Jump to content
Strawberry Orange Banana Lime Leaf Slate Sky Blueberry Grape Watermelon Chocolate Marble
Strawberry Orange Banana Lime Leaf Slate Sky Blueberry Grape Watermelon Chocolate Marble

MSFN is made available via donations, subscriptions and advertising revenue. The use of ad-blocking software hurts the site. Please disable ad-blocking software or set an exception for MSFN. Alternatively, register and become a site sponsor/subscriber and ads will be disabled automatically. 


Sign in to follow this  
Jody Thornton

Microsoft patches Windows XP to fight 'WannaCry' attacks

Recommended Posts

28 minutes ago, sdfox7 said:

I went to Windows Update to see if this update was available, and actually can't access Windows Update. Can anyone confirm if WU still works? I disabled SSL 3.0 because most sites don't work with it due to POODLE.

wupupd.jpg

I'm at work and we have two XP machines in use here.  I tried using Windows Update and cannot.  The Automatic Updates service is running.  But the page won't render in Internet Explorer 8.  Also getting to the Update Catalog in Firefox ESR appears to be problematic from these XP machines.

:(

Share this post


Link to post
Share on other sites

The patch was released in March - so if you have kb4012598 then you're fine. EDIT: XP patch also available here.

It is also available from this page along with the Vista, etc., patches as well.

2017-05-14_071034.jpg

Edited by Luxman
  • Upvote 1

Share this post


Link to post
Share on other sites
9 minutes ago, JodyT said:

I'm at work and we have two XP machines in use here.  I tried using Windows Update and cannot.  The Automatic Updates service is running.  But the page won't render in Internet Explorer 8.  Also getting to the Update Catalog in Firefox ESR appears to be problematic from these XP machines.

:(

JodyT

I'm not sure what is causing your Firefox issues. I'm not having any issues with Firefox ESR 52.1.1. The update is also available manually from the Windows Update Catalog, using Google Chrome 49.0.2623.112.

I have to admit, the catalog is slower than molasses!

http://www.catalog.update.microsoft.com/Search.aspx?q=kb4012598

kb4012598.jpg

kb4012598_2.jpg

Share this post


Link to post
Share on other sites
5 hours ago, JodyT said:

I'm at work and we have two XP machines in use here.  I tried using Windows Update and cannot.  The Automatic Updates service is running.  But the page won't render in Internet Explorer 8.  Also getting to the Update Catalog in Firefox ESR appears to be problematic from these XP machines.

Currently, it seems that the redirection was consciously changed by MS for WU/MU under IE. Whether this changes again is in the stars!
As an alternative, following web links for Internet Explorer:

for Windows Update	http://update.microsoft.com/windowsupdate

for Microsoft Update	http://update.microsoft.com/microsoftupdate


Here is a nice picture of our railway stations in Germany.

C_pw0vzWAAESddW.jpg

Image source Twitter

:)

Edited by heinoganda

Share this post


Link to post
Share on other sites

It is advisable to uninstall file and print sharing on Windows XP?

1) http://ca.huji.ac.il/services/security/sharingXP-uninstall.shtml

2) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters

Name: SMBDeviceEnabled Type: DWORD (REG_DWORD) Data: 0

3) services.msc - Stop and disable server service

Verify netstat -an

What could be the best method?

______________________________________

https://www.askwoody.com/2017/how-to-make-sure-you-wont-get-hit-by-wannacrywannacrypt/

Edited by Sampei.Nihira

Share this post


Link to post
Share on other sites
8 hours ago, JodyT said:

I'm at work and we have two XP machines in use here.  I tried using Windows Update and cannot.  The Automatic Updates service is running.  But the page won't render in Internet Explorer 8.  Also getting to the Update Catalog in Firefox ESR appears to be problematic from these XP machines.

:(

JodyT

The built-in http://windowsupdate.microsoft.com/ functionality in Internet Explorer is currently not working (and may never again, only Microsoft knows this!)

I wonder if that got turned off last month, along with the end of Vista support.

To regain access to Windows Update, use the legacy v6 version of the site, it still works flawlessly, just as it always has!

http://www.update.microsoft.com/windowsupdate/v6/default.aspx?ln=en-us

wupupd2.jpg

Edited by sdfox7
edit v6 update link
  • Upvote 1

Share this post


Link to post
Share on other sites

Thanks guys, before I went home from work, I was able to use the Microsoft Update Catalog.  So I updated the two PCs.

:)

Share this post


Link to post
Share on other sites

I've been out and about all day, so I haven't had a chance to see responses to me until just now.

17 hours ago, JodyT said:

But how is this FUD though?  This has now been demonstrated as a reality.  I realize most here run POSReady 2019 updates, so that's good, but that's not most XP users (as you've mentioned)

First, @JodyT, my remarks were not meant as a personal slight toward you. When I spoke of "the FUD crowd," I mean the sort of people who badger XP users with snide condescension or even outright vein-bulging malice. You didn't do or say anything like that in this thread, and no, I don't consider you saying you feel vindicated in your concerns as something "the FUD crowd" would say.

"The FUD crowd" is liable to treat this whole incident as a smug "I told you so." I didn't get that feeling from your comments.

That being said, the FUD narrative around XP is that there is nothing XP users can do to protect themselves ... except by upgrading to 10. Here at MSFN we know this to be false, partly because we know Microsoft is still supporting XP after a fashion, and partly because this is a community of experts and hobbyists who will jury-rig solutions to make older OSes as viable as possible.

What's been demonstrated here is not quite the fulfillment of the FUD narrative. Nevertheless, it will convince many corporate users of XP to upgrade.

16 hours ago, Mcinwwl said:

We can get away with POSready-ing our home XP's but imagine that whole, let say, British NHS is going to use this trick, and how many lawyers' bul***** might be thrown into when M$ will realize that thousands of machines are getting updates that no one have paid form :>

Indeed. This is one of the things I was thinking of when I'd mentioned that IT departments who know about the POSReady trick can't do it for executive/managerial reasons.

17 hours ago, JodyT said:

And one other thing?  Why is it not OK for Microsoft to say, "sorry we gave you 13 years of support, so now please let's move along".  Why is that a bad thing?  Microsoft needs to sell products to stay in business.  So if they aren't going to patch on older OS, then it's vulnerable.  It's not their responsibility to bail out companies that won't switch.

Correct me if I'm wrong, but I don't think I or anyone else in this thread said that Microsoft was obligated to plug this leak for the unsupported OSes. I already commented in another thread that I was completely taken by surprise by Microsoft's decision to provide this patch for XP and Vista.

I still think what I said there plays a major role in why they chose to release updates: choosing not to do so and simply saying "We warned you, you should have upgraded to Windows 10 when you had the chance" would have meant taking a serious hit in the company's reputation with potential financial repercussions. As the developer of the OSes as well as the one who decides when to stop providing updates for them, Microsoft was in a unique position to help stop WannaCry's rampage. This was not simply affecting home users, but major businesses and especially hospitals, which is a bit more serious considering it potentially puts lives at risk.

Doing nothing in the face of that might have made Microsoft seem callous, and discourage current or prospective clients from using Microsoft services or products in the future. That's the only reason why I think Microsoft didn't play the "we told you so, now pay the price" card: because they saw a risk of losing more money by doing nothing than by doing something.

Quote

And yet, we call that FUD here.  No, it's just progress.

This might be the only thing you've said which actually approaches the attitude I described as characteristic of "the FUD crowd," @JodyT, but only because it's reminiscent of the smug sort of Agent Smith-like talk to which I've been accustomed to hearing from them.

Suffice it to say, I don't agree that "it's just progress." It's more just a business model that Microsoft didn't have to follow, but continued to do so until they got to Windows 10.

Edited by TrevMUN

Share this post


Link to post
Share on other sites
10 hours ago, Sampei.Nihira said:

It is advisable to uninstall file and print sharing on Windows XP?

1) http://ca.huji.ac.il/services/security/sharingXP-uninstall.shtml

2) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters

Name: SMBDeviceEnabled Type: DWORD (REG_DWORD) Data: 0

3) services.msc - Stop and disable server service

Verify netstat -an

What could be the best method?

______________________________________

https://www.askwoody.com/2017/how-to-make-sure-you-wont-get-hit-by-wannacrywannacrypt/

the exploit only affects SMB 1
if you kill everything related to SMB, you will kill SMB 2 and 3, which should not be disabled

Share this post


Link to post
Share on other sites

As far as I have tested, Microsoft did NOT put the KB4012598 update into Windows Update, so you must download and install it from the catalog.

To save people's effort of browsing that broken interface of Microsoft Update Catalog, I've dumped all URLs from the pages.

 

Security Update for Windows XP SP3 (KB4012598)
http://download.windowsupdate.com/d/csa/csa/secu/2017/02/windowsxp-kb4012598-x86-custom-ara_ec0e5c3d7d1433686c5d59a144d25f99d2e42945.exe
http://download.windowsupdate.com/d/csa/csa/secu/2017/02/windowsxp-kb4012598-x86-custom-chs_dca9b5adddad778cfd4b7349ff54b51677f36775.exe
http://download.windowsupdate.com/d/csa/csa/secu/2017/02/windowsxp-kb4012598-x86-custom-cht_a84b778a7caa21af282f93ea0cdada0f7abb7d6a.exe
http://download.windowsupdate.com/d/csa/csa/secu/2017/02/windowsxp-kb4012598-x86-custom-csy_0d3b05e28c9b74e02f8880d510236e2ca946136f.exe
http://download.windowsupdate.com/d/csa/csa/secu/2017/02/windowsxp-kb4012598-x86-custom-dan_2923c2e1c5af998fccbefdf943dd21541290970a.exe
http://download.windowsupdate.com/d/csa/csa/secu/2017/02/windowsxp-kb4012598-x86-custom-deu_c1e81e14c283f2adbbdce9c1de348b4295b6a45c.exe
http://download.windowsupdate.com/d/csa/csa/secu/2017/02/windowsxp-kb4012598-x86-custom-ell_c7096e83ecfbb487569f986f50ec9cd7bf1b6476.exe
http://download.windowsupdate.com/d/csa/csa/secu/2017/02/windowsxp-kb4012598-x86-custom-enu_eceb7d5023bbb23c0dc633e46b9c2f14fa6ee9dd.exe
http://download.windowsupdate.com/d/csa/csa/secu/2017/02/windowsxp-kb4012598-x86-custom-esn_1fbe054158b612f4d37558975f925469239fa4c3.exe
http://download.windowsupdate.com/d/csa/csa/secu/2017/02/windowsxp-kb4012598-x86-custom-fin_8437b82a5813c7bbfc49acf41184964571dbc4a7.exe
http://download.windowsupdate.com/d/csa/csa/secu/2017/02/windowsxp-kb4012598-x86-custom-fra_eb47689656c58ab374521babb9bdca07304d87f5.exe
http://download.windowsupdate.com/d/csa/csa/secu/2017/02/windowsxp-kb4012598-x86-custom-heb_6f350108d1fc966e2827275791f7fa59ed2b796e.exe
http://download.windowsupdate.com/d/csa/csa/secu/2017/02/windowsxp-kb4012598-x86-custom-hun_c224c0c73222bf850a7c3925aa77710374dea7c6.exe
http://download.windowsupdate.com/d/csa/csa/secu/2017/02/windowsxp-kb4012598-x86-custom-ita_fd509a8ba0a6d53bbe3ebe596ea8c8a15e0a2852.exe
http://download.windowsupdate.com/d/csa/csa/secu/2017/02/windowsxp-kb4012598-x86-custom-jpn_1836e8e67fdffb285b730c1476ec1806bc7c5658.exe
http://download.windowsupdate.com/d/csa/csa/secu/2017/02/windowsxp-kb4012598-x86-custom-kor_b2a6516e2fd541c75ebb4bcaeb15e91846ac90c5.exe
http://download.windowsupdate.com/d/csa/csa/secu/2017/02/windowsxp-kb4012598-x86-custom-nld_b5ca96f480a0c1eed967f4d61d8eb7c8ace46003.exe
http://download.windowsupdate.com/d/csa/csa/secu/2017/02/windowsxp-kb4012598-x86-custom-nor_8267b2e4fee715c7c5dc8694a9ec851fb3af2a74.exe
http://download.windowsupdate.com/d/csa/csa/secu/2017/02/windowsxp-kb4012598-x86-custom-plk_05bec673af4dad0a111aacb89fe2c463539c010e.exe
http://download.windowsupdate.com/d/csa/csa/secu/2017/02/windowsxp-kb4012598-x86-custom-ptb_916cb3aa70ee0e49588196aae0df8f19bfd1c127.exe
http://download.windowsupdate.com/d/csa/csa/secu/2017/02/windowsxp-kb4012598-x86-custom-ptg_90b15b2c32519cc241a8edebd1d912ab93b8b950.exe
http://download.windowsupdate.com/d/csa/csa/secu/2017/02/windowsxp-kb4012598-x86-custom-rus_84397f9eeea668b975c0c2cf9aaf0e2312f50077.exe
http://download.windowsupdate.com/d/csa/csa/secu/2017/02/windowsxp-kb4012598-x86-custom-sve_83fda8bb513115db20f024cecf43008fe8bc36c4.exe
http://download.windowsupdate.com/d/csa/csa/secu/2017/02/windowsxp-kb4012598-x86-custom-trk_6e77a15f3faabd3db9928e7adedcde687f412a72.exe

More links are here, if you're interested:
https://github.com/Explorer09/Ex-pit/blob/master/KB4012598-direct-links.txt

KB4012598-direct-links.txt

  • Upvote 2

Share this post


Link to post
Share on other sites
5 hours ago, vinifera said:

the exploit only affects SMB 1
if you kill everything related to SMB, you will kill SMB 2 and 3, which should not be disabled

Windows XP only has SMBv1.

Share this post


Link to post
Share on other sites
12 hours ago, TrevMUN said:

I've been out and about all day, so I haven't had a chance to see responses to me until just now.

First, @JodyT, my remarks were not meant as a personal slight toward you. When I spoke of "the FUD crowd," I mean the sort of people who badger XP users with snide condescension or even outright vein-bulging malice. You didn't do or say anything like that in this thread, and no, I don't consider you saying you feel vindicated in your concerns as something "the FUD crowd" would say.

"The FUD crowd" is liable to treat this whole incident as a smug "I told you so." I didn't get that feeling from your comments.

That being said, the FUD narrative around XP is that there is nothing XP users can do to protect themselves ... except by upgrading to 10. Here at MSFN we know this to be false, partly because we know Microsoft is still supporting XP after a fashion, and partly because this is a community of experts and hobbyists who will jury-rig solutions to make older OSes as viable as possible.

What's been demonstrated here is not quite the fulfillment of the FUD narrative. Nevertheless, it will convince many corporate users of XP to upgrade.

Indeed. This is one of the things I was thinking of when I'd mentioned that IT departments who know about the POSReady trick can't do it for executive/managerial reasons.

Correct me if I'm wrong, but I don't think I or anyone else in this thread said that Microsoft was obligated to plug this leak for the unsupported OSes. I already commented in another thread that I was completely taken by surprise by Microsoft's decision to provide this patch for XP and Vista.

I still think what I said there plays a major role in why they chose to release updates: choosing not to do so and simply saying "We warned you, you should have upgraded to Windows 10 when you had the chance" would have meant taking a serious hit in the company's reputation with potential financial repercussions. As the developer of the OSes as well as the one who decides when to stop providing updates for them, Microsoft was in a unique position to help stop WannaCry's rampage. This was not simply affecting home users, but major businesses and especially hospitals, which is a bit more serious considering it potentially puts lives at risk.

Doing nothing in the face of that might have made Microsoft seem callous, and discourage current or prospective clients from using Microsoft services or products in the future. That's the only reason why I think Microsoft didn't play the "we told you so, now pay the price" card: because they saw a risk of losing more money by doing nothing than by doing something.

This might be the only thing you've said which actually approaches the attitude I described as characteristic of "the FUD crowd," @JodyT, but only because it's reminiscent of the smug sort of Agent Smith-like talk to which I've been accustomed to hearing from them.

Suffice it to say, I don't agree that "it's just progress." It's more just a business model that Microsoft didn't have to follow, but continued to do so until they got to Windows 10.

Without delving too far into politics, this reminds me of the incident last year where the FBI reopened Clinton's email case in order to "help" her. In fact, it probably hurt her, because the email debacle had died down somewhat, and reopening the case just brought back bad memories.

Similarly, it seems clear to me that Microsoft has not issued this as a goodwill patch to "help" XP users. XP remains popular, so Microsoft is just trying to make XP appear more vulnerable and discourage its use, and by issuing a new patch, it brings XP back into the news.

Share this post


Link to post
Share on other sites

We have updated all the XP systems we have at work, as well as Windows Server 2003. Unfortunately, I can't apply the POSReady registry entry, 'cause, if they find out, I would be fired and company would have to pay a fine, otherwise I would have applied it years ago. Although our workstations are running Windows 7 Enterprise, we have many computers running XP and we are not planning to move to any other OS anytime soon. Besides, these machines are running in our intranet behind a firewall and they all have an antivirus. ;) As to wannacrypt itself, you can easily removed it with Avast, but you can't recover your file without the decryption key.

Edited by FranceBB

Share this post


Link to post
Share on other sites

err I'd rather say if they left out NT 5x unpatched, that their statement would be how insecure they are
but it doesn't fly as obviously every NT up until latest "10" is insecured

funny thing is, nobody will take the blame, nor NSA nor MS
its disgusting

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...