Windows 2K Security Updates

[urgan]

@Bilou

Some

1 - I don't apply 814078 anymore and I get no indication of hfnetchk that is needed.

I think (i'm not at my PC) the latest IE update installs a newer jscript.dll, and i'm still convinced the fact it appeared on windows update was a bug.

2 - Since you provided a fix for the 841356, I don't see the point in still applying the 839645, since MS04-037 replaces MS04-024 on all windows versions.

3 - I use 832353 instead of 828026, which is supposed to replace it, because we had some issues with it.

@GreenMachine, RayM, anyone:

I've it's possible to install IE6SP2 on XPSP1.

Have any of you tried it ?

Do you think it's possible to do it for 2000 ?

[Bilou_Gateux]

Last Review: April 30, 2004

Revision: 1.0

Microsoft Windows Media Player (all versions) for Microsoft Windows 2000

• FIX: Some URL script commands do not work after you apply the Windows Media update from Knowledge Base article 828026
  WindowsMedia-KB832353-ENU.EXE
  WindowsMedia-KB832353-DEU.EXE
  WindowsMedia-KB832353-FRA.EXE
  

Add the new hotfix in SVC-HF1, silent switch: /Q /U /O /N /Z

Thanks urgan for your tests & comments.

• 1/ can you give me the name of the last IE update that updates 814078 jscript.dll. Do you mean scripten.exe ?
  
• 2/ i will try to build a new 2KCreate without 839645. Both sp3res.dll version 5.0.2195.6928 and shell32.dll version 5.0.3900.6922 are newer in 841356 sp3res.dll version 5.0.2195.6970 and shell32.dll version 5.0.3900.6975
  
• 3/ i will try to build a new 2KCreate replacing 828026 by 832353 newer versions of msdxm.ocx old version 6.4.9.1128 new 6.4.9.1129, wmp.dll old version 9.0.0.3075 new 9.0.0.3093, wmpcore7.dll old version 7.10.0.3075 new 7.10.0.3076, wmpcore8.dll old version 8.0.0.4491 new 8.0.0.4492
  

[urgan]

@Bilou

Sorry for the long answer.

Regarding 814078 I'm guessing here:

in IE6 SP1 (scripten.cab) the jscript.dll is 5.6.0.6626 with 589.874 bytes

in KB814078 the jscript.dll is 5.6.0.8513 with 589.881 bytes

On MS03-008, on "Additional information about this patch" says:

"The fix for this issue will be included in Windows 2000 Service Pack 4 and Windows XP Service Pack 2.", even if

it doesn't appear on SP4 fixes list.

But, in the "Windows Script 5.6 for Windows 2000 and XP", available here:

http://www.microsoft.com/downloads/details...&displaylang=en

from September 2004, (a year later), with a package version 5.6.0.8825, jscript.dll is also 5.6.0.6626, like IE.

Searching Microsoft Security Bulletins, for IE6 SP1,IE6 gold, 2000 SP4 or even Windows Script 5.1 doesn't bring this update.

I know hfnetchk did mention it on vanilla 2000SP4 workstations, that's why I've used to include it in our "apply all critical updates" batch files,

but since it brought us nothing but problems (hotmail, windowsupdate - sometimes having to reapply) i'm dropping it.

On the other updates, I'm also checking what works for me, with a difference: since I like to have this "vaccine" batches, I don't really want to mess with the i386 source, just have a "plug-it" svcpack that can be adapted to be applied on live systems too.

I'll keep you informed if I find out anything useful, but you are the one doing a great job.

[urgan]

On the other hand, most articles I found say the version installed by IE6 is the one vulnerable, and there was even a discussion

here

about jscript.dll.

Also found out

- an exploit here saying that 5.6.0.8513 is also vulnerable (another one ,since it's posterior to MS03-008?)

- a post in microsoft.public.scripting.jscript

here saying 5..6.8515 is the last build

- and a clean 2000 sliptreamed with SP4 has 5.1.0.8513

So I guess if using IE6 one should apply the update anyway, since it changes it to a vulnerable version (unless it was patched by MS).

[Bilou_Gateux]

Date Published: September 18, 2004

Version: 5.6.0.8825

Windows Script 5.6 for Windows 2000 and XP

(1) Can be used instead of 814078 Critical update

download details

This download installs Microsoft® Windows® Script containing Visual Basic® Script Edition (VBScript.) Version 5.6, JScript® Version 5.6, Windows Script Components, Windows Script Host 5.6, and Windows Script Runtime Version 5.6.

scripten.exe

scriptde.exe

scriptfr.exe

@urgan

After extraction, i have found the jscript.dll and vbscript.dll are both version 5.6.0.8825 (same as scriptxx.exe package version).

Currently, the 814078 hotfix install jscript.dll version 5.6.0.8513

I'm going to replace 814078 hotfix with this package which is newer.

In your installation, scripten.exe is not applied correctly i believe or the WFP has restored the IE6SP1 jscript.dll version 5.6.0.6626.

Try to extract scripten.exe to temp folder, right click jscript.dll to verify the version.

path\scripten.exe /c /t:path\tmp\scriptfr

Edited December 18, 2004 by Bilou_Gateux

[Bilou_Gateux]

Current Hotfixes Windows 2000 Professional / Server List by GreenMachine

Last update date and list of changes

posted 19 September 2004

updated 28 September 2004

updated 7 November 2004

updated 9 November 2004

DEL Critical Update for Windows Media Player (All Versions) for Windows 2000, Windows XP, and Windows Server 2003 (KB828026)

ADD 832353 FIX: Some URL script commands do not work after you apply the Windows Media update from Knowledge Base article 828026

DEL Vulnerability in Windows Shell Could Allow Remote Code Execution (839645)

841356 updates both shell32.dll & sp3res.dll with newer versions

Credits to urgan for these suggestions and changes

[BaTLeZone]

@BatTLeZone

Can you run DXDIAG.EXE the first time you boot your fresh 2K install.

I get an error popup windows :

FRA : dxdiag.exe - point d'entrée introuvable

ENU : dxdiag.exe - Entry Point not Found

FRA : Le point d'entrée de procédure DdEntry1 est introuvable dans la bibliothèque de liaisons dynamique GDI32.DLL

ENU : The procedure entry point DdEntry1 could not be located in the dynamic link library GDI32.dll.

I would like to know if you get this error ?

Found the solution by googling

The procedure entry point DdEntry1 could not be located in the dynamic link library GDI32.dll.

Extract d3d8thk.w2k from dxnt.cab and copy to %windir%\system32

Then delete d3d8thk.dll from the c:/winnt/system32 folder.

Then rename the d3d8thk.w2k to d3d8thk.dll

Developpers @ M$ are unable to write patching routines that works...

Sorry I have been busy and not have been here much. I'll give it a try on next install and let u know.

I thought I would try out the XPCTHLST.TXT list u made with my 2000server for yucks but I keep getting this error and I do have SP4 install already.

-- 14:45:07 --> Looking for CD Source.

-- 14:45:07 --> Found local Boot Image.

-- 14:45:07 --> Setting up Run-Time Variables.

-- 14:45:07 --> Listing Hotfixes and Updates.

-- 14:45:08 --> Removing Previous Creation Directories.

-- 14:45:08 --> Removing TEMP Files.

-- 14:45:08 --> Creating TEMP directories.

-- 14:45:08 --> Determine Source Version.

-- 14:45:08 --> Found Source Version: 2KA

-- 14:45:08 --> Found Minor Version: 0

-- 14:45:08 --> Found Service Pack Version: 4

-- 14:45:08 --> Found Language Version: ENU

-- 14:45:08 --> Found Localization Version: English

-- 14:45:08 --> Hotfix Directory used: SP5

-- 14:45:08 --> Downloading Hotfix List.

-- 14:45:08 --> UPDATE.TXT/2KA/ENU/XPCTHLST.TXT

-- 14:45:12 --> Source not up to date. Need Service Pack.

-- 14:45:12 --> Cannot find SP .

-- 14:45:12 --> Downloading Service Pack.

Error: "Download Error on Service Pack."

Press Enter to Exit.

What am I doing wrong??

[Bilou_Gateux]

-- 14:45:07 --> Looking for CD Source.

-- 14:45:07 --> Found local Boot Image.

-- 14:45:07 --> Setting up Run-Time Variables.

-- 14:45:07 --> Listing Hotfixes and Updates.

-- 14:45:08 --> Removing Previous Creation Directories.

-- 14:45:08 --> Removing TEMP Files.

-- 14:45:08 --> Creating TEMP directories.

-- 14:45:08 --> Determine Source Version.

-- 14:45:08 --> Found Source Version: 2KA

-- 14:45:08 --> Found Minor Version: 0

-- 14:45:08 --> Found Service Pack Version: 4

-- 14:45:08 --> Found Language Version: ENU

-- 14:45:08 --> Found Localization Version: English

-- 14:45:08 --> Hotfix Directory used: SP5

-- 14:45:08 --> Downloading Hotfix List.

-- 14:45:08 --> UPDATE.TXT/2KA/ENU/XPCTHLST.TXT

-- 14:45:12 --> Source not up to date. Need Service Pack.

-- 14:45:12 --> Cannot find SP .

-- 14:45:12 --> Downloading Service Pack.

Error: "Download Error on Service Pack."

Press Enter to Exit.

Examining the log, i can says that the FINDVERSION routine of XPCREATE run without problem. SP4 is slipstreamed to your 2K source and value SP5 is assigned to variable.

Something strange in CHECKAUTO routine of XPCREATE, the path for downloading hotfix list looks like Download_url/sourcever/winlang/XPCTHLST.TXT

Yours is strange ?

[BaTLeZone]

yup everything is ok there. It worked with the one d/l from the net but it will not run using the local list.

-- 14:45:08 --> UPDATE.TXT/2KA/ENU/XPCTHLST.TXT

i changed this to:

DLURL=UPDATE.TXT

so i can use the local list. is this wrong?

[Bilou_Gateux]

I don't find the post where another user give the solution to use local XPCTHLST.TXT file.

In XPCREATE.INI the variable DLURL= should be set to something like file:///C|/HFLISTS

but wget don't like this kind of URL...

File URLs

[BaTLeZone]

Cool.....

but it did not work all it does is open the file. when i close it xpc then con't and skips over the d/l section.

Oh well don't worry about it maybe greenmachine will add an option to the next ver of xpcreate so one can use a local list. (hint hint)

[urgan]

I have downloaded the french "Windows Script 5.6 for Windows 2000 and XP" scriptfr.exe version 5.6.0.8825 date published 9/18/2004.

Hi Bilou_Gateux,

I feel a bit stupid, I somehow saw 5.6.0.6626 yesterday (maybe I had too many properties windows opened, or unpacked the wrong update).

So do you think it's a good replacement then ?

I know it sure makes sense, that's why brought the question earlier in this thread.

I've Built a CD (by hand, not XPCreated) and it worked. no issues on hfnetchk, no critical updates in windowsupdate. Got two IE icons in quick launch bar, though.

@GM

Anything changed in IE packer, I mean should I drop IEGO.EXE as I think it runned twice ?

If everything is working now, couldn't you do a sticky with this list of updates, svcpack, etc. At least untill you updates you site ?

Great work, Bilou_Gateux (sorry i was calling you Bilou).

I only want to solve the problem with 841356 without modifing the SP4 slipstreamed I386 source now. I was thinking, how about adding "d1=\I386\SVCPACK", putting correct "SHLWAPI.DL_" there, it should work ?

[Bilou_Gateux]

@urgan

My last build includes "Windows Script 5.6 for Windows 2000 and XP" scriptfr.exe version 5.6.0.8825 and i have deleted "JScript 5.6 Security Patch for Windows 2000 and XP (814078)" js56nfr.exe in SVC-HF2 folder.

no critical updates in windowsupdate after installation on my test box.

GreenMachine

@urgan: I have not tried that update, but as you can see, I have no JScript issues. I'll add it to my To Do list to look into it. THanks for pointing it out.

Until GM make his own check, i will wait before editing XPCTHLST.TXT HotFixes List but it's a good replacement.

I should also ADD the last "Cumulative Security Update for Internet Explorer (834707)" or better "873377 An update rollup is available for Internet Explorer 6 Service Pack 1" to the list but maybe should i wait the release of the new XPCreate version.

[GreenMachine]

Or just Loubi, in verl'en!

I haven't forgotten this thread, just quite busy. You seem to be doing fine without me!

[Bilou_Gateux]

About 818043 update, I've noticed that it's not necessary to slipstream the 56BIT subfolder and add this line to DOSNET.INF :

d1,56BIT\ipsec.sys

There are severe restrictions on the export of "strong" cryptography.

the strength of the authentication (e.g. 128 bits) is reduced to that of encryption

(e.g., 56 bits) for particular countries.

818043\ipsec.sys IPSEC Driver (US/Canada Only, Not for Export)

818043\56BIT\ipsec.sys IPSEC Driver (Export Version)

Copy and paste content of file below to %PREPDIR%_818043.cmd and launch it:

_818043.txt