Server 2008 Updates on Windows Vista

[greenhillmaniac]

10 minutes ago, Lambo said:

Vistapocalypse said: "KB4019276 was superseded by KB4056564" --> I dont have KB4019276 installed but actually I have KB4056564. So all I have to do now is that I have to run the reg file? But the reg file name is: "Windows6.0-KB4019276-TLS-x64"

Yeah, though I still need to revise it for x64.

[Vistapocalypse]

@Lambo since you are the only interested party running Vista x64 at the moment, could you please confirm that there are OSVersion values in both the TLS1.1 and TLS1.2 keys at this location in your registry:

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AdvancedOptions\CRYPTO\

[Lambo]

On 9/4/2019 at 1:05 AM, Vistapocalypse said:

@Lambo since you are the only interested party running Vista x64 at the moment, could you please confirm that there are OSVersion values in both the TLS1.1 and TLS1.2 keys at this location in your registry:

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AdvancedOptions\CRYPTO\

There are TLS1.1 and TLS1.2 folders in this location. 

[TurulMM]

On 9/4/2019 at 1:05 AM, Vistapocalypse said:

@Lambo since you are the only interested party running Vista x64 at the moment, could you please confirm that there are OSVersion values in both the TLS1.1 and TLS1.2 keys at this location in your registry:

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AdvancedOptions\CRYPTO\

What OSVersion values do you exactly need? This number: 3.6.1.0.0 ? (I am also Lambo but on Win10 I used this account)

Edited September 13, 2019 by TurulMM

[Vistapocalypse]

2 hours ago, TurulMM said:

What OSVersion values do you exactly need? This number: 3.6.1.0.0 ? (I am also Lambo but on Win10 I used this account)

I do not need anything personally, having long ago manually edited my Vista x86 registry according to VistaLover's instructions. My point was that those instructions, and therefore @greenhillmaniac's Reg file, are insufficient for Vista x64. The information provided by Lambo should be sufficient for greenhillmaniac to make an x64 version of the Reg file, but it appears that he has not yet done so. If you want to manually edit your registry, a disciple of VistaLover posted instructions at another forum that include the additional edits needed for Vista x64. However, you should not expect too much from IE9 even with this enhancement.

[erpdude8]

On 9/3/2019 at 11:15 AM, Lambo said:

Vistapocalypse said: "KB4019276 was superseded by KB4056564" --> I dont have KB4019276 installed but actually I have KB4056564. So all I have to do now is that I have to run the reg file? But the reg file name is: "Windows6.0-KB4019276-TLS-x64"

There are two versions of KB4056564 Lambo.  the original one released in early March 2018 and a revised "V2" version in early May 2018.
Do you have "original" KB4056564 or the V2 version?

[Vistapocalypse]

As erpdude8 has recently pointed out elsewhere, there is a new sevicing stack update  KB4517134 this month that replaces April's KB4493730. This SSU should be installed before the September rollup. For those who have not yet upgraded to build 6003 by installing any updates released after March 2019 (e.g. me), I would dare say it should be installed instead of April's SSU.

On 5/14/2019 at 2:02 PM, Vistapocalypse said:

There is also KB4474419 for SHA-2 code signing support. It is unclear to me whether this could benefit Vista at all, but those who are actually running Server 2008 will need it to continue receiving Windows updates until January (see 2019 SHA-2 Code Signing Support requirement for Windows and WSUS).

I am now convinced that KB4474419 is of no benefit whatsoever to those running Vista, although V2 at least causes no known issues (see this June 15 post). In order to manually install Server 2008 SP2 updates released in July 2019 or later that only have SHA-256 digital signatures, all that seems to be required is the SSU mentioned above. Windows Update appears to give Vista 6003 the cold shoulder even if SHA-2 code signing support is installed, e.g. see the P.S. in Ruan's August 21 post and ensuing discussion. If anyone disagrees with my conclusion, please explain.

Edited September 30, 2019 by Vistapocalypse
strikethrough a boo-boo

[Vistapocalypse]

On 9/21/2019 at 11:28 AM, Vistapocalypse said:

...For those who have not yet upgraded to build 6003 by installing any updates released after March 2019 (e.g. me), I would dare say [KB4517134] should be installed instead of April's SSU...

Oops! The new SSU only has an sha256 digital signature, and April's SSU is a prerequisite for such updates, hence KB4493730 apparently must be installed before KB4517134 in any case!?

[cryptoguest_01]

It seems that this month's cumulative update for IE9, KB4524135, has been released earlier than usual?

[VistaLover]

6 hours ago, Kwasiarz said:

It seems that this month's cumulative update for IE9, KB4524135, has been released earlier than usual?

... More rather a belated release to patch a vulnerability made public in September!

https://borncity.com/win/2019/10/03/internet-explorer-cumulative-update-kb4524135-10-03-2019/

Quote

The cumulative update addresses again the CVE-2019-1367 vulnerability, and this time it is shipped via both Windows Update and WSUS. The update can also be downloaded from the Microsoft Update Catalog and installed manually.

I'd still look out in the Catalog come next Patch Tuesday (Oct 8th 2019) for a newer IE9 cumulative update...

Edited October 5, 2019 by VistaLover

[cryptoguest_01]

@VistaLover You're obviously right, don't know why I even thought that.

 

Back on topic, here's a list of October updates, along with the download links:

KB4520009 - Security Only Update for Windows Server 2008 SP2 - 32-bit | 64-bit

KB4520002 - Security Monthly Quality Rollup for Windows Server 2008 SP2 - 32-bit | 64-bit

KB4519974 - Cumulative Security Update for Internet Explorer 9 - 32-bit | 64-bit

KB4524105 - Security and Quality Rollup for .NET Framework 2.0, 3.0, 4.5.2, 4.6 (and all other versions that unoficially work on Vista as well, up to 4.7.2) - MS Update Catalog Link

KB4519108 - Timezone Update for Windows Server 2008 SP2 - 32-bit | 64-bit

Edited November 7, 2019 by Kwasiarz
Added KB4519108

[Vistapocalypse]

I'm glad to see that someone is still interested enough to post a list of the latest updates. Thank you Kwasiarz.  It occurs to me that no one ever posted a list of the September updates. Of course the September rollups have now been superseded anyway, but it might bear repeating that there was a second servicing stack update, KB4517134 , that should be installed before any newer updates.

On 9/21/2019 at 11:28 AM, Vistapocalypse said:

I am now convinced that KB4474419 is of no benefit whatsoever to those running Vista, although V2 at least causes no known issues (see this June 15 post). In order to manually install Server 2008 SP2 updates released in July 2019 or later that only have SHA-256 digital signatures, all that seems to be required is the SSU mentioned above. Windows Update appears to give Vista 6003 the cold shoulder even if SHA-2 code signing support is installed, e.g. see the P.S. in Ruan's August 21 post and ensuing discussion. If anyone disagrees with my conclusion, please explain.

Nevertheless, it has come to my attention that Microsoft has continued to modify KB4474419, and v4 of the update was posted yesterday.

[erpdude8]

On 10/5/2019 at 10:24 AM, VistaLover said:

... More rather a belated release to patch a vulnerability made public in September!

https://borncity.com/win/2019/10/03/internet-explorer-cumulative-update-kb4524135-10-03-2019/

I'd still look out in the Catalog come next Patch Tuesday (Oct 8th 2019) for a newer IE9 cumulative update...

that KB4524135 IE update on 10/3 was an out-of-band update while KB4519974 was the regularly scheduled update on 10/8

On 10/9/2019 at 10:05 AM, Vistapocalypse said:

I'm glad to see that someone is still interested enough to post a list of the latest updates. Thank you Kwasiarz.  It occurs to me that no one ever posted a list of the September updates. Of course the September rollups have now been superseded anyway, but it might bear repeating that there was a second servicing stack update, KB4517134 , that should be installed before any newer updates.

Nevertheless, it has come to my attention that Microsoft has continued to modify KB4474419, and v4 of the update was posted yesterday.

I have given Vista another chance and installed Vista Business edition 64bit (basically a Vista "Pro") on my mom's old Dell Inspiron laptop on a spare 250gb western digital hard drive this past weekend and will use it until 1/14/2020.  I find that installing KB4474419 alone (by itself w/ no other recent updates from April 2019 onward) changes the Vista build number from 6002 to 6003 (as I checked winver.exe and msinfo32.exe apps)

On the other hand, I have the older SHA-2 update (KB4039648 V2) installed that greenhillmaniac mentioned more than a year ago that does not change the Vista 600x build number

 

Edited October 29, 2019 by erpdude8

[VistaLover]

On 10/29/2019 at 11:57 AM, erpdude8 said:

I find that installing KB4474419 alone (by itself w/ no other recent updates from April 2019 onward) changes the Vista build number from 6002 to 6003

I had to install recently the standalone KB4474419v4 file to enable SHA-2 code signing support in my SP2 system; I can, too, confirm it comes with raising the build number to 6003:

Edited October 30, 2019 by VistaLover

[Vistapocalypse]

13 minutes ago, VistaLover said:

I had to install recently the standalone KB4474419v4 file to enable SHA-2 code signing support in my SP2 system; I can, too,  confirm it comes with raising the build number to 6003:

Why did you have to do so my friend? What is the advantage for Vista? Can you also confirm that Windows Update is now dysfunctional? Any Server 2008 update released after March 2019 will change the build number (except perhaps cumulative updates for IE9), and the build number change apparently breaks Windows Update completely (not that WU delivers anything new to Vista in any case).