Technical Discussion
  >> Windows Issues


Register (or login) on our website and you will not see this ad.


Pages in this thread: 1 | 2 | 3 | 4 | 5 | (show all)   Print Thread
Standard User meditator
(fountain of knowledge) Sun 14-May-17 12:10:41
Print Post

What's the URL of the latest Windows Update website?


[link to this post]
 
Besides a Mac, I also have an old Windows XP 32-bit machine, with IE8, on my home network. Since Microsoft stopped supporting WinXP in 2013 for all but commercial versions, I've not used it for Web access, except for keeping Microsoft's 'Security Essentials' (MSE) antivirus utility up-to-date (I gather it's similar to Windows Defender and Microsoft have continued support for MSE under WinXP). I might emphasise that it's my Mac only that I use for browsing the Web and for e-mail. I keep the XP machine purely for running a couple of important third-party apps that can only be run on a Windows machine only.

Clearly, potentially my XP machine is vulnerable to the WannaCrypt attack, and news on Friday that Microsoft had issued an emergency update for not only Windows 8, 9, 10 etc but also for older WinXP users made me search - using my Mac - for where that update might be available. However, the only thing I could find was a link for the required update file (the version needed for WinXP x86) in this:

https://blogs.technet.microsoft.com/msrc/2017/05/12/...

The link in that blog article (for the required WinXP x86 file), one of many links there for different Windows editions, turned out to be a link to a Microsoft .exe file. (Remember, I was doing this on the Mac). I did nothing with it, incidentally. With many sites spoofed these days, I couldn't be 100% certain that that technet site was totally genuine, though the above URL looks okay, doesn't it?

The wording there seems to say that if you're running either Windows Defender or MSE and it's more up-to-date than v.1.243.297 you're safe; the antivirus will stop the infection from running. My MSE is, right now, v.1.243.338.0, so it rather looks as though my XP machine is covered in that respect. But some of you on these forums seem to be suggesting that that's not the whole story and that in fact the process will be triggered if an antivirus scan is run!

Clearly, I'll feel much safer about the whole thing if I can acquire that special WinXP update just issued by Microsoft and apply it. The problem, however, is that when I now try Windows Update on the XP machine, I just get a browser error page saying that the site cannot be accessed. Possibly, this is because of the IE8 being too out-of-date (as far as I can gather, since Microsoft stopped supporting XP no further IE's were possible for XP users). So, can anyone tell me the URL of the present-day Windows Update website (not the Microsoft Download Centre)? Is there one, as such, any longer?
Standard User BatBoy
(sensei) Sun 14-May-17 14:12:57
Print Post

Re: What's the URL of the latest Windows Update website?


[re: meditator] [link to this post]
 
Pity you and the NHS didn't take my advice back in January http://forums.thinkbroadband.com/security/t/4523671-...
Standard User meditator
(fountain of knowledge) Sun 14-May-17 16:09:56
Print Post

Re: What's the URL of the latest Windows Update website?


[re: BatBoy] [link to this post]
 
Well, that's as may be, but the point I'm making is that all the publicity these last few days about Microsoft issuing an emergency patch for this piece of malware, and aimed not just at users of recent editions of Windows but also at users of legacy OSs like WinXP, counts for absolute nought if Microsoft simply doesn't inform WinXP users where they can download it! There's not much point in telling legacy XP users to use Windows Update to get it if the mechanism for getting updates has changed in the last few years.

I've long since stopped using my WinXP machine for interacting with the Web. In fact, it's powered off for about 98% of the time and is used only for offline work. Therefore, my need for protection against this kind of malware is perhaps questionable. However, I'd still feel a lot happier if I could obtain the genuine patch and apply it.

Of course, you can't access many Microsoft bulletins and the Windows Update website (if it still exists), to try to find out more, with a Mac, because those sites are designed to not respond to Macs and the Safari browser.

With the Mac, I managed to find a file 'WindowsXP-KB4012598-x86-Embedded-Custom-ENU.exe' (666KB), at https://www.microsoft.com/en-us/download/details.asp... but whether that's the patch referred to I simply don't know. If it is, I should be able to boot up my WinXP machine, go there, and download and install it.


Register (or login) on our website and you will not see this ad.

Standard User BatBoy
(sensei) Sun 14-May-17 16:13:26
Print Post

Re: What's the URL of the latest Windows Update website?


[re: meditator] [link to this post]
 
I think if you apply the fix I posted about to your XP system you would be automatically be updated.

Or https://blogs.technet.microsoft.com/msrc/2017/05/12/...
Standard User Banger
(eat-sleep-adslguide) Sun 14-May-17 19:14:47
Print Post

Re: What's the URL of the latest Windows Update website?


[re: meditator] [link to this post]
 
http://www.catalog.update.microsoft.com/Search.aspx?...

Tim
www.uno.net.uk & freenetname
Asus DSL-N55U and TP-Link WD9970 on 80 Meg LLU Fibre
http://www.thinkbroadband.com/speedtest/results.html...

Current Sync: 68696/18766
Standard User Pipexer
(eat-sleep-adslguide) Sun 14-May-17 21:19:51
Print Post

Re: What's the URL of the latest Windows Update website?


[re: meditator] [link to this post]
 
In reply to a post by meditator:
Clearly, potentially my XP machine is vulnerable to the WannaCrypt attack

probably not - unless you have exposed Windows File and Print sharing directly to the internet from your XP machine. Assuming you haven't, the machine is no more or less vulnerable than any other OS really.

The vulnerability is how the virus replicates to other machines (generally) inside a corporate network. Consumer machines are not normally exposed in this manner and they are vulnerable in a different manner (the same manner thatt the malware makes initial entry onto a corporate network - i.e. by email or an internet link), stopping it via those manners is the job of the antivirus not an OS patch.

ZeN Fibre Unlimited 2
Standard User meditator
(fountain of knowledge) Sun 14-May-17 23:09:06
Print Post

Re: What's the URL of the latest Windows Update website?


[re: Banger] [link to this post]
 
Banger, thanks for pointing me in the right direction.

Any idea what the difference is between WinXP and WinXP Embedded, as there are two instances there of the update file?

If you click on the FAQ there, at top-left, it's stated that updates in 'the catalog' are those designed for distribution across a corporate network; for non-corporate situations it's recommended instead to use Windows Updates from the PC itself. Unfortunately, clicking on Windows Updates on my machine simply gives me a blank screen with a selection of different reasons for it, all of no help. So, possibly the two instances we see in this catalog are not appropriate for me. However, since Microsoft has especially issued the update to protect legacy WinXP machines that otherwise wouldn't get that protection, perhaps it's safe to assume that the non-embedded version in the catalog is indeed the one I need?

What I'm particularly anxious to do is not to apply anything that could conceivably cause my WinXP SP3 to permanently malfunction or become unstable, because the integrity of the apps that I use are absolutely critical to the occasional offline project work that I do on that machine. Those apps certainly aren't replaceable any longer. If they become damaged or otherwise unusable, I won't be able to roll back to the prior situation because whereas some years ago I used to have a comprehensive backup arrangement for my WinXP machine, I removed that when I stopped using WinXP on the Web in 2013.

Edited by meditator (Sun 14-May-17 23:12:05)

Standard User Banger
(eat-sleep-adslguide) Sun 14-May-17 23:17:49
Print Post

Re: What's the URL of the latest Windows Update website?


[re: meditator] [link to this post]
 
The non-embedded version is what you need, seemed ok on my multi XP Win 10 boot machine, embedded is for ATMs.

Tim
www.uno.net.uk & freenetname
Asus DSL-N55U and TP-Link WD9970 on 80 Meg LLU Fibre
http://www.thinkbroadband.com/speedtest/results.html...

Current Sync: 68696/18766
Standard User meditator
(fountain of knowledge) Sun 14-May-17 23:23:24
Print Post

Re: What's the URL of the latest Windows Update website?


[re: Pipexer] [link to this post]
 
I've known about the vulnerabilities of Windows File and Printer Sharing across networks for quite a number of years, and even well before XP went 'off air' in 2013 I had it disabled on my machine.
Standard User meditator
(fountain of knowledge) Mon 15-May-17 14:06:48
Print Post

Re: What's the URL of the latest Windows Update website?


[re: Banger] [link to this post]
 
Banger,

How long ago was it when you downloaded that WinXP patch? Was it in the last few days? I've downloaded it (the non-embedded version) to the Desktops of both my Mac and my XP machine (for comparison purposes), but the name of the file in both cases is quite extraordinary:

windowsxp-kb4012598-x86-custom-enu_eceb7d5023bbb23c0dc633e46b9c2f14fa6ee9dd.exe

Did you get a filename also consisting of that long string? Does this seem right to you? Might this length of filename perhaps be prevented from executing on my 32-bit machine?
Standard User Banger
(eat-sleep-adslguide) Mon 15-May-17 15:29:46
Print Post

Re: What's the URL of the latest Windows Update website?


[re: meditator] [link to this post]
 
Yes that's it, Win XP support 256 character file names and it ran ok on my XP 32 bit machine that is the official patch.

Tim
www.uno.net.uk & freenetname
Asus DSL-N55U and TP-Link WD9970 on 80 Meg LLU Fibre
http://www.thinkbroadband.com/speedtest/results.html...

Current Sync: 68696/18766
Standard User meditator
(fountain of knowledge) Mon 15-May-17 16:32:31
Print Post

Re: What's the URL of the latest Windows Update website?


[re: Banger] [link to this post]
 
Oh, OK.

Can't think why Microsoft thought it necessary to use such an inordinately long and seemingly randomised character string for the filename. Perhaps the employee who was responsible for making the file available on that and on one or two other parts of the microsoft site fell asleep on to his/her keyboard just as he/she was doing it?! Heh, heh, heh!

If the predictions are to be believed, this bit of malware will be only the start of a collection of variants, so conceivably a single patch might not be enough by Microsoft
Standard User Banger
(eat-sleep-adslguide) Mon 15-May-17 16:40:34
Print Post

Re: What's the URL of the latest Windows Update website?


[re: meditator] [link to this post]
 
There is already another variant of the virus in the wild, important to keep any anti virus up to date I think MS Security Essentials is still supported on XP and kept up to date.

My feeling is once you have patched the machine, other variants will have difficulty infecting the machine until a new exploit is found. But I may be wrong on this.

Tim
www.uno.net.uk & freenetname
Asus DSL-N55U and TP-Link WD9970 on 80 Meg LLU Fibre
http://www.thinkbroadband.com/speedtest/results.html...

Current Sync: 68696/18766
Standard User caffn8me
(eat-sleep-adslguide) Tue 16-May-17 03:24:39
Print Post

Re: What's the URL of the latest Windows Update website?


[re: meditator] [link to this post]
 
In reply to a post by meditator:
Can't think why Microsoft thought it necessary to use such an inordinately long and seemingly randomised character string for the filename.
The 40 character string immediately before the file extension is the SHA-1 checksum of the file which means anyone can check its integrity.

On a Windoze box you can do this using the Microsoft File Checksum Integrity Verifier - which you can download for free.

Sarah

--
If I can't drink my bowl of coffee three times daily, then in my torment, I will shrivel up like a piece of roast goat

Spiders on coffee - Badass spiders on drugs

Edited by caffn8me (Tue 16-May-17 03:26:19)

Standard User meditator
(fountain of knowledge) Tue 16-May-17 12:17:13
Print Post

Re: What's the URL of the latest Windows Update website?


[re: Banger] [link to this post]
 
Yes, I think I mentioned earlier that, although in 2013 Microsoft ceased support - for all but certain commercial instances - of WinXP, they continued with support for MSE. On my XP machine, even if I don't bother to manually download the latest MSE definitions, it happens in the background anyway. That's providing I have my XP machine online rather than offline, of course. So, over the last few years, although I've not been getting any WinXP updates I have been getting MSE updates on occasions. But whether or not that's good enough alone to protect my machine against this Wannacrypt and similar malware I don't know. One technical article by Microsoft that I read the other day seems to suggest that it will be good enough; apparently, both Windows Defender and MSE are equipped with the necessary detection.
Standard User meditator
(fountain of knowledge) Tue 16-May-17 12:46:34
Print Post

Re: What's the URL of the latest Windows Update website?


[re: caffn8me] [link to this post]
 
caffn8me,

Ah, well that's interesting. But then why has this long string been applied to just the patch file for the non-embedded version of Windows XP SP3 and no other, I ask myself? Why on earth was it necessary to include the checksum in the actual filename? That looks like an encryption string! Surely, it could just have easily been put inside the file, and with an explanation of what it was?

A downloadable checksum verifier? Well, I'm afraid I for one won't be downloading the verifier. As I think I explained earlier, the status of my XP machine is such that I steer clear of using it for any Web access (other than getting MSE updates). Thanks for letting us all know about that, though. Much appreciated.

Actually, I've just chanced upon the website of the National Cyber Security Centre. In a brief statement, they're advising users of legacy Windows to use Windows Update to get the patch. Well, that's fairly naff advice because, as far as I can gather, Microsoft stopped access to WU for manual accesses some time last year. Clearly, that explains why I myself can no longer use my XP machine to access the WU website. Possibly, if you change the updating on the machine to automatic it might then work, but then you'll probably get all the other XP updates downloaded that have existed over the years and many of which, for one reason or another, were rejected by you for inclusion (operational issues with applications, genuine bugs in the updates, etc).
Standard User caffn8me
(eat-sleep-adslguide) Tue 16-May-17 14:23:29
Print Post

Re: What's the URL of the latest Windows Update website?


[re: meditator] [link to this post]
 
In reply to a post by meditator:
Surely, it could just have easily been put inside the file, and with an explanation of what it was?
On a technical level, you can't put the hash value in the file because changing the file to put the hash inside it changes the hash of the file itself and they will no longer match.

What a hash value does is to give you a way of comparing the contents of one file to another to ensure that they are the same. If a single change is made to a file, the hash changes, which tells you that the file has been tampered with. It doesn't tell you what has been changed, just that it has been.

As an example, I've copied and pasted your first post into a plain text file. The SHA-1 hash of that file is 03bd41409bb045016ef6ae5ef5e7b062e2814c38

When I edit it such that there is no obvious visble change, by removing the space after the final word, 'longer?', the hash changes completely to d64527d3ef3f54eb20b741a712ca190b111e0bb6

You can see immediately that the two files are different because the hash values are different.

These files are a different length as the second file is one character shorter so you might be able to detect there has been a change just by looking at the file size (2534 bytes vs 2535).

What if I put a space back at the end of a different line to make the original file and the modified file exactly the same length? You still won't know it's been modified just by looking at it quickly and you can't tell by the file size. I now get a hash of d89e6dbcd32e5faa8ebbfaddd4369d905dd803c1 - which is different again.

Apart from the technical reason you can't include a hash for a file within the file, you also don't want to do that because it would mean having to open the file to view the hash value.

The aim of generating and publishing a hash for a file is so that you can check it hasn't been altered, e.g. to include malicious code. If there is malicious code you want to know before you open the file.

As for why Microsnot has chosen to include the SHA-1 hash in some file names but not others, I don't know. Newer operating systems may have different mechanisms for verifying the integrity of patches which XP doesn't - digital signatures, for example.

Sarah

--
If I can't drink my bowl of coffee three times daily, then in my torment, I will shrivel up like a piece of roast goat

Spiders on coffee - Badass spiders on drugs
Standard User TinyMongomery
(knowledge is power) Tue 16-May-17 14:34:19
Print Post

Re: What's the URL of the latest Windows Update website?


[re: caffn8me] [link to this post]
 
In reply to a post by caffn8me:
On a technical level, you can't put the hash value in the file because changing the file to put the hash inside it changes the hash of the file itself and they will no longer match.
Even if you could, it would rather defeat the purpose if you had to open the file to get the hash value.

==================================
Sovereignty really does mean sovereignty
Standard User caffn8me
(eat-sleep-adslguide) Tue 16-May-17 14:39:01
Print Post

Re: What's the URL of the latest Windows Update website?


[re: TinyMongomery] [link to this post]
 
Which I may just have mentioned later in my post wink

Sarah

--
If I can't drink my bowl of coffee three times daily, then in my torment, I will shrivel up like a piece of roast goat

Spiders on coffee - Badass spiders on drugs
Standard User TinyMongomery
(knowledge is power) Tue 16-May-17 14:41:14
Print Post

Re: What's the URL of the latest Windows Update website?


[re: caffn8me] [link to this post]
 
Oops. So you did.

==================================
Sovereignty really does mean sovereignty
Standard User ian72
(eat-sleep-adslguide) Tue 16-May-17 14:49:02
Print Post

Re: What's the URL of the latest Windows Update website?


[re: meditator] [link to this post]
 
But whether or not that's good enough alone to protect my machine against this Wannacrypt and similar malware I don't know


I don't believe it is. It depends on which route you got it but if it came in via the SMBv1 unpatched vulnerability then I don't believe MSE would ever see it to be able to stop it. Plus, MSE is only able to stop things it already knows about - for a time it would be a "zero day" vulnerability and so MSE wouldn't know how to detect it for at least a number of hours.

Keeping systems patched and malware checkers up to date and firewalls properly configured are all part of the process - also not being caught by social engineering such as phishing emails. And once you've done all that you could still get caught out...
Standard User meditator
(fountain of knowledge) Tue 16-May-17 15:32:58
Print Post

Re: What's the URL of the latest Windows Update website?


[re: ian72] [link to this post]
 
The Microsoft article to which I referred stated that Windows Defender and MSE would both detect the malware. The author gave a definition version no. beyond which the user's machine, if using either of these clients, would be safe. I checked and, with the latest updates that MSE did on Friday last when I turned the XP machine on, my MSE was well up-to-date.

My thoughts thereafter centred on finding a way to get the Windows update that Microsoft and the broadcasting media were all talking about, as I preferred a belt-and-bracers approach.
Standard User meditator
(fountain of knowledge) Tue 16-May-17 15:48:36
Print Post

Re: What's the URL of the latest Windows Update website?


[re: caffn8me] [link to this post]
 
Ah, but aren't you assuming that the download could only ever consist of a single file? Instead, the downloaded file could be made a zip, say, containing not only the active file itself but also a separate text file. And so surely the hash value of the active file (the ubiquitous upgrade, in this instance) could be given in that text file - preferably, with an explanation? Why put people off and raise their suspicions by including something in the filename that looks like an encryption? That's just bad PR. Remember, this has been a special, one-off update file that's been issued. There'll be lots of users, I'm sure, who'll be unfamiliar with the naming of files in this way.
Standard User TinyMongomery
(knowledge is power) Tue 16-May-17 15:50:04
Print Post

Re: What's the URL of the latest Windows Update website?


[re: ian72] [link to this post]
 
Although an SMB vulnerability is hardly likely to affect a home user. The malware could on reach them via an email.

==================================
Sovereignty really does mean sovereignty
Standard User ian72
(eat-sleep-adslguide) Tue 16-May-17 16:01:07
Print Post

Re: What's the URL of the latest Windows Update website?


[re: TinyMongomery] [link to this post]
 
Why wouldn't it? The ability to share files between windows machines has been around since windows for workgroups. When connecting to a new network windows will ask if you want to enable file sharing. So, even if someone doesn't know it they will have SMB enabled in the background - they don't have to be actively using it.

At present it appears they haven't been able to find how the vulnerability got in to networks - they have no patient zero identified to find out if it was email, dodgy website, bad firewall settings, etc. Once inside a home network via any of these routes it could infect any other windows devices on that network using the SMB vulnerability.
Standard User caffn8me
(eat-sleep-adslguide) Tue 16-May-17 16:08:00
Print Post

Re: What's the URL of the latest Windows Update website?


[re: meditator] [link to this post]
 
In reply to a post by meditator:
Ah, but aren't you assuming that the download could only ever consist of a single file? Instead, the downloaded file could be made a zip, say, containing not only the active file itself but also a separate text file. And so surely the hash value of the active file (the ubiquitous upgrade, in this instance) could be given in that text file - preferably, with an explanation? Why put people off and raise their suspicions by including something in the filename that looks like an encryption? That's just bad PR. Remember, this has been a special, one-off update file that's been issued. There'll be lots of users, I'm sure, who'll be unfamiliar with the naming of files in this way.
You would want a hash value for the zip file itself to ensure it hadn't been tampered with. If you can tamper with an executable file included as part of a zip, you can tamper with the text file in the zip that contains the hash value.

Sarah

--
If I can't drink my bowl of coffee three times daily, then in my torment, I will shrivel up like a piece of roast goat

Spiders on coffee - Badass spiders on drugs

Edited by caffn8me (Tue 16-May-17 16:09:18)

Standard User ian72
(eat-sleep-adslguide) Tue 16-May-17 16:10:58
Print Post

Re: What's the URL of the latest Windows Update website?


[re: caffn8me] [link to this post]
 
Or consider the fact that if I want to tamper with the file I can change it and then just rename it with the new hash...

Unfortunately if you can tamper with the file then renaming it is child's play.

Pretty sure hashes were originally used to ensure the file hadn't corrupted in transmission rather than to prove it hadn't been changed by a malicious actor.

Edited by ian72 (Tue 16-May-17 16:11:54)

Standard User caffn8me
(eat-sleep-adslguide) Tue 16-May-17 17:19:03
Print Post

Re: What's the URL of the latest Windows Update website?


[re: ian72] [link to this post]
 
Yes, you can rename it.

Hashes can be used to verify data integrity to ensure there hasn't been any accidental corruption and authenticity to show that there hasn't been any anauthorized modification to the software [example].

Sarah

--
If I can't drink my bowl of coffee three times daily, then in my torment, I will shrivel up like a piece of roast goat

Spiders on coffee - Badass spiders on drugs
Standard User Oliver341
(eat-sleep-adslguide) Wed 17-May-17 13:47:51
Print Post

Re: What's the URL of the latest Windows Update website?


[re: ian72] [link to this post]
 
In reply to a post by ian72:
At present it appears they haven't been able to find how the vulnerability got in to networks

My guess is that these networks had SMB ports open to the whole of the internet (terrible idea), which explains why so many networks were infected within a short space of time. Home users will almost always have their ports firewalled behind a NAT router, in addition to the Windows Firewall, so they should be safe.

Oliver.
Standard User ian72
(eat-sleep-adslguide) Wed 17-May-17 14:50:19
Print Post

Re: What's the URL of the latest Windows Update website?


[re: Oliver341] [link to this post]
 
It is possible but I think unlikely that most of these large organisations would have punched holes in their firewalls to allow SMB in. I do not believe that is the route it got in - far more likely it was via malware on a website or a phishing email but at this point they haven't found the root cause.
Standard User Oliver341
(eat-sleep-adslguide) Wed 17-May-17 15:20:01
Print Post

Re: What's the URL of the latest Windows Update website?


[re: ian72] [link to this post]
 
In reply to a post by ian72:
I do not believe that is the route it got in - far more likely it was via malware on a website or a phishing email but at this point they haven't found the root cause.

That still wouldn't explain why so many networks got infected within a short space of time.

Oliver.
Standard User ian72
(eat-sleep-adslguide) Wed 17-May-17 15:58:51
Print Post

Re: What's the URL of the latest Windows Update website?


[re: Oliver341] [link to this post]
 
What you don't know is how long the infection was in the wild before it activated. It may have been distributing for a month before it activated the payload.
Standard User meditator
(fountain of knowledge) Wed 17-May-17 17:38:00
Print Post

Re: What's the URL of the latest Windows Update website?


[re: caffn8me] [link to this post]
 
Banger and caffn8me,

Although the other day, on my WinXp machine, I downloaded that patch with the long alphanumeric string in its filename, I've not installed it yet. Call me paranoid if you like but I've had an uneasy feeling about it from the outset.

Doing a bit of background research on the patch (using my Mac), I've discovered in a Microsoft Answers forum that - apparently - lots of people with XP SP3 x86 machines have been experiencing failures of this file to install, and word has it that, at the catalog site, Microsoft has posted up the wrong file. (Here, we're talking about the one that's near the top of that catalog list). Whereas XP SP3 x86 machines require a file that suits a non-embedded SP3, the version that Microsoft's posted on the site for that is, so everybody seems to think, the embedded version. Consequently, when people try to install the file it fails and they get the message "The version of Windows does not match the update you're trying to install".

Others in the Microsoft Answers forum maintain that if instead of using the catalog site you use the XP SP3 x86 link tucked away with others in the blogs.technet.microsoft.com article, you get the correct file. It's one without a whopping great alphanumeric string in its title.

At the catalog site there are at least three different versions of the patch made available for WinXP SP3 x86 (32-bit): a non-embedded version, an embedded version, and a POS (commercial upgrade) version. There's also a 64-bit version there. But it seems that Microsoft's dropped a clanger and got some of them mixed up, and now nobody's quite sure which one they should download and use. Indeed, there's now just as much doubt cast on the blogs.technet version. The link on the blogs.technet page renders you just one, single short-named file, which if you look at its details is apparently good for all versions of XP SP3.

Why on earth can't people be more precise about these things?! Accuracy is all-important. And it surely isn't rocket science to post the correct patch for the particular version, is it? So much for the 'emergency wonder patch' that the media's been raving about since Saturday; the facts don't fit the media hype. I for one will not be installing the patch until such time that it's 100% certain which one it is!
Standard User Oliver341
(eat-sleep-adslguide) Wed 17-May-17 18:36:28
Print Post

Re: What's the URL of the latest Windows Update website?


[re: ian72] [link to this post]
 
In reply to a post by ian72:
It may have been distributing for a month before it activated the payload.

Maybe, although there seems to be no evidence of that.

There is evidence however that over 1 million devices have port 445 listening to the internet, over 800,000 of which are Windows devices, 30% of which are estimated to be vulnerable to wannacry: https://community.rapid7.com/community/infosec/blog/...

Oliver.
Standard User David_W
(knowledge is power) Thu 18-May-17 07:39:07
Print Post

Re: What's the URL of the latest Windows Update website?


[re: ian72] [link to this post]
 
In reply to a post by ian72:
It is possible but I think unlikely that most of these large organisations would have punched holes in their firewalls to allow SMB in. I do not believe that is the route it got in - far more likely it was via malware on a website or a phishing email but at this point they haven't found the root cause.
I agree this is more likely correct - original infection via an e-mail attachment or web download, then propagation over SMB.



ZeN Unlimited Fibre 2 with native IPv6
thinkbroadband speed test : speedtest.net : thinkbroadband quality monitor IPv4 IPv6
Standard User meditator
(fountain of knowledge) Thu 18-May-17 12:04:37
Print Post

Re: What's the URL of the latest Windows Update website?


[re: meditator] [link to this post]
 
I don't know if Microsoft have been reacting to criticism over the precision of the patch version but when I now look at the link for the WinXP SP3 x86 patch on the blogs.technet site what you get given is the file version with the long alphanumeric string. This is the same filename you get if you choose the non-embedded WinXP SP3 at the catalog site and which, it is claimed, fails to install on WinXP SP3 x86 machines. However, if you download the patch from yet a third site - the MS Downloads site - you get a filename without the long string, and by inference that's a version that suits all versions of XP SP3 (which in all probability it doesn't).
Standard User Oliver341
(eat-sleep-adslguide) Thu 18-May-17 13:04:18
Print Post

Re: What's the URL of the latest Windows Update website?


[re: David_W] [link to this post]
 
In reply to a post by David_W:
agree this is more likely correct - original infection via an e-mail attachment or web download, then propagation over SMB.

I agree it's likely patient zero was infected in this way. I was talking about how other, unrelated networks became infected so rapidly, which seems to be due to their exploitable SMB ports listening to the internet.

Oliver.
Standard User ian72
(eat-sleep-adslguide) Thu 18-May-17 13:25:55
Print Post

Re: What's the URL of the latest Windows Update website?


[re: Oliver341] [link to this post]
 
I still don't believe that most of those big organisations had their firewalls configured to allow SMB traffic in bound from random Internet addresses.
Standard User Oliver341
(eat-sleep-adslguide) Thu 18-May-17 14:02:31
Print Post

Re: What's the URL of the latest Windows Update website?


[re: ian72] [link to this post]
 
I think it's very possible, and it only takes one machine/firewall to be configured poorly on a huge network to expose the rest of the network.

On a similar note, at ISP-level for instance, all Sky Hubs listen to the whole of the internet on port 30005, and we've already seen CWMP/TR-069 exploits on D-Link routers. Obviously that port should be firewalled to only accept packets from safe IP addresses, but it's not.

One for Sky Hub users: https://www.grc.com/x/portprobe=30005

Oliver.
Standard User ian72
(eat-sleep-adslguide) Thu 18-May-17 14:22:46
Print Post

Re: What's the URL of the latest Windows Update website?


[re: Oliver341] [link to this post]
 
Most of the sites hit we are talking about are going to be running industry grade firewalls that will by default have everything incoming closed. Opening a port to the whole Internet for SMB is a somewhat unusual move to make in that sort of environment.
Standard User Pipexer
(eat-sleep-adslguide) Sun 21-May-17 16:07:29
Print Post

Re: What's the URL of the latest Windows Update website?


[re: ian72] [link to this post]
 
In reply to a post by ian72:
I still don't believe that most of those big organisations had their firewalls configured to allow SMB traffic in bound from random Internet addresses.

I agree, it more likely came in via email or an internet download. Even the most incompetant organizations generally have inbound SMB blocked off. In fact often the more incompetant IT departments the most restrive inbound stuff is which makes the sysadmins life a pain in the [censored].

ZeN Fibre Unlimited 2

Edited by Pipexer (Sun 21-May-17 16:10:10)

Standard User ian72
(eat-sleep-adslguide) Mon 22-May-17 09:07:51
Print Post

Re: What's the URL of the latest Windows Update website?


[re: Pipexer] [link to this post]
 
Yes, default firewall rule in most organisations is allow all outgoing but block all incoming.
Standard User meditator
(fountain of knowledge) Tue 23-May-17 12:03:29
Print Post

Re: What's the URL of the latest Windows Update website?


[re: ian72] [link to this post]
 
Just to get back to normality for a moment, and the original question I posed concerning this topic, I've been in touch with the NCSC (National Computer Security Centre) this last week and, today, Tues 23rd, they've confirmed that lots of home users have been contacting them to say that the emergency one-off WinXP patch(es) issued by Microsoft for this piece of malware does not install. It appears that, in the posting of it online, there was a mixup between different versions of the patch. The NCSC has been in touch with Microsoft to point this out. Some users have also contacted Microsoft about it, but as I'm sure you'll appreciate it's not that easy actually getting through directly to Microsoft. And as with many forums these days - including those dedicated to other platforms - OS problems merely get discussed by the users and rarely reach the eyes and ears of those that matter, namely the software developers.

Edited by meditator (Tue 23-May-17 12:05:00)

Standard User Oliver341
(eat-sleep-adslguide) Tue 23-May-17 13:31:58
Print Post

Re: What's the URL of the latest Windows Update website?


[re: meditator] [link to this post]
 
I've just tested the XP SP3 patch download at: https://blogs.technet.microsoft.com/msrc/2017/05/12/...

Namely: http://download.windowsupdate.com/d/csa/csa/secu/201...

It successfully installed in a XP SP3 VM. Maybe they resolved it?

Oliver.
Standard User meditator
(fountain of knowledge) Tue 23-May-17 16:29:55
Print Post

Re: What's the URL of the latest Windows Update website?


[re: Oliver341] [link to this post]
 
Which XP SP3 patch at blogs.technet? There are two there, alone, for WinXP SP3. And at Microsoft's catalog site, there are about six different versions of XP to choose from. This exemplies the problem - everyone's talking about "a fix for WinXP", but are failing to indicate precisely which file goes with which version of XP. They don't all use a common patch file; there are some differences. Consequently, there's been understandable suspicion and loss of confidence in postings of the official patch for WinXP.

According to NCSC, most of the complainants are users of the Home Edition of WinXP x86, who have SP3 post-applied. I guess this is what's regarded as the 'non-embedded SP3' version of XP. And yet, there are reports that the patch provided won't install.

Edited by meditator (Tue 23-May-17 16:33:37)

Standard User Oliver341
(eat-sleep-adslguide) Tue 23-May-17 16:54:11
Print Post

Re: What's the URL of the latest Windows Update website?


[re: meditator] [link to this post]
 
In reply to a post by meditator:
Which XP SP3 patch at blogs.technet?

I downloaded and installed the patch for "Windows XP SP3 x86" (NOT the embedded version) successfully into my XP SP3 VM. Like I say, maybe there was a previous version which didn't work, but all I can say is that it worked fine for me.

Oliver.
Standard User XRaySpeX
(eat-sleep-adslguide) Tue 23-May-17 23:21:15
Print Post

Re: What's the URL of the latest Windows Update website?


[re: Oliver341] [link to this post]
 
+1

1999: Freeserve 48K Dial-Up => 2005: Wanadoo 1 Meg BB => 2007: Orange 2 Meg BB => 2008: Orange 8 Meg LLU => 2010: Orange 16 Meg LLU => 2011: Orange 20 Meg WBC
Standard User meditator
(fountain of knowledge) Tue 23-May-17 23:50:39
Print Post

Re: What's the URL of the latest Windows Update website?


[re: Oliver341] [link to this post]
 
Even though you and one or two others in this TBB discussion may very well have managed to now pick the correct file, possibly a good many ordinary WinXP users won't now bother with it, having lost confidence in Microsoft's ability to provide a trustworthy correcting file.

It's simply not good enough to say that 'Windows XP SP3 x86 non-embedded' is the appropriate file to use, without you also naming the patch file that goes with that, as there's not just one, single patchfile. They go by different names. The same clarification needs to apply to the other five or six versions of WinXP as well.

Normally, when we do file downloads of any kind we put our trust in the supplier that the name of the file matches its precise function. For an organisation like Microsoft to have (apparently) mixed up the WinXP versions with the different filenames, in a situation where widespread alarm has been caused by the malware for which the patch(es) is required, is pretty bad form, in my view.

Edited by meditator (Tue 23-May-17 23:57:40)

Standard User Oliver341
(eat-sleep-adslguide) Wed 24-May-17 13:03:52
Print Post

Re: What's the URL of the latest Windows Update website?


[re: meditator] [link to this post]
 
In reply to a post by meditator:
It's simply not good enough to say that 'Windows XP SP3 x86 non-embedded' is the appropriate file to use, without you also naming the patch file that goes with that, as there's not just one, single patchfile.

I gave you the link earlier. The filename is windowsxp-kb4012598-x86-custom-enu_eceb7d5023bbb23c0dc633e46b9c2f14fa6ee9dd.exe

Oliver.
Pages in this thread: 1 | 2 | 3 | 4 | 5 | (show all)   Print Thread

Jump to