Server 2008 Updates on Windows Vista

[Vistapocalypse]

According to Microsoft, CVE-2019-0708 is so critical that they have posted customer guidance for various unsupported Windows versions. In the case of Windows Vista, Microsoft recommends installing KB4499180 (May's security-only update for Server 2008).  The KB article in turn recommends that you first install April's Servicing stack update for Windows Server 2008 SP2.

[greenhillmaniac]

55 minutes ago, Vistapocalypse said:

According to Microsoft, CVE-2019-0708 is so critical that they have posted customer guidance for various unsupported Windows versions. In the case of Windows Vista, Microsoft recommends installing KB4499180 (May's security-only update for Server 2008).  The KB article in turn recommends that you first install April's Servicing stack update for Windows Server 2008 SP2.

Lol, Microsoft cares so little about Vista that they just straight up say: "Install Server 2008 patches, we don't care..."

[Vistapocalypse]

1 hour ago, greenhillmaniac said:

Lol, Microsoft cares so little about Vista that they just straight up say: "Install Server 2008 patches, we don't care..."

Or perhaps they say, "You want patches? Here's a critical patch that breaks your best free antivirus, lol."

 

[Vistapocalypse]

Adding insult to injury, the critical patch for Windows XP reportedly does not break Avast 18.8. There is a good discussion about mitigation etc. in this XP thread.

If Avast v.18,8 is broken, then it is probably safe to assume that AVG v.18.8 (owned by Avast) is also broken. I would never suggest relying on a 4-year-old version of Spybot, but an April 28 AskWoody post might mean that it is also broken. It also might not be a coincidence that ESET decided to end support for Vista last month. I would not call that an "announcement" because it was buried in an article about Windows 10 May 2019 update compatibility with ESET products, but it states that "Microsoft will begin to enforce their End-Of-Life policy for Vista," causing me to wonder if ESET knew something that we are just beginning to figure out? And of course there is the issue with VMware reported by Jaguarek62. Would someone who is still optimistic about the topic of this thread please post?

Edit: I was overly pessimistic on May 29. Yes, AVG was broken by the build-number change along with Avast, but both have been fixed by micro-updates. No doubt the BlueKeep patch for Windows XP did not change their build number. BTW Microsoft thinks patching BlueKeep is pretty darn important, so avoiding build 6003 is risky.

Edited June 8, 2019 by Vistapocalypse

[Jaguarek62]

20 hours ago, Vistapocalypse said:

Adding insult to injury, the critical patch for Windows XP reportedly does not break Avast 18.8. There is a good discussion about mitigation etc. in this XP thread.

If Avast v.18,8 is broken, then it is probably safe to assume that AVG v.18.8 (owned by Avast) is also broken. I would never suggest relying on a 4-year-old version of Spybot, but an April 28 AskWoody post might mean that it is also broken. It also might not be a coincidence that ESET decided to end support for Vista last month. I would not call that an "announcement" because it was buried in an article about Windows 10 May 2019 update compatibility with ESET products, but it states that "Microsoft will begin to enforce their End-Of-Life policy for Vista," causing me to wonder if ESET knew something that we are just beginning to figure out? And of course there is the issue with VMware reported by Jaguarek62. Would someone who is still optimistic about the topic of this thread please post?

Hi, im happy to report that the new may monthly rollup preview did fix the vmware issue. I mean the new preview (23rd of may). But i recommend to everyone to just stick with virtual box. Vmware keeps crashing and it is annoying though it no longer crash the os. I still can't use banking site on my laptop, cause i use id card to log in and that would cause vista to crash with win32k nonsense again. i'l keep you updated if anyone changes in future. I still use vista on my main laptop so it is easy for me to tell if new update has broken something or not.

[Vistapocalypse]

2 hours ago, Jaguarek62 said:

Hi, im happy to report that the new may monthly rollup preview did fix the vmware issue. I mean the new preview (23rd of may). But i recommend to everyone to just stick with virtual box. Vmware keeps crashing and it is annoying though it no longer crash the os. I still can't use banking site on my laptop, cause i use id card to log in and that would cause vista to crash with win32k nonsense again...

Thanks for the update! I don't see any obvious explanation in KB4499184 though. Are you sure you tried KB4499149 earlier? Regarding your banking site problem, did you see dencorso's April 22 reply? (I do not use online banking myself.)

One question you never answered: Are you using an antivirus? Even an antivirus that is not broken is noteworthy these days.

[Jaguarek62]

2 hours ago, Vistapocalypse said:

Thanks for the update! I don't see any obvious explanation in KB4499184 though. Are you sure you tried KB4499149 earlier? Regarding your banking site problem, did you see dencorso's April 22 reply? (I do not use online banking myself.)

One question you never answered: Are you using an antivirus? Even an antivirus that is not broken is noteworthy these days.

Oh sorry i didn't notice. No, i'm not using any antivirus software.I've installed the may udate as soon as it was available, but vmware was still bsoding my machine. For some unknown reason the Preview does seems to fix it (mostly). Maybe someone can try if avast will run again after this patch..

[Vistapocalypse]

A question about Win32k.sys BSOD on Server 2008 SP2 upon installation of May updates was posted at spiceworks yesterday.

Edit: It was that thread that convinced Avast to issue micro-updates for compatibility with Windows build 6.0.6003.

Edited June 8, 2019 by Vistapocalypse

[Vistapocalypse]

On 5/30/2019 at 2:01 PM, Jaguarek62 said:

...I've installed the may udate as soon as it was available, but vmware was still bsoding my machine. For some unknown reason the Preview does seems to fix it (mostly). Maybe someone can try if avast will run again after this patch..

Sorry to bother you again, but if you have skipped recent security updates in favor of the "non-security" Preview, it now occurs to me that you have not patched CVE-2019-0708 a.k.a. BlueKeep (see my post at the top of this page), among other things. And yes, avoiding all security updates since March would presumably allow Avast to be used; but installing security updates is really the whole point of this thread.

Edited June 4, 2019 by Vistapocalypse

[Jaguarek62]

9 hours ago, Vistapocalypse said:

Sorry to bother you again, but if you have skipped recent security updates in favor of the "non-security" Preview, it now occurs to me that you have not patched CVE-2019-0708 a.k.a. BlueKeep (see my post at the top of this page), among other things. And yes, avoiding all security updates since March would presumably allow Avast to be used; but installing security updates is really the whole point of this thread.

i haven't skip any updates, but i've installed preview on top of the current may updates.

[artomberus]

KB4474419 broke themes in my Vista (only classic win95-like style is available). Also it gives an error '"Windows could not connect to the System Event Notification Service service". I'm rolled back and errors dissappeared.

[Vistapocalypse]

On 6/4/2019 at 5:10 AM, artomberus said:

KB4474419 broke themes in my Vista (only classic win95-like style is available). Also it gives an error '"Windows could not connect to the System Event Notification Service service". I'm rolled back and errors dissappeared.

KB4474419 adds SHA-2 code signing support for Server 2008, which needs the update to continue receiving automatic Windows updates after July according to 2019 SHA-2 Code Signing Support requirement for Windows and WSUS. Of course Windows Update will never deliver Server 2008 updates to Vista in any event, so the only possible benefit might be automatic updates for MS Office and Windows Defender.

Edit: KB4474419 was "updated June 11, 2019 for Windows Server 2008 SP2 to correct an issue with the SHA-2 support for MSI files."

One question: Have you also installed the preview KB4499184 that Jaguarek62 recommends above?

Edited June 11, 2019 by Vistapocalypse

[artomberus]

@Vistapocalypse, no, this update has passed my attention.  I can install it and check AVG again. I can then delete through safe mode, if something goes wrong?)

UPD. I just installed this update. Everything still works.

Edited June 4, 2019 by artomberus

[Vistapocalypse]

54 minutes ago, artomberus said:

@Vistapocalypse, no, this update [KB4499184] has passed my attention...
 

Thanks again! It sounds like the Avast/AVG issue is solved by avoiding KB4474419 - not by installing KB4499184, which you had not yet installed. I am content to let Jaguarek62 figure out the VMware issue, which might not be so closely related after all, despite producing the same BSOD.

[Vistapocalypse]

On 6/4/2019 at 12:34 PM, Vistapocalypse said:

It sounds like the Avast/AVG issue is solved by avoiding KB4474419

However KB4474419 is a May update, whereas @Stevo reported that the issue began with April updates.

Quote

All been running Ok with monthly Server 2008 updates up till April 2019 update Kb4493471 (also tried Kb4493458) now get BSOD stop error 0x0000008E WIN32K.sys...

 

Edited June 8, 2019 by Vistapocalypse