Jump to content

Hotfixes For Windows XP Professional SP1

Aaron

By Aaron
in Unattended Windows 2000/XP/2003

 Share

Recommended Posts


muevelonyc

muevelonyc

Posted
Posted

Nah, I think we should keep this here since I know some people might not want all the restrictions that SP2 has. ie: in the workplace SP2 might cause some applications to fail, and in certain instances if you have Microsoft Systems Management Servers, the SMS Client on the end users PC may crap out

Link to comment
Share on other sites
muevelonyc

muevelonyc

Posted
Posted

OK - SP2 only replaces these updates:

• MS04-025 (867801) - Cumulative Security Update for Internet Explorer

• MS04-024 (839645) - Vulnerability in Windows Shell Could Allow Remote Code Execution

• MS04-023 (840315) - Vulnerability in HTML Help Could Allow Code Execution

• MS04-022 (841873) - Vulnerability in Task Scheduler Could Allow Code Execution

• MS04-018 (823353) - Cumulative Security Update for Outlook Express

• MS04-016 (839643) - Vulnerability in DirectPlay Could Allow Denial of Service

• MS04-015 (840374) - Vulnerability in Help and Support Center Could Allow Remote Code Execution

• MS04-014 (837001) - Vulnerability in the Microsoft Jet Database Engine Could Allow Code Execution

• MS04-013 (837009) - Cumulative Security Update for Outlook Express

• MS04-012 (828741) - Cumulative Update for Microsoft RPC/DCOM

• MS04-011 (835732) - Security Update for Microsoft Windows

• MS04-007 (828028) - ASN.1 Vulnerability Could Allow Code Execution

• MS04-004 (832894) - Cumulative Security Update for Internet Explorer

• MS04-003 (832483) - Buffer Overrun in MDAC Function Could Allow Code Execution

• MS03-049 (828749) - Buffer Overrun in the Workstation Service Could Allow Code Execution

• MS03-048 (824145) - Cumulative Security Update for Internet Explorer

• MS03-044 (825119) - Buffer Overrun in Windows Help and Support Center Could Lead to System Compromise

• MS03-043 (828035) - Buffer Overrun in Messenger Service Could Allow Code Execution

• MS03-041 (823182) - Vulnerability in Authenticode Verification Could Allow Remote Code Execution

• MS03-040 (828750) - Cumulative Patch for Internet Explorer

• MS03-039 (824146) - Buffer Overrun in RPCSS Service Could Allow Code Execution

• MS03-034 (824105) - Flaw in NetBIOS Could Lead to Information Disclosure

• MS03-032 (822925) - Cumulative Patch for Internet Explorer

• MS03-030 (814078) - Flaw in Windows Script Engine Could Allow Code Execution

• MS03-027 (821557) - Unchecked Buffer in Windows Shell Could Enable System Compromise

• MS03-026 (823980) - Buffer Overrun in RPC Interface Could Allow Code Execution

• MS03-024 (817606) - Buffer Overrun in Windows Could Lead to Data Corruption

• MS03-023 (823559) - Buffer Overrun in HTML Converter Could Allow Code Execution

• MS03-021 (819639) - Flaw in Windows Media Player May Allow Media Library Access

• MS03-020 (818529) - Cumulative Patch for Internet Explorer

• MS03-018 (811114) - Cumulative Patch for Internet Information Service

• MS03-015 (813489) - Cumulative Patch for Internet Explorer

• MS03-014 (330994) - Cumulative Patch for Outlook Express

• MS03-013 (811493) - Buffer Overrun in Windows Kernel Message Handling Could Lead to Elevated Privileges

• MS03-010 (331953) - Flaw in RPC Endpoint Mapper Could Allow Denial of Service Attacks

• MS03-008 (819696) - Unchecked Buffer in DirectX Could Enable System Compromise

• MS03-007 (815021) - Unchecked Buffer in Windows Component Could Cause Server Compromise

• MS03-005 (810577) - Microsoft Security Bulletin MS03-005

• MS03-004 (810847) - Cumulative Patch for Internet Explorer

• MS03-001 (810833) - Unchecked Buffer in Locator Service Could Lead to Code Execution

• MS02-072 (329390) - Unchecked Buffer in Windows Shell Could Enable System Compromise

• MS02-071 (328310) - Flaw in Windows WM_TIMER Message Handling Could Enable Privilege Elevation

• MS02-070 (329170) - Flaw in SMB Signing Could Enable Group Policy to be Modified

• MS02-068 (324929) - Cumulative Patch for Internet Explorer

• MS02-066 (328970) - Cumulative Patch for Internet Explorer

• MS02-063 (329834) - Unchecked Buffer in PPTP Implementation Could Enable Denial of Service Attacks

• MS02-062 (327696) - Cumulative Patch for Internet Information Service

• MS02-055 (323255) - Unchecked Buffer in Windows Help Facility Could Enable Code Execution

I'm pruning my svcpack.inf and hotfix.cmd and will let you know whats leftover...

Link to comment
Share on other sites
muevelonyc

muevelonyc

Posted
Posted

ok the ones left are:

Q824141 (29th September 2003)

Buffer Overrun in the ListBox and in the ComboBox Control Could Allow Code Execution

Q842773 (13th July 2004)

Update for Background Intelligent Transfer Service (BITS) 2.0 and WinHTTP 5.1

Q870669 (2nd July 2004)

Critical Update for Microsoft Data Access Components - Disable ADODB.Stream object from Internet Explorer

Q828026 (10th February 2004)

Update for Windows Media Player URL Script Command Behavior

Download - 2.77 MB

Still need to also install DirectX, Windows Media Player.

My svcpack.inf portion:

[setupHotfixesToRun]

Q824141.exe /Q /O /N /Z

Q842773.exe /Q /O /N /Z

Q870669.exe /Q:A /R:N

dxsetup.exe /silent

WMP9.exe

Q828026.exe /Q /O /N /Z

SP2.exe /Q /O /N /Z

qchain.exe

Hotfixes.cmd:

ECHO Installing .Net Framework

ECHO Please wait... (takes about a minute)

start /wait %systemdrive%\install\hotfixes\dotnetfx.exe /q /c:"install /q"

ECHO Completed.

Link to comment
Share on other sites
prathapml

prathapml

Posted
Posted

Nopes, something's wrong somewhere. SP2 fixes a truck-load of patches. Also, I haven't needed to install the "patches left". When I go to WU, it is totally happy, and shows *NO* update needed at at all - there's the optionals though - Journal Viewer, .NET framework, etc.

Sorry, but it looks like you got a fake - or maybe you got build 1213 or 2055 of SP2 - which was released way back in late 2003.:) Just re-download SP2 - links available on MSFN front-page - must be 266 MB.

Link to comment
Share on other sites
prathapml

prathapml

Posted
Posted
Nah, I think we should keep this here since I know some people might not want all the restrictions that SP2 has

Yes, you're right on that.

But even then, closing this thread conclusively is worth considering - tell me, does anyone really expect anymore fixes for SP1 (also called Pre-SP2 hotfixes)?

And the questions that are being asked about how to integrate Pre-SP2 hotfixes are all that would continue piling on this thread - which is a repeat of already discussed issues.

Link to comment
Share on other sites
GreenMachine

GreenMachine

Posted
Posted

As I understand it, Microsoft's Policy has always been to support the current SP, and the current SP-1. All new hotfixes (yes, there will be some even AFTER and FOR SP2) will have versions of the updated files for both SP1 and SP2, and no longer for XP Gold. SP1 should thus be supported until SP3 comes out, scheduled for sometime in ... 2007/2008?

So, if there is someone willing to do the updating, this thread can certainly be used for quite a while more. My suggestion would be to create a similar thread for SP2. For the non-believers, wait a month or two, when XPCREATE and the new hotfixes will be back in business!

Link to comment
Share on other sites
prathapml

prathapml

Posted
Posted

@GM-

Oh! :) I didn't know that. Thanks for the info.

Yup! It'd be good to do as you say. Lock this thread, and start a new one for SP2, the day the first hot-fix for SP2 appears. :D

@muevelonyc-

Something is going wrong majorly with your CD. Just slip-stream SP2. You don't need any hot-fix/update at all. Dump the [setupHotfixesToRun] in SVCPACK.INF - no, dump svcpack.inf itself, for now. With SP2 slip-streamed into XP Pro, the size of ISO stands at 579 MB. Do check what is happening to make your CD end up with 900 MB. :rolleyes:

Link to comment
Share on other sites
Alanoll

Alanoll

Posted
Posted
ok the ones left are:

Q824141 (29th September 2003)

Buffer Overrun in the ListBox and in the ComboBox Control Could Allow Code Execution

Q842773 (13th July 2004)

Update for Background Intelligent Transfer Service (BITS) 2.0 and WinHTTP 5.1

Q870669 (2nd July 2004)

Critical Update for Microsoft Data Access Components - Disable ADODB.Stream object from Internet Explorer

Q828026 (10th February 2004)

Update for Windows Media Player URL Script Command Behavior

Download - 2.77 MB

TO clear the confusion, let's go through this list.
Q828026 (10th February 2004)

Update for Windows Media Player URL Script Command Behavior

Download - 2.77 MB

SP2 contains WMP9 along with it's latest hotfix. Notice how the build number is higher?

Q870669 (2nd July 2004)

Critical Update for Microsoft Data Access Components - Disable ADODB.Stream object from Internet Explorer

MDAC 2.81 I believe is included? MDAC2.8 and before needed this patch.
Q824141 (29th September 2003)

Buffer Overrun in the ListBox and in the ComboBox Control Could Allow Code Execution

Q842773 (13th July 2004)

Update for Background Intelligent Transfer Service (BITS) 2.0 and WinHTTP 5.1

Weren't these included in the latest Cumulative Update for IE? If not, they're still included in SP2.

Service Packs are cumulative. They include the previous SP, and all Hotfixes that were created before the code was frozen. In this, ALL of them. SP usually don't contain Recommended patches unless they were originally included in the OS (WMP or DX).

DX9.0c is included in SP2, so you don't need to isntall that seperately. WMP9 is also included.

Juding from

SP2.exe /Q /O /N /Z

You're not slipstreaming but simply adding the entire 266 meg file to your CD. So that means you have the original 450 meg XP, the 120 meg (give or take) SP1, AND the 266 meg SP2. That's about 900 megs right? :)

Look here....

http://www.msfn.org/articles.php?action=show&showarticle=49

Start with a Fresh copy with no hotfixes or anythign added. Slipstream SP2. You won't need any hotfixes, but you want, you may include .NET framework, Journal Viewer, and HighMat. But that's up to you.

EDIT:

FYI- This is the list that contains ALL the fixes contained in SP2.

http://support.microsoft.com/default.aspx?...%5bLN%5d;811113

http://www.microsoft.com/technet/security/news/xpsp2.mspx

Link to comment
Share on other sites
muevelonyc

muevelonyc

Posted
Posted

Sorry, last question... To keep this thing modular (I want to leave the source as is on a network share on our intranet), could we use the plain XP CD and apply SP2.exe /Q /O /N /Z in the svcpack.inf? This way there won't be a need to rebuild a slipstream source everytime a new service pack comes out in the future.

Link to comment
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...