Jump to content

Server 2008 Updates on Windows Vista


Jody Thornton

Recommended Posts

Hi All,

I've dabbled with Vista off and on over the years since it's release, and I never really found it to be too bad, although I preferred XP and stuck with it until 2014, when I began using 7 more regularly.

That being said, I have a Sandy Bridge PC I built here, and I got a copy of Vista Ultimate specifically for it that I'm planning to install.

However, I'm concerned to read that the Spectre/Meltdown patches wreck its performance? Is it possible to avoid installing those updates while still getting all the others?

Thanks,

c

Link to comment
Share on other sites


CC333 asked "Is it possible to avoid installing those updates while still getting all the others?"

Sure, and why not.  So far Spectre and Meltdown and other Looming Terrors are primarily of interest to computer science students and working chip designers, rather than the rest of us.  Vast hordes of Evial Miscreants out to ruin the PCs and lives of the rest of us haven't materialized yet, and I suspect that if/when they do appear, striking at the vulnerable central core of Vista users is not going to be the primary thing on their mind.

So yes, you can skip those particular updates and things will probably go alright.   Now maybe, just maybe, you want to dual boot between Vista and Win 10, or between Vista and Linux or something like that -- then you might want to have your system's firmware brought up to modern snuff.

That said ... Y'know, at peak performance with a Sandy Bridge, you've got a 7-core processor running at 3.4 GHz.   In the WORST WORST WORST circumstances, accepting all the Intel and Microsoft updates intended to cope with Spectre/Meltdown/etc.  will cut 30% off your system performance.   Which is in some ways dismaying, but in others ... you've got a ten year old chip, you know in advance it's not going to let you conquer the world,  And yet by the standards of a few years before that -- 2006 say, when Vista was released to the world --- a 3 or 5 or 7 core computer running at 2.5 GHz would have been absolutely stunning.

So.  You want to play with Vista?  Join the club!  Welcome to the club!  And don't worry too much about the clubhouse slipping its moorings and falling into all the nearby ravines. 

 

Link to comment
Share on other sites

Hahaha! Thank you! I am honored to be a member of this club!! :lol: :)

So I guess I'll try skipping those updates... if I knew which ones they were, it'd be easier...

My system has a modest i5-2500k, so it's not the fastest to begin with, and a 30% performance cut might be too much.

People lived for 25 years with this vulnerability, to no effect. Now that we know it exists, it probably won't change anything because it's a fairly hard thing to exploit (there are many other ways a hacker could steal info that are *much* easier), plus, with older OSes, we have some obscurity to protect us.

c

Link to comment
Share on other sites

@Jody ThorntonNoted. Thanks!

To clarify my earlier post, I don't intend to have a cavalier attitude regarding security, it's just that the reality of the situation is that *every* device that has a CPU in it is affected in some way, and probably 80-90% of it will never be updated to protect against this vulnerability (which is mostly FUD, I've come to realize), so there's really not much we can do about it until new hardware comes out that has the flaws corrected, and that isn't projected to happen for at least a couple more years.

In the meantime, we can patch our computers (to a point; older ones that can't run a patched OS will never be patched unless something extraordinary happens), but what about our cars? And our network routers? Some of the more sophisticated cars and routers use CPUs not unlike what we'd see in a smartphone, so they're all just as vulnerable, and none will likely receive any kind of patch for it. Does that mean they'll be hacked? Not likely, because the success rate of a Spectre/Meltdown attack is somewhat variable (particularly on older hardware), and one needs to have physical access to the system in question (to my knowledge; I could be mistaken).

So does this mean we should forget about security? NO! We absolutely should continue patching things as usual, because there are innumerable other exploits that are potentially much, much more virulent, and must therefore be mitigated ASAP to prevent any data breaches or other such things from occurring.

I just think that it may be a waste of time to worry about this particular exploit too much, because it is mostly academic and of limited value to most hackers (in my opinion).

c

Link to comment
Share on other sites

The only real issue I see is something that @NoelCbrought up in his analysis of installing Windows 8.1 updates.  He is not so sure that skipping updates and installing later ones will produce a stable system environment.

The Windows 8.1 and Server 2012 update for Spectre and Meltdown came in March of last year.  My intention would have been to keep my system patched, and just skip the March update.  I did pretty much the same thing with Vista.  I installed the Server 2008 updates all the way through to August of this year, but I skipped the two updates I quoted above.  Slight throughput degradation was becoming evident, and higher CPU usage and CPU fans were running while I was browsing.  Also whenever I ran uTorrent v2.2.1, I could never close it.  Even using Task Manager, you could never kill the task.  I'd have to restart Vista completely.

So, I uninstalled all of the updates back to March 2018, and I removed MSE (since I heard that it's larger definitions might be responsible for the high CPU usage).  Well performance has improved SIGNIFICANTLY.

Now for me, it might matter little because I'm almost ready to dump Vista and my old workstation, for a replacement machine with Windows 8. But even then, I only plan to update to a December 2017 date line (just to see if performance stays high).  One one hand, I want to be able to patch my system (I don't want to stay at December 2017 forever), but I'm becoming unsure if skipping a month, then installing later patches will not lead to the instability I had recently with Vista.

A lot to consider.

 

Edited by Jody Thornton
Link to comment
Share on other sites

Indeed.

Well, I'll try it out, and see what happens.

I have a fully up to date and stable-as-a-rock Windows 7 install to fall back on if need be.

c

Edited by cc333
Link to comment
Share on other sites

On 8/23/2018 at 2:41 PM, greenhillmaniac said:

Time to make things right and update the repository for July and August's updates.

JULY 2018 SECURITY - ("7 - July 2018" Folder)
KB4291391 - Description of the security update for the Windows DNSAPI denial of service vulnerability
http://support.microsoft.com/help/4291391
http://catalog.update.microsoft.com/v7/site/search.aspx?q=4291391

KB4293756 - Description of the security update for the Windows FTP Server denial of service vulnerability
http://support.microsoft.com/help/4293756
http://catalog.update.microsoft.com/v7/site/search.aspx?q=4293756

KB4295656 - Description of the security update for the Windows kernel elevation of privilege vulnerability
http://support.microsoft.com/help/4295656
http://catalog.update.microsoft.com/v7/site/search.aspx?q=4295656

KB4339503 - Description of the security update for the Windows elevation of privilege vulnerability
http://support.microsoft.com/help/4339503
http://catalog.update.microsoft.com/v7/site/search.aspx?q=4339503

KB4340583 - Description of the security update for the Windows denial of service vulnerability (Spectre for Intel and AMD fix!)
http://support.microsoft.com/help/4340583
http://catalog.update.microsoft.com/v7/site/search.aspx?q=4340583


AUGUST 2018 SECURITY - ("8 - August 2018" Folder)
KB4338380 - Description of the security update for the Windows kernel information disclosure vulnerability
http://support.microsoft.com/help/4338380
http://catalog.update.microsoft.com/v7/site/search.aspx?q=4338380

KB4340937 - Description of the security update for the remote code execution vulnerability
http://support.microsoft.com/help/4340937
http://catalog.update.microsoft.com/v7/site/search.aspx?q=4340937

KB4340939 - Description of the security update for the remote code execution vulnerability
http://support.microsoft.com/help/4340939
http://catalog.update.microsoft.com/v7/site/search.aspx?q=4340939

KB4341832 - Description of the security update for the L1TF variant vulnerabilities (Meltdown and Spectre fix!)
http://support.microsoft.com/help/4341832
http://catalog.update.microsoft.com/v7/site/search.aspx?q=4341832

KB4343674 - Description of the security update for the GDI vulnerabilities
http://support.microsoft.com/help/4343674
http://catalog.update.microsoft.com/v7/site/search.aspx?q=4343674

KB4344104 - Description of the security update for the font library vulnerability
http://support.microsoft.com/help/4344104
http://catalog.update.microsoft.com/v7/site/search.aspx?q=4344104


NON-SECURITY - ("Extras" Folder)
KB4339284 - Time zone and DST changes in Windows for North Korea
https://support.microsoft.com/help/4339284
http://www.catalog.update.microsoft.com/search.aspx?q=4339284


.NET FRAMEWORK SECURITY AND QUALITY ROLLUP
https://support.microsoft.com/help/4345593
http://www.catalog.update.microsoft.com/Search.aspx?q=4345593

KB4344151 - .NET Framework 2.0 SP2 (".NET 2.0 SP2\Security and Quality Rollup")
https://support.microsoft.com/help/4344151

KB4344149 - .NET Framework 4.5.2 (".NET 4.5.2\Security and Quality Rollup")
https://support.microsoft.com/help/4344149

KB4344146 - .NET Framework 4.6/4.6.1 (".NET 4.6-4.6.1\Security and Quality Rollup")
https://support.microsoft.com/help/4344146


.NET SECURITY ONLY
https://support.microsoft.com/help/4345682
http://www.catalog.update.microsoft.com/Search.aspx?q=4345682

KB4344176 - .NET Framework 2.0 SP2 (".NET 2.0 SP2\Security Only")
https://support.microsoft.com/help/4344176

KB4344173 - .NET Framework 4.5.2 (".NET 4.5.2\Security Only")
https://support.microsoft.com/help/4344173

KB4344167 - .NET Framework 4.6/4.6.1 (".NET 4.6-4.6.1\Security Only")
https://support.microsoft.com/help/4344167


INTERNET EXPLORER - (Root folder of x86 or x64)
https://support.microsoft.com/en-us/help/4343205
http://catalog.update.microsoft.com/v7/site/search.aspx?q=KB4343205

I wonder who needs that timezone update for North Korea:whistle:
The Spectre and Meltdown related updates are marked as such in the repository so you can avoid them if you want.

 

Good patching!
https://mega.nz/#F!txxRyLzC!1vBMGzMHiL864f3bl1Rj1w

@greenhillmaniac  Are you missing KB4339291 & KB4339854 in July's updates?

https://support.microsoft.com/en-us/help/4339291/security-update-for-security-feature-bypass-vulnerability-in-windows

https://www.catalog.update.microsoft.com/Search.aspx?q=KB4339291

https://support.microsoft.com/en-us/help/4339854/win32k-elevation-of-privilege-vulnerability-in-windows

https://www.catalog.update.microsoft.com/Search.aspx?q=KB4339854

Edit: I forgot KB4340007 (.NET)

Security Only update for .NET Framework 2.0 SP2, 3.0 SP2, 4.5.2, and 4.6

https://support.microsoft.com/en-us/help/4340007/security-only-update-for-net-framework-2-0-sp2-3-0-sp2-4-5-2-and-4-6-f

https://www.catalog.update.microsoft.com/Search.aspx?q=KB4340007

-------------

Thanks again for keeping your repository updated :) .

 

Edited by Ruan
Link to comment
Share on other sites

1 hour ago, Ruan said:

@greenhillmaniac  Are you missing KB4339291 & KB4339854 in July's updates?

Indeed, I am :lol:

I've edited my post and added those updates to the repository.

BTW, I wasn't sure if I should add the July 2017 Security Only .NET updates because of all the issues they caused, but I guess the August updates fixed all of the issues, so I'll add the updates aswell

Link to comment
Share on other sites

@greenhillmaniac

I've got a few more .NET security updates.

KB4346407 .NET 4.6.1 from 8/10/2018

KB4346410 .NET 4.5.2 from 8/10/2018

KB4346743  .NET 2.0 from 7/31/2018

KB4340559 from 8/16/2018  (contains KB4339422 for .NET 2.0, KB4338417 for .NET 4.5.2, and KB4338420 for .NET 4.6.1)

And I'll add my thanks to Ruan's.  It's really really good to have something like your repository, which clearly separates Vista/Server 2008 gold from the chaff if other MS updates -- and I speak with the experience of installing two fresh Vista Ultimate systems in the last  several months.

 

 

Link to comment
Share on other sites

16 hours ago, mike_shupp said:

I've got a few more .NET security updates.

KB4346407 .NET 4.6.1 from 8/10/2018

KB4346410 .NET 4.5.2 from 8/10/2018

KB4346743  .NET 2.0 from 7/31/2018

These are actually just regular updates to fix bugs in the .NET July Updates. I did not come across them from my regular sources, so good catching! I'll be adding them to the repository.

16 hours ago, mike_shupp said:

KB4340559 from 8/16/2018  (contains KB4339422 for .NET 2.0, KB4338417 for .NET 4.5.2, and KB4338420 for .NET 4.6.1)

These are just the Security and Quality Rollups of July 2018, and those are always superseeded by the newest ones available (in this case, the August ones, which I already have in the repository).

16 hours ago, mike_shupp said:

And I'll add my thanks to Ruan's.  It's really really good to have something like your repository, which clearly separates Vista/Server 2008 gold from the chaff if other MS updates -- and I speak with the experience of installing two fresh Vista Ultimate systems in the last  several months.

Thank you so much. Just having people using the repo is enough motivation to keep it updated from month to month. If this makes it easier for people to stay on anything that is not W10, it's a victory :whistle:

Link to comment
Share on other sites

OK, so I briefly tested Vista with every post-EOL Server 2008 update (except the Specre and Meltdown ones), and it ran pretty much fine. It felt a bit clunky, but I attribute that to a hardware failure, as shortly after I installed the updates, my PC's motherboard died :(

So I now have to find some sort of Sandy/Ivy Bridge thing to replace it, at a price that isn't obscene (I remember when decent used motherboards could be had for ~$50 or less; what happened?!) so I can reuse my CPU.

I do have a backup computer I cobbled together running an i7-900-something (soon to be upgraded to a Xeon X5680) and 18 GB RAM, so it's not like I'm stuck without a working desktop :)

It's roughly equivalent architecturally to my 2009 Mac Pro (why not use that, you may ask? Well, it's wildfire season here in No. CA, and I want to keep my best computers packed safely in the car so they're ready to go if anything happens, again (I've already been evacuated twice :( ); It's a 40# hunk of aluminum that I *really* don't feel like lugging out of the house in an emergency (been there, done that)).

c

Link to comment
Share on other sites

11 hours ago, Chronius said:

Has anyone have any success with installing KB4338380? (I guess so since it seems I'll be the only one to have problems with it)

I just tried installing it and it says it's not applicable to my system? I found this page:

https://support.microsoft.com/en-us/help/3057448/the-update-is-not-applicable-to-your-computer-error-when-you-install-w

But I'm pretty sure none of the reasons, why it would not install, listed there does not apply to my case.

It's on my machine, though just for a few days, and I've no indication of difficulty installing it. 

Generally, I find that about one update in six fails as "not applicable" to my system.   Which I always find disconcerting, to be honest, though I ought to expect such rejections -- I've got an AMD chip as CPU so anything aimed an Intel-based system is going to pass me by.  

That said, the most common cause for a failing update is that the update has already been installed without being noticed.  It's easy to lose track of what's what if you're dealing with numbers of up;dates, especially if you've recently installed an OS and had a couple hundred updates suddenly appear.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...