If they are prioritizing against other highly exploitable vulnerabilities, they could rank this lower in their deployment priority.

 

Additionally, none of these vulnerabilities are exploited.

It could be interesting if 0-Patch also addressed for Win.XP OS with the resolution of the following vulnerabilities:

CVE-2020-0938,CVE-2020-1020,CVE-2020-0674.

Edited April 29, 2020 by Sampei.Nihira

[XPHomeSP3]

15 hours ago, Mcinwwl said:

Well, MU keeps surprising me with new updates:

Fun fact is, that I've been actively looking for driver updates for the printer up to 2015 via hp website and nothing popped up. now I get new updates every month

I found out that newest for XP 32bit is 11.1.1.9 on some shady website, but I'll wait a month longer to see If I'll get new offering with next patch Tuesday.

Since you seem to be the only one getting any updates for POSReady 2009, maybe you'll magically attract KB4507704 and be able to share it with those of us who are interested in installing it. 

Have you ever tried to manually search for KB4507704 on MU?

[XPHomeSP3]

16 hours ago, FranceBB said:

I wanna talk about 0patch again.

I installed it on my system which is fully updated and it found a whopping number of vulnerabilities which can be patched. I'm gonna share a few screenshots. I also checked the service and it's using as little as 9 MB of RAM when it's in the tray icon. Free licence costs nothing, the premium one is €22.95 per year per computer. Do you think it's worth it?

Do I seem to recall reading in one of your previous posts that you would be willing to pay $100.00/year for continuing security updates for XP if Microsoft ever offered it?  If so, 0patch is a much better deal if you look at it this way.

However, as I mentioned previously, 0patch told me,

"We have so far only issued two micropatches for XP (BlueKeep, EsteemAudit) - both of which were critical remotely exploitable 0days when we patched them (i.e., without an official patch by Microsoft), but Microsoft subsequently decided to provide official updates for both even though XP and 2003 were long out of support.

We have no experience with Windows Embedded but would be willing to test 0patch on it if there was sufficient interest for that.

Under current priorities, we're only issuing XP micropatches when a critical 0day comes out that affects them, but if it made financial sense for us, we'd be willing to backport more patches to these old systems."

So, it would seem the only micropatches you are currently receiving for your system are for vulnerabilities in other software you have installed on it.  (If I understand correctly how 0patch works from their user manual and FAQ.)

In the end the decision is yours as to whether you want to spring for the Premium version, but continuing to use the Free version certainly won't hurt anything.  In fact, I installed 0patch Free on a fully updated non-POSReady 2009 XP Home system the other day to see what results it would give me and it told me the following info:

• 332 patches installed
•     7 patchable modules
•   56 patches available for purchase
•     2 patches were applied
•   17 applications were patched

IMO, it's a pretty neat little program and I'm quite impressed with it so far.  Plus, you can't beat free, if that's the option you choose.

Quote

As to the 2020 updates, I'm particularly interested in those that are offered by 0Patch for Windows XP:

CVE-2020-0683, CVE-2020-0883, CVE-2020-0668, CVE-2020-0729, CVE-2020-0687

The only other thing I would add/suggest is that both you and Sampei.Nihira contact 0patch at support@0patch.com with your interest in adding the CVE's you both specifically mentioned and see what they have to say.

Please keep us posted.

Edited April 29, 2020 by XPHomeSP3
fixed typos

[Guest]

@XPHomeSP3

Mitjia has no interest in developing micro-patches for windows XP because it would not have a monetary return for the energies dedicated to this OS.
Instead with Win.7 it is different because it is still used in companies.

For CVE-2020-0938, CVE-2020-1020 vulnerabilities, the Microsoft recommended mitigations can be used.
I personally use 2 mitigations without problems in addition I added 2 other personal mitigations that I mentioned in the dedicated 3D.
For the CVE-2020-0674 vulnerability I adopted the strategy of blocking I.E.8 through an NVT OSArmor rule, more info in the dedicated 3D.

 

[FranceBB]

5 hours ago, XPHomeSP3 said:

Do I seem to recall reading in one of your previous posts that you would be willing to pay $100.00/year for continuing security updates for XP if Microsoft ever offered it?  If so, 0patch is a much better deal if you look at it this way.

True, however that was for Microsoft updates. Anyway, if 0patch is good enough and overcomes Windows Updates with as little as 23€ per year then it's fine for me.

5 hours ago, XPHomeSP3 said:

In the end the decision is yours as to whether you want to spring for the Premium version, but continuing to use the Free version certainly won't hurt anything.  In fact, I installed 0patch Free on a fully updated non-POSReady 2009 XP Home system the other day to see what results it would give me and it told me the following info:

• 332 patches installed
•   56 patches available for purchase

Yes, that's exactly the same as mine: same system (but Professional instead of Home), same values. 332 patches installed, 56 patches available for purchase.

Anyway, I'm really prone to pay for it, I just asked you all 'cause I wanted a second opinion.

Edited April 29, 2020 by FranceBB

[Mcinwwl]

Since they do not support Embedded, it is likely that some of the updates they offer are false-positives.

I would start from patching what you could get for free and check if this is not causing system's unstability.

[Mcinwwl]

10 hours ago, XPHomeSP3 said:

Since you seem to be the only one getting any updates for POSReady 2009, maybe you'll magically attract KB4507704 and be able to share it with those of us who are interested in installing it. 

Assuming that I didn't try earlier is, you know, humiliating...

[XPHomeSP3]

6 hours ago, Mcinwwl said:

I would start from patching what you could get for free and check if this is not causing system's unstability.

I agree. 

It also says on 0patch's pricing page you can contact them for a free trial so that's another option to check for any additional possible instability issues  before you decide to move to the Pro version.

I don't know if you've had a chance to peruse the 0patch user manual but I would recommend this as well.  You will find everything you need to know about its intricacies in there. 

Edited April 30, 2020 by XPHomeSP3
corrected bad link