Reported problem with COM patch KB 4018556 for WinXP Embedded

[woodyDa Boss]

Just got this message, from Moldova: In our organization, we have many Windows XP desktops, that have been “moved” to Embedded, as to receive security..

UPDATE: Mea culpa! The original version of this post referenced KB 4018556 as a WannaCry patch. It isn’t. It’s a COM patch. I thought I had fixed all the mistaken pieces, but I missed some. Anyway, I think it’s all fixed now. I hope.

PATCHES PULLED: While this patch was originally issued for Windows XP Embedded, POSReady 2009 and Windows Server 2008, it looks like Microsoft has pulled all versions except the one for Server 2008. Thx to Bond, James Bond, and to DougCuk.

[See the full post at: Reported problem with COM patch KB 4018556 for WinXP Embedded]

• This topic was modified 11 months ago by  woody.
• This topic was modified 11 months ago by  woody.
• This topic was modified 11 months ago by  woody.
• This topic was modified 11 months ago by  woody.
• This topic was modified 11 months ago by  woody.

[anonymous]

This only affects XP Embbebed, or regular SP3 as well?

[James Bond 007AskWoody Lounger]

anonymous wrote:

This only affects XP Embedded, or regular SP3 as well?

KB4018556 is only available for XP Embedded and POSReady 2009. Microsoft has not made it available for regular Windows XP.

Windows XP systems will not get it unless they have the “POSReady registry hack”.

Hope for the best. Prepare for the worst.

[PKCanoAskWoody MVP]

The patch was offered to all versions of Windows.
http://www.catalog.update.microsoft.com/Search.aspx?q=4012598

[James Bond 007AskWoody Lounger]

PKCano wrote:

The patch was offered to all versions of Windows.
http://www.catalog.update.microsoft.com/Search.aspx?q=4012598

We are talking about KB4018556 here, not KB4012598, if I am not mistaken. Woody’s post mentioned KB4018556, so does the title.

KB4012598 was offered for XP, as you say. But KB4018556 was only offered for Windows XP Embedded, POSReady 2009 and Windows Server 2008. (And it seems that the version for XP Embedded has been pulled from the Catalog.)

http://www.catalog.update.microsoft.com/Search.aspx?q=kb4018556

This page has download links for the XP Embedded version of KB4018556:
http://www.msfn.org/board/topic/171814-posready-2009-updates-ported-to-windows-xp-sp3-enu/?page=90

Hope for the best. Prepare for the worst.

• This reply was modified 11 months ago by  James Bond 007. Reason: Correction
• This reply was modified 11 months ago by  James Bond 007.
• This reply was modified 11 months ago by  James Bond 007. Reason: Correction
• This reply was modified 11 months ago by  James Bond 007. Reason: Addition

[woodyDa Boss]

I’m sorry. I really threw you guys a curve!

The patch in question is a COM patch. It has nothing to do with WannaCry.

That’s what I get for working too fast. I’m flying on Tuesday and there’s much to wrap up.

[nospambozAskWoody Lounger]

Some title confusion, as 4018556 is referred on this board as both Wannacry and COM. Wannacry is 4012598, this is COM, released in May 2017 set of POSReady hack updates. I have it, but don’t have this error. Could be language-pack related, though, or anything else.

1 user thanked author for this post.

woody

[DougCukAskWoody Lounger]

There has always been a possibility that using the XP POSReady/Embedded Registry hack might at some point cause a problem – when forcing those updates to install on a desktop version of XP. So far I think things have worked OK – but as suggested things like language pack issues may trip a problem on some systems.

The titled update is as stated above a new security update (Windows COM Elevation of Privilege Vulnerability in Windows Server 2008 – issued May 9, 2017) – and not the original WannaCry SMBv1 patch. There is also a key difference between how the two have been released:

KB4018556  – the new Windows COM Elevation patch
– the catalog only lists this update for Server 2008 (POS version pulled?)
– latest files are dated 14-April-2017

KB4012598  – original WannaCry SMBv1 patch
– the catalog lists versions for all Windows variants from XP to Win8
– the XP POSReady version is NOT the same package as the Server 2008 version
– this patch has a digital signature of Feb 11, 2017

There is no specific XP POSReady/Embedded version for the new COM update – only the related Server 2008 version which is normally a different larger update package. Obviously installing a patch tested against Server 2008 could potentially have unknown issues when installed on an XP Desktop system – even though the two systems are very similar.

• This reply was modified 11 months ago by  DougCuk. Reason: added new detail

1 user thanked author for this post.

woody

[ch100AskWoody MVP]

Is it so complicated for you guys and gals to move on from Windows XP?
What is the compelling reason to stay with XP?

[woodyDa Boss]

Very good question.

I think the main reason is inertia. People have something that works, and they’re scared to change it. That, combined with some hardware and software incompatibilities — and lots of situations where people just don’t care — makes XP hard to kill.

1 user thanked author for this post.

ch100

[Noel CarboniAskWoody MVP]

ch100 wrote:

Is it so complicated for you guys and gals to move on from Windows XP?
What is the compelling reason to stay with XP?

Some people actually want a compelling reason NOT to stay with what they know and what works for them.

There are valid, rational reasons for not riding the bleeding edge. There are things in later versions that some people don’t like. Bloating comes to mind (e.g., gigabytes to do what megabytes used to do, in turn what kilobytes used to do).

And not everyone likes the glitzy stuff (e.g., Aero). They may not know – nor be willing to spend the time to learn – the many, many, many geeky tweaks and tricks to get a newer system back into a usability state that’s equal to – or possibly better than – what they’ve already accomplished on their older OS.

I personally have two hardware systems running older OS versions – though none as old as XP. I have one system on Win 8.1 and one on 7 (which, to be fair, I don’t use interactively). Why have I not brought all up to the latest? Because they do just what I need, and the latest (so far) doesn’t do it better.

In the case of Win 8.1, it’s my primary choice for my main workstation because of its stability, and so far Win 10 does nothing in particular better that’s incentivizing me to move. Don’t get me wrong, I’ve been able to tweak a Windows 10 system to be pretty much as useful, and it’s not lost on me that it’s current, but it’s also a moving target, and I really don’t need an OS that’s so mutable. I like it when my OS “just works” for weeks and months and years at a time.

So please don’t be too critical of those who find an older, simpler OS to their liking. They might actually KNOW what the later OSs look like and do and have good reasons for working the way they are right now.

Oh, and please don’t pull out the “the old OS is insecure” argument… XP wouldn’t still have 10% of the world’s users if it were a crumbling nightmare, and last I looked Windows 10 isn’t devoid of exploits. It might even be a bigger target for malware writers than XP now.

-Noel

4 users thanked author for this post.

Elly, Cesar, woody, ch100

[anonymous]

? says:

thank you Mr. Carboni!

scattered about i have 2 win 98se, 1 win me, 4 or 5 win xp, pro and no, 4 win 7 and

hum, no 8 or 8.1 or winx.

i occasionally run them all to keep learning, and to keep my skills viable and because i enjoy toying around with windows. i was on askvg last night learning or relearning lots of forgotten tips and tricks for my own personal computing enjoyment. i know, some people and their kids.

i do appreciate you and your insight and attitude.

ps the winx pushers pushed me into linux and i have on live usb, 2 ubuntu 14,04 lts and i’m writing to you on ubuntu 16.04.2 lts. when i have had my fill of this session i will shut down and everything will all be but a faint memory!

thank you and mr. woody and  pkcano especially as well as all the contributors for making this a place for all to come and drink of the waters of acceptance and knowledge.

[ch100AskWoody MVP]

Thank you Noel. I was not suggesting an upgrade to any of the other specific supported operating systems, 7, 8.1 or 10 in context. So it was not about bleeding age, but about the support (indirect, via updates and not direct agreement) and security. There are hacks available to tell WU that the system is embedded, but as few users reported here and elsewhere, this may cause issues with the officially released patches like the current one. If the malware built based on the supposedly NSA leaked code continues to affect the internet for a while longer, there may be new official patches for XP released to the wider public, although as it appears now, those chances are slim. Related, there are a few businesses which use Windows 2003 for legacy applications or difficult to migrate File Servers and do not have the funding to pay custom support, so this issue would affect businesses too.
I don’t like Aero either and when I use Windows 7 I always select the Basic Theme. With later OS it is a bit more difficult as Desktop Composition which is useful comes with Aero like features, although full Aero has been discontinued. There are built-in settings which make the OS faster if the graphics features are not required or desired, although some of them require admin user access, which should not be an issue for home users. This is something which has been known from XP or Windows 2000.
If you notice, I was not asking why not moving from Windows XP to Windows 10, but moving away only from Windows XP and your answer like any other answers following are useful in the context.

[woodyDa Boss]

(… and I still miss Aero… 🙂 )

2 users thanked author for this post.

Elly, ch100

[anonymous]

Noel – Ars Techinica has just reported that the WannaCry ransomware hit mostly Win 7 and hardly at all XP !!!  See THIS ARS TECHNICA LINK .
Viva XP forever !!!

Edit to remove HTML

1 user thanked author for this post.

glnz

[satrowAskWoody MVP]

We’ve been aware that XP wasn’t involved in the recent outbreak (and neither were phishing emails): https://www.askwoody.com/forums/topic/the-original-wannacry-does-not-infect-windows-xp-boxes/

But – XP can be infected by it, the French researcher that discovered how to decrypt and recover the files did so by manually infecting an XP box.

[anonymous]

What vulnerability does this patch fix?

[DougCukAskWoody Lounger]

Not sure what level of detail you wanted – the KB article is linked below
https://support.microsoft.com/en-us/help/4018556/title – and says the following:
Security update for the Windows COM Elevation of Privilege Vulnerability in Windows
An elevation of privilege exists in Windows COM Aggregate Marshaler.
An attacker who successfully exploits the vulnerability could run arbitrary code with elevated privileges.

It appears to fix these two exploits
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0213
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0214
– the first of which was reported by the Google Chrome developers.

[glnzAskWoody Lounger]

In a different forum (MSFN), a few folks think this problem with KB 4018556 in XP Embedded (XP continuing to get updates with the POS Ready 2009 hack) might be in the Russian version only (or, who knows, maybe only in the Moldovan version).

On the other hand, MS has pulled it from XP Embedded, so maybe it’s not limited to Russian version only.

Anyway, it’s just a thought.  Anyone who finds out for sure, please let us know.

Спасибо, и повеселились в Молдове.

PS – I’ve kept XP updated on one of my machines because:  all of my emails are there in Outlook Express going back to 1942, no later version of Windows has OE, and it’s just too danged hard to move all of them to a different email app in Win 7 or later.  And updating XP is fun.

Edit Please follow the –Lounge Rules– no personal attacks, no swearing, and politics/religion are relegated to the Rants forum.

• This reply was modified 11 months ago by  glnz.
• This reply was modified 11 months ago by  glnz.
• This reply was modified 11 months ago by  PKCano.

[ch100AskWoody MVP]

There is no ‘Moldovan’ version.
It is either Romanian (which is the official language in Moldova in a dialect form) or Russian which is a widely accepted alternative.

[ch100AskWoody MVP]

all of my emails are there in Outlook Express going back to 1942

@glnz
You can’t be serious. Check the year please 🙂

[Author]

Posts