Server 2008 Updates on Windows Vista

[DeathBlow]

On 11/2/2018 at 5:35 PM, greenhillmaniac said:

Thanks, made it myself with my (limited) knowledge of cmd scripting.

Is your script fool-proof? I'd been using self-made batch files (thanks to the help of WinClient5270) of your monthly folders but bottled it when I read there were updates breaking/playing havoc with performance (by the looks of it June was the last month I done, sans KB4093227-v2 for some reason?). Thankfully I've now acquired a secondary HDD I can load with monthly backup images meaning I'm able to quickly revert if things go wrong. Can I just download the lot, change the directory and run that script and it'll install everything applicable (including the .NET updates + ignoring what I've already installed)? 

[mike_shupp]

That time of the month again, and Microsoft has some Win Server 2008 SP2 updates at the MS Update Catalog site.  So far, they've come up with

KB4466536   Nov 2018 Security Update for IE 9

KB4467700   Nov 2018 Security Only Quality Update for WS 2008

KB4467706   Nov 2018 Security & Monthly Quality Rollup for WS 2008

KB4467243   Nov 2018 Security & Quality Rollup for .NET Framework  (with KB4459933 for NDP 2.0, KB4459945 for NDP 4.5, KB4459942 for NDP 4.6)

As usual, I'd suggest waiting a bit before installing things -- Microsoft's been known to change things within a few days (or even hours, on recent occasion).  Wait for GreenHillManiac to give them his blessing, that's the safest policy.

-----------

And almost as promised, a couple of these did get revised.  KB4457700 and KB4467706, the Quality Rollups for Win Server 2008 SP2, were originally dated 9 November.  The KB numbers, hashcodes, and sizes don't seem to have changed, but the dates went to 13 November., suggesting some change in the packaging info.    Same old spam but a different label on the can, that's my take, but I'm not infallible.

Edited November 17, 2018 by mike_shupp
MS made me do it!

[Tamris]

Not sure if it's the right topic to post in but:

According to this: https://www.ghacks.net/2018/11/20/running-windows-7-or-server-2008-you-will-need-this-patch/

Beginning in April next year, Microsoft will sign all updates for Server 2008 using SHA-2 instead of SHA-1, also they will release an update about a month earlier that adds SHA-2 compatibility to Server 2008. I just hope that this update will be compatible with Vista as well.

Edited November 24, 2018 by Tamris

[mike_shupp]

On 11/24/2018 at 12:23 AM, Tamris said:

Not sure if it's the right topic to post in but:

The right place and a good post.  Welcome.

[mike_shupp]

Nearer at hand, for those curious about what the future holds, Microsoft has released some Previews of next months Security and Quality Rollup Updates.  The Windows Server 2008 SP2 update is KB4467687.   The .NET Framework 2.0-4.6.2 update is KB4467227;  this contains KB4459945 (ndp45),  KB4467088 (ndp46), and KB4459933 (for .NET 2.0).    

Basically these tinker with local issues: Daylight savings time zone changes in Russia and Morocco,  revised names for currency in Venezuela, calendar revisions in Japan.  These don't seem to be immediately pressing concerns for most of us here (any of us?),  they don't deal with serious flaws in the Windows Vista/Server 2008 software, and in another couple weeks we'll have the official monthly update releases, maybe with a bit more content.  So we can all be patient.  

This is a pretty-nothing post, in other words.  GreenHillManiac has a policy of excluding routine previews from his database.   It struck me some people might be curious about what they might be missing because of that, so now you know -- Not Much.  

 

 

 

 

Edited November 28, 2018 by mike_shupp

[greenhillmaniac]

BTW, a bit late, but here are the November updates:

• Replaced Monthly Rollup with the new KB4467706 (located on the root directory of the repository)
• Added Security Only Update, KB4467700 (located in the folder "/Security Only (Post August 2018)")
• Replaced Internet Explorer Cumulative Update KB4466536 (located in the folder "/Security Only (Post August 2018)")
• Replaced .NET Framework Security and Quality with:
  -KB4459933 for .NET 2.0 SP2 (located in "/NET 2.0 SP2/Security and Quality Rollup")
  -KB4459945 for .NET 4.5.2 (located in "/NET 4.5.2/Security and Quality Rollup")
  -KB4459942 for .NET 4.6-4.6.1 (located in "/NET 4.6-4.6.1/Security and Quality Rollup")

https://mega.nz/#F!txxRyLzC!1vBMGzMHiL864f3bl1Rj1w

On 11/24/2018 at 8:23 AM, Tamris said:

Beginning in April next year, Microsoft will sign all updates for Server 2008 using SHA-2 instead of SHA-1, also they will release an update about a month earlier that adds SHA-2 compatibility to Server 2008. I just hope that this update will be compatible with Vista as well.

I think Microsoft already released this update for NT 6.0. Checkout KB4039648 on the Extras folder of the repository. They also released this update for Windows 7 in around 2015, if my mind serves me correct. What might change in the coming months is that MS may incorporate this update into the Monthly Rollups... we'll see.

EDIT: Also forgot to add the new timezone update, KB4468323. It's now in the extras folder.

Edited November 28, 2018 by greenhillmaniac

[Tamris]

I did check it out, and, well..

Quote

This update provides support for the Secure Hash Algorithm-2 (SHA-2) code signing and verification functionality in the 64-bit version of Windows Server 2008 Service Pack 2 (SP2)

(...)

Prerequisites

To install this update, you must have Windows Server 2008 SP2 64-bit installed.

Edit: Nvm, I now noticed that you have the 32-bit version in your repository, but looks like I already have it installed so I probably will be fine when April comes. (been following this thread since the time when Vista was EOL'd last year, only now made an account, also wanted to thank all people who have been keeping this thread alive since then, you guys are awesome)

And yes, you're right about Microsoft incorporating it into Monthly Rollups (March 2019 one to be exact, as said in the ghacks link I've mentioned earlier):

Quote

Microsoft published a timeline of events on a new support page:

• February 2019: The SHA-2 update is included in the Preview of Monthly Rollup updates and  available as a standalone update as well.
• March 2019: The update is included in Monthly Rollup and Security-only updates for the operating systems.
• April 2019: Starting in April, updates released in April 2019 or later will be delivered using SHA-2 signing exclusively.

 

Edited November 28, 2018 by Tamris

[dencorso]

1 hour ago, Tamris said:

April 2019: Starting in April, updates released in April 2019 or later will be delivered using SHA-2 signing exclusively.

It sure isn't a coincidence April 2019 is also POSReady 2009's EoS. 

[i430VX]

5 hours ago, dencorso said:

It sure isn't a coincidence April 2019 is also POSReady 2009's EoS. 

Do you happen to know if this will make updating on XP impossible? I.E. are they going to erase all SHA1 updates?

[dencorso]

XP doesn't care about any updates Autenticodes be them SHA-1 or SHA-2. As for whether they'll remove all updates from their servers, maybe. They just did that to the (on-demand) hotfixes, didn't they? But I doubt they'll do it right after EoS... And anyway April 9, 2019 is the last patch Tuesday for POSReady 2009, which means the 1st month without updates should be the following one (.ie.: May). Whatever MS does or doesn't do, it won't cause XP to be impossible to update, anyway. So let's let people get back on-topic, in this thread.

[Tamris]

Well, I secretly hope they keep XP updates on their servers for some time, since, if they get rid of them, it means they will get rid of Windows 2000 updates as well :(.

Edited November 29, 2018 by Tamris

[Tamris]

Okay, so updates for this month seem to be:

KB4471325 - Security Monthly Quality Rollup for Windows Server 2008

KB4471319 - Security Only Quality Update for Windows Server 2008

KB4471990 - Security and Quality Rollup for .NET Framework 3.5 SP1, 4.5.2, 4.6 (and 4.6.1) for Windows Server 2008 SP2

KB4470640 - Security and Quality Rollup for .NET Framework 4.6 (and 4.6.1) for Windows Server 2008 SP2

KB4470637 - Security and Quality Rollup for .NET Framework 4.5.2 for Windows Server 2008 SP2

KB4471102 - Security and Quality Rollup for .NET Framework 3.5 SP1 for Windows Server 2008 SP2

KB4471984 - Security Only Update for .NET Framework 3.5 SP1, 4.5.2, 4.6 (and 4.6.1) for Windows Server 2008

KB4470500 - Security Only Update for .NET Framework 4.6 (and 4.6.1) for Windows Server 2008

KB4470493 - Security Only Update for .NET Framework 4.5.2 for Windows Server 2008

KB4470633 - Security Only Update for .NET Framework 3.5 SP1 for Windows Server 2008

KB4470199 - Cumulative Security Update for Internet Explorer 9 for Windows Server 2008

I think that's all of them, and seems they have decided to make 2 more .NET rollups in case people want either only updates for 3.5 or only for later ones? Or did I just unnecessarily post too many updates? Also, as usual, it's better if you wait at least a week before installing them, we never know what MS might have messed up in any of the updates this time. And I hope Mike won't be mad at me for stealing his job this 1 time lol.

Edited December 26, 2018 by Tamris
Finally added Update Catalog links for people's convenience

[mike_shupp]

4 hours ago, Tamris said:

I hope Mike won't be mad at me for stealing his job ....

Nicely done, and thank you!  My only quibble is with KB4471984, which I suggest ought to be described as KB4471990 was, to show it contains the three security only npdXX files.   Also one addition:  for those who demand everything, the December Malicious Software Removal Tool, KB890830 is out there at the MS Update Catalog as well.  (It's easily overlooked, as the same file apparently works on Win 7 and Win Server 2008 R2 as well.)

As for this being "my job" ... well, no.   The thing is, I'm multi-booting on this system with Win 10 v1809. Win 10 v1803, Win 7, and Vista.  And for most of this year, since the unveiling of the Spectre and Meltdown vulnerabilities, it's seemed sensible to keep control of system updates in my own hands rather than trust MS system updates to make everything right automatically.   To do that, I have to go out to the MS Update Catalog site at least once a month and see what's there.  Since I'm looking at updates for three operating systems, adding a fourth is no big deal.  And then I might as well share what I've learned with other Vista users, who are by definition compatriots .... and if I screw up, as alas happens now and then, we've all got GreenHillManiac to chomp down on that big cigar and set things right!

What else?  There are updates aimed specifically at .NET 3.5 this month, which is kind of ... unusual.  Unusual enough that noting them specifically is probably worth doing.  Generalizing wildly, some .NET patches conflict with others, and some don't.  Specfically, there are a batch of  .NET 2 patches, generally with names like WINDOWS6.0-KBXXXXXXX- .... MSU, that everybody ought to have on their system (or at least try to have; some of these get obsoleted and won 't install).  There are some .NET 3.5 patches, named NDP3.5xxxxx or such, and they ought to be installed.   Then there are .NET 4 patches, an unholy mess.   These last have numbers like 4.0.X, 4.5.X, 4.6.X, and 4.7.X.  The 4.0 series is aimed at Win XP, I suspect.    People with 4.5 and 4.6 versions of .NET can't use the 4.0 patches.  People with 4.5.0 can install 4.5.1 patches and 4.5.2 and so on, but not 4.6.X or 4.7.X patches.  However, people with 4.6 can install 4.7 patches -- in fact folks at MS sometime seem confused,  and you'll get something described as a .NET 4.6 patch at the MSUC site which  refers to itself as a .NET 4.7 patch during installation.

 

Hmmmm.   I seem to have made a post here even if Tamris did do the heavy lifting this time.   Christmas season, I recall, and this was a present.  Thank your for the lovely gift, Tamris!

Edited December 12, 2018 by mike_shupp

[Tamris]

Looks like Microsoft has released an out of band security update for Internet Explorer - KB4483187, Update catalog link.

Edited December 20, 2018 by Tamris

[mike_shupp]

Nah, it's new.  Just released today or yesterday, so there's no way you could have spotted it last week -- unless you're a MS test engineer.   So, you got it, and you can pat yourself on the back for posting here about it.  I'd do it myself if I were capable, but reaching from San Francisco to Poland takes a bigger arm than I've got!  But thanks!