Jump to content

On decommissioning of update servers for 2000, XP, (and Vista?) as of July 2019


Recommended Posts

On 5/8/2021 at 11:52 AM, legacyfan said:

the fix has been found! here is the link to my project to archive all the sha2 code sign updates to fix windows updates...

You seem to think that Windows Update stopped working for Vista and earlier last year only because users did not install certain updates. What gave you that idea? Windows Update no longer works for Vista and earlier because Microsoft does not want it to work for them anymore. Dave-H and others in this thread have fully-updated XP systems, but Windows Update only gives them an error. If anyone reading this wants to update Vista, greenhillmaniac has a complete repository. As for Windows 7, the only update that has thus far been needed to get Windows Update working is SP1. Perhaps that will change today, but there is no immediate danger of Win7 updates being removed from the Catalog. :dubbio:

Link to comment
Share on other sites

  • 2 weeks later...


3 hours ago, Sampei.Nihira said:

I disagree.
Every vulnerability in my installed softwares known with remote code execution has been taken in examination, when not patched, and therefore submitted, when possible, to more mitigation and/or protection interventions.
This protection then includes any undiscovered vulnerabilities.
Even system vulnerabilities are no longer attackable by modern malware today.
It does not have the ability to act in a Windows XP OS, because it targets more modern OS and especially x64.

Well.. I didn't continue in the Roytam1 thread as you requested, but wanted to acknowledge that I also have very much the same mitigations in place to keep things in check. I agree its preventing the attack surface as best as possible without going overboard to cripple the system and becoming unusable.

as stated, I run OS: XP Pro x86 SP3 and monitor what is happening on my system diligently.

This test could be helpful and I have zero vulnerabilities from that know database. https://en.wikipedia.org/wiki/Common_Vulnerabilities_and_Exposures



Enjoy your Sunday everyone (whats left of it, anyway) :)

Edited by XPerceniol
Link to comment
Share on other sites

when ever i try to run windows update thru ie8 it keeps getting stuck trying to load some kind of fe2 windows update i don't know what its doing heres the website it keeps trying to load http://fe2.update.microsoft.com/microsoftupdate/v6/muoptdefault.aspx?returnurl=http://www.update.microsoft.com/microsoftupdate&ln=en-us


Edited by legacyfan
added a picture
Link to comment
Share on other sites

  • 3 weeks later...

FYI - I just generated a list of all updates (total = 21,348 links) related to 32-bit / 64-bit Windows XP by borrowing something from WSUS Offline Update:


Basically I just needed to get several files:

  • package.xml
  • gsort.exe
  • XSLT.vbs
  • xp.xsl

Download the latest version of http://download.windowsupdate.com/microsoftupdate/v6/wsusscan/wsusscn2.cab first, then run this to extract the file package.xml afterwards:

expand.exe wsusscn2.cab -F:package.cab .
expand.exe package.cab package.xml



Then I created my own file called xp.xsl and that's based on another file extract-update-cab-exe-ids-and-locations.xsl as follows:


Simply save it as xp.xsl and here's another copy:


<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:__="http://schemas.microsoft.com/msus/2004/02/OfflineSync" version="1.0">
  <xsl:output omit-xml-declaration="yes" indent="no" method="text" />
  <xsl:template match="/">
    <xsl:for-each select="__:OfflineSyncPackage/__:FileLocations/__:FileLocation">
      <xsl:if test="contains(@Url, 'windowsxp')">
        <xsl:value-of select="@Url" />

Finally put all files under the same directory and then run this, that's how I generated my own list of updates called xp.txt with 21,348 links:

cscript.exe //Nologo //B //E:vbs XSLT.vbs package.xml xp.xsl x.txt
gsort.exe -u -T . x.txt >xp.txt

Not sure if there were anything missing from the latest version of http://download.windowsupdate.com/microsoftupdate/v6/wsusscan/wsusscn2.cab or otherwise?

For instance, the oldest version of package.xml available should be https://web.archive.org/web/20051024011634/http://%E2%80%8Bdownload.windowsupdate.com/microsoftupdate/v6/wsusscan/wsusscan.cab and it's dated October 2005. Obviously the abandoned Microsoft JVM http://www.download.windowsupdate.com/msdownload/update/v3-19990518/cabpool/msjavwu_8073687b82d41db93f4c2a04af2b34d.exe could still be found inside that particular version of package.xml.

However, it's no longer available in the latest version of package.xml anymore.

Link to comment
Share on other sites

  • 4 weeks later...
On 4/26/2021 at 7:54 PM, Dave-H said:

Thanks, I didn't think that was the problem.
It's all a bit of a mystery though.
The last version of wsusscn2.cab which works for me is the one from November 2019.
The July 2020 version, even though it's supposed to still be SHA-1 signed, doesn't work, and nor do any of the other recent ones I've tried.
It is strange that the error I'm getting says "no signature", not "invalid signature".
I don't know if that is significant at all.
AFAIK my system is completely up to date, with no updates outstanding.

I may have found the cause of that failure. You could try stop the "automatic update" service, delete the "%windir%\SoftwareDistribution\AuthCabs" directory, or even the whole SoftwareDistribution directory (I didn't do that though it seems no harm), reboot (not sure if it is necessary), then the signature validation passes.

Link to comment
Share on other sites

Thanks, I might give that a try, although I'm pretty sure that I tried it on a cleaned SoftwareDistribution folder installation before ages ago and it still didn't work.

Link to comment
Share on other sites

  • 3 weeks later...
  • 1 month later...

Hey, just registered to let you know that I wrote a small utility to access what remains of windows update on fe2.update.microsoft.com directly from XP system.

Basically its an enhancement over IMI Kurwica WSUS proxy that contains full-blown HTTPS MITM proxy that handles rewriting requests to windows update on the fly and reencrypts responses with self-signed SHA1 cert. It also saves all requests and responses (with actual bodies) to disk so that it's possible to study them and recover whatever files downloaded through proxy for later.

I wrote it a couple of weeks ago and was able to update from OEM with SP2 to SP3 with few dozen security updates on top. Even things like windows search, security essentials and silverlight were available.

Code, compiled binaries and some instructions available at https://github.com/deeemen/wsusproxy/releases/

Feedback is appreciated and I hope it will be of use to somebody.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...