Jump to content
Strawberry Orange Banana Lime Leaf Slate Sky Blueberry Grape Watermelon Chocolate Marble
Strawberry Orange Banana Lime Leaf Slate Sky Blueberry Grape Watermelon Chocolate Marble

MSFN is made available via donations, subscriptions and advertising revenue. The use of ad-blocking software hurts the site. Please disable ad-blocking software or set an exception for MSFN. Alternatively, register and become a site sponsor/subscriber and ads will be disabled automatically. 


Sampei.Nihira

End of POSReady 2009 Patches: What to Do?

Recommended Posts

Posted (edited)
33 minutes ago, Mathwiz said:

Here's a link to the MAFF/MHTML add-on for FF 52: http://maf.mozdev.org/installation.html. Click "final version" to download and install. "Previous versions" link appears broken, but previous versions are available via the Classic Add-ons Archive (which is itself an add-on!)

Should work on all UXP and Moebius browsers (FF 52.x/PM/NM/Basilisk/Serpent). You can then set your FF-family browser as the default for opening .mht[ml] files as above.

If you use the IE Tab 2 extension, make sure to delete the rule that causes .mht[ml] files to open in an IE tab; otherwise they'll still be opened with IE and still be vulnerable to the exploit!

Edit: Alternatively, I believe Opera 12.18 will open .mht[ml] files. Not sure about later, Chromium-based versions of Opera.

Wow thanks, that's great!
:thumbup
Yes, Opera 12 does handle .mht[ml] files.
The later Chromium versions probably don't, at least my copy of Opera 36 (the last XP compatible version) doesn't.
They may have added the capability in later versions, but I don't think so.
:)

Edited by Dave-H
Quote added as post has appeared on a new page

Share this post


Link to post
Share on other sites

The add-on's options dialog has a warning that can be ignored:

c.PNG.555c1d13536d0c781ef0d6ae3b129c9b.PNG

Of course, that warning actually applies only to Firefox, which no longer runs the add-on as of FF 57. "Serpent" add-on technology is not "modernizing;" that was the whole point of forking the browser in the first place! So go ahead and enable the "Save Page In Archive" option; there's nothing to fear.

  • Like 1

Share this post


Link to post
Share on other sites

Regarding the title of this thread, something just occurred to me: once you've installed all the updates you intend to, now would be a good time to make a full system backup. That way, if you ever need to restore, you'll be able to restore a fully-patched system and not have to worry about whether Windows Update still works for XP.

  • Like 5
  • Upvote 1

Share this post


Link to post
Share on other sites
7 minutes ago, Mathwiz said:

now would be a good time to make a full system backup

Wise words.

Share this post


Link to post
Share on other sites

Indeed so.
I make a full iso backup of my Windows 10 drive every week, as the facility is built-in there.
I think it's time to make one of my Windows XP drive too!
:yes:

  • Like 1

Share this post


Link to post
Share on other sites
17 hours ago, Mathwiz said:

Regarding the title of this thread, something just occurred to me: once you've installed all the updates you intend to, now would be a good time to make a full system backup. That way, if you ever need to restore, you'll be able to restore a fully-patched system and not have to worry about whether Windows Update still works for XP. 

And then with my portable version of CCleaner 5.21.5700 proceed to remove what is highlighted by the arrow:

oveJ18MP_o.jpg

  • Like 1

Share this post


Link to post
Share on other sites

PSExec v2.11 is not available at that link. Only the latest version. Worse, most of the Web pages I've found link back to the page you linked above.

I did find v2.11 courtesy of the Wayback Machine: https://web.archive.org/web/20151204023615/https://download.sysinternals.com/files/PSTools.zip

Amazing - in less than a week, M$ has:

  • Terminated Skype 7.36 (last XP-compatible version)
  • Terminated Internet games for XP
  • Released an Office 2010 "security" update that breaks Office 2010 compatibility with XP (admittedly not the first update that's done so, but I think it's the first "security" update that does)

And in a couple of months, Windows Update will be shut down too. XP users are truly on our own now.

I wasn't originally very worried about EoS, but m$ has gone way beyond just not supporting it any more - they're actively trying to sabotage it in any way possible. :realmad:

BTW, I suspect Win 7 users can look forward to the same "treatment" in just a few more months. :crazy:

  • Like 1

Share this post


Link to post
Share on other sites
14 minutes ago, PROBLEMCHYLD said:

This is why I started learning Linux and now looking into BSD.

Same here. My next machine will be debian x64 / TrueOS (= FreeBSD x64) double boot. And I'm giving it a VirtualBox on each, to run XP SP3 from, so as not to stop using the XP programs I love. But browsing and new programs will be on unix, as soon as both XP and 7 become unusable. I hope to have that new machine up and running before Thanksgivings. For now I'm still deciding about the hardware and looking for good deals. I'm in no hurry, though, 'cause 7 should go at least up to 2021, and XP SP3 on bare iron maybe just as long, if not more.

Share this post


Link to post
Share on other sites
Posted (edited)

Linux bores me.

When my daughter went to middle school, she was the only student in her school to have a PC with a Linux OS.
I'm not telling you the difficulty of having software compatible for exercises !! 

Has been a long time..........:(

Edited by Sampei.Nihira

Share this post


Link to post
Share on other sites
On 4/13/2019 at 10:45 AM, Sampei.Nihira said:

A support finished i would advise MSFN members to launch at least browsers used with limited-user privileges with PsExec

With XP it is necessary to use the ver. 2.11 of PsExec.:

 

https://docs.microsoft.com/en-us/sysinternals/downloads/psexec

MKRdqnoU_o.jpg

Discovered an unpleasant side effect of using PSExec to launch your browser: It's unable to open any folders! For example, you can't open the folder containing your last download, or your profile folder in about:profiles.

Hardly a show-stopper, if you feel the added security is worth the relatively minor inconvenience, but it is something to be aware of.

Share this post


Link to post
Share on other sites
Posted (edited)
15 hours ago, bluebolt said:

I don't think we're falling behind at all.  Does the vulnerability even exist if Remote Desktop is disabled in services (not to mention that it is now patched)?

If this is such a "very bad sign" (as the wired.com article says), with "similarly devastating implications" to WannaCry (as it also says), I would simply remind that WannaCry turned out to be ineffective against Windows XP, contrary to early reports.

https://www.theverge.com/2017/5/30/15712542/windows-xp-wannacry-protect-ransomware-blue-screen

 

Yes - all vulnerabilities exist regardless of whether or not they are exploited.

Disabling RDS doesnt patch the code (remove the vulnerability) - the insecure code is still there, just not active:  as soon as RDS is enabled, the (unpatched) vulnerability can be exploited.

There is a significant distinction between vulnerabilities and exploits - vulnerabilities are actual defects (bad code/code design) in the software (Window's RDP/RDS implementation) - exploits are the specific tools/processes that use the vulnerabilities for effect (DoS, privilege escalation, remote access, etc).

The article you cited ambiguously references this distinction - the exploit tool ("the most common version of wannacry") was coded/designed in a way that that was mostly ineffective against XP remotely (locally it was just as effective).

In other (specific) words, XP had the same SMB code vulnerability(ies) as later versions of Windows , but the specific implementation of EternalBlue via the most common WannaCry code was, ironically, buggy and defective relative to XP's SMB implemention, and thus was relatively ineffective (especially when executed remotely). 

This might have even been "intentional", since at the time of WannaCry XP's market share was in the single digits and the code may have been optimized for 7/8/10/2008/2012 (covering more than 90% of Windows installs).

Buggy/flawed/defective exploit code is just as common as buggy/flawed/defective vulnerability code and often serves as a limiting factor in the propagation and spread of malware - going back as far as malware has existed, long prior to the existence of networks or the internet.  In fact almost every "internet worm" of note was/has been vastly limited in its propagation and damage due to this often un/der-reported "buggy malware" fact.

Malware/exploit authors are just as (if not more so) prone to write/design buggy/flawed/defective code as the original target code authors - and we can be thankful for that. 

Just imagine if malware authoring was an industry where highly efficient/effective exploit coding services were up for bidding by corporations, governments, criminal syndicates...oh..wait..never mind.

 

Edited by XPPOS2009
  • Like 3

Share this post


Link to post
Share on other sites
Posted (edited)

t is not an inconvenience, it is an advantage.:thumbup


If you can't do it, not even malware can do it.

Act maliciously by means of the browser to modify sensitive areas of the system.
I don't know if you remember this 3D:


With the browser running with limited rights it was not even possible to write the registry keys.

Edited by Sampei.Nihira

Share this post


Link to post
Share on other sites
17 hours ago, Mathwiz said:

Discovered an unpleasant side effect of using PSExec to launch your browser: it's unable to open any folders.... Hardly a show-stopper, if you feel the added security is worth the relatively minor inconvenience, but it is something to be aware of.

 

5 minutes ago, Sampei.Nihira said:

t is not an inconvenience, it is an advantage.:thumbup


If you can't do it, not even malware can do it. 

Preventing the writing of registry keys is one thing, but why would malware want to open a folder window, and what possible security exposure would that pose if it did?

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...