![]() |
MS-DEFCON 2:
Patch reliability is unclear. Unless you have an immediate, pressing need to install a specific patch, don't do it.
|
-
Reported problem with COM patch KB 4018556 for WinXP Embedded
Home › Forums › AskWoody blog › Reported problem with COM patch KB 4018556 for WinXP Embedded
Tagged: KB 4018556, Windows XP Embedded
This topic contains 20 replies, has 10 voices, and was last updated by
satrow 11 months ago.
-
AuthorPosts
-
Just got this message, from Moldova: In our organization, we have many Windows XP desktops, that have been “moved” to Embedded, as to receive security..
UPDATE: Mea culpa! The original version of this post referenced KB 4018556 as a WannaCry patch. It isn’t. It’s a COM patch. I thought I had fixed all the mistaken pieces, but I missed some. Anyway, I think it’s all fixed now. I hope.
PATCHES PULLED: While this patch was originally issued for Windows XP Embedded, POSReady 2009 and Windows Server 2008, it looks like Microsoft has pulled all versions except the one for Server 2008. Thx to Bond, James Bond, and to DougCuk.
[See the full post at: Reported problem with COM patch KB 4018556 for WinXP Embedded]
-
anonymousThis only affects XP Embbebed, or regular SP3 as well?
-
This only affects XP Embedded, or regular SP3 as well?
KB4018556 is only available for XP Embedded and POSReady 2009. Microsoft has not made it available for regular Windows XP.
Windows XP systems will not get it unless they have the “POSReady registry hack”.
Hope for the best. Prepare for the worst.
-
The patch was offered to all versions of Windows.
http://www.catalog.update.microsoft.com/Search.aspx?q=4012598-
The patch was offered to all versions of Windows.
http://www.catalog.update.microsoft.com/Search.aspx?q=4012598We are talking about KB4018556 here, not KB4012598, if I am not mistaken. Woody’s post mentioned KB4018556, so does the title.
KB4012598 was offered for XP, as you say. But KB4018556 was only offered for Windows XP Embedded, POSReady 2009 and Windows Server 2008. (And it seems that the version for XP Embedded has been pulled from the Catalog.)
http://www.catalog.update.microsoft.com/Search.aspx?q=kb4018556
This page has download links for the XP Embedded version of KB4018556:
http://www.msfn.org/board/topic/171814-posready-2009-updates-ported-to-windows-xp-sp3-enu/?page=90Hope for the best. Prepare for the worst.
-
This reply was modified 11 months ago by
James Bond 007. Reason: Correction
-
This reply was modified 11 months ago by
James Bond 007.
-
This reply was modified 11 months ago by
James Bond 007. Reason: Correction
-
This reply was modified 11 months ago by
James Bond 007. Reason: Addition
-
This reply was modified 11 months ago by
-
I’m sorry. I really threw you guys a curve!
The patch in question is a COM patch. It has nothing to do with WannaCry.
That’s what I get for working too fast. I’m flying on Tuesday and there’s much to wrap up.
-
-
-
-
Some title confusion, as 4018556 is referred on this board as both Wannacry and COM. Wannacry is 4012598, this is COM, released in May 2017 set of POSReady hack updates. I have it, but don’t have this error. Could be language-pack related, though, or anything else.
1 user thanked author for this post.
-
There has always been a possibility that using the XP POSReady/Embedded Registry hack might at some point cause a problem – when forcing those updates to install on a desktop version of XP. So far I think things have worked OK – but as suggested things like language pack issues may trip a problem on some systems.
The titled update is as stated above a new security update (Windows COM Elevation of Privilege Vulnerability in Windows Server 2008 – issued May 9, 2017) – and not the original WannaCry SMBv1 patch. There is also a key difference between how the two have been released:
KB4018556 – the new Windows COM Elevation patch
– the catalog only lists this update for Server 2008 (POS version pulled?)
– latest files are dated 14-April-2017KB4012598 – original WannaCry SMBv1 patch
– the catalog lists versions for all Windows variants from XP to Win8
– the XP POSReady version is NOT the same package as the Server 2008 version
– this patch has a digital signature of Feb 11, 2017There is no specific XP POSReady/Embedded version for the new COM update – only the related Server 2008 version which is normally a different larger update package. Obviously installing a patch tested against Server 2008 could potentially have unknown issues when installed on an XP Desktop system – even though the two systems are very similar.
-
This reply was modified 11 months ago by
DougCuk. Reason: added new detail
1 user thanked author for this post.
-
This reply was modified 11 months ago by
-
Is it so complicated for you guys and gals to move on from Windows XP?
What is the compelling reason to stay with XP?-
Very good question.
I think the main reason is inertia. People have something that works, and they’re scared to change it. That, combined with some hardware and software incompatibilities — and lots of situations where people just don’t care — makes XP hard to kill.
1 user thanked author for this post.
-
Is it so complicated for you guys and gals to move on from Windows XP?
What is the compelling reason to stay with XP?Some people actually want a compelling reason NOT to stay with what they know and what works for them.
There are valid, rational reasons for not riding the bleeding edge. There are things in later versions that some people don’t like. Bloating comes to mind (e.g., gigabytes to do what megabytes used to do, in turn what kilobytes used to do).
And not everyone likes the glitzy stuff (e.g., Aero). They may not know – nor be willing to spend the time to learn – the many, many, many geeky tweaks and tricks to get a newer system back into a usability state that’s equal to – or possibly better than – what they’ve already accomplished on their older OS.
I personally have two hardware systems running older OS versions – though none as old as XP. I have one system on Win 8.1 and one on 7 (which, to be fair, I don’t use interactively). Why have I not brought all up to the latest? Because they do just what I need, and the latest (so far) doesn’t do it better.
In the case of Win 8.1, it’s my primary choice for my main workstation because of its stability, and so far Win 10 does nothing in particular better that’s incentivizing me to move. Don’t get me wrong, I’ve been able to tweak a Windows 10 system to be pretty much as useful, and it’s not lost on me that it’s current, but it’s also a moving target, and I really don’t need an OS that’s so mutable. I like it when my OS “just works” for weeks and months and years at a time.
So please don’t be too critical of those who find an older, simpler OS to their liking. They might actually KNOW what the later OSs look like and do and have good reasons for working the way they are right now.
Oh, and please don’t pull out the “the old OS is insecure” argument… XP wouldn’t still have 10% of the world’s users if it were a crumbling nightmare, and last I looked Windows 10 isn’t devoid of exploits. It might even be a bigger target for malware writers than XP now.
-Noel
-
anonymous? says:
thank you Mr. Carboni!
scattered about i have 2 win 98se, 1 win me, 4 or 5 win xp, pro and no, 4 win 7 and
hum, no 8 or 8.1 or winx.
i occasionally run them all to keep learning, and to keep my skills viable and because i enjoy toying around with windows. i was on askvg last night learning or relearning lots of forgotten tips and tricks for my own personal computing enjoyment. i know, some people and their kids.
i do appreciate you and your insight and attitude.
ps the winx pushers pushed me into linux and i have on live usb, 2 ubuntu 14,04 lts and i’m writing to you on ubuntu 16.04.2 lts. when i have had my fill of this session i will shut down and everything will all be but a faint memory!
thank you and mr. woody and pkcano especially as well as all the contributors for making this a place for all to come and drink of the waters of acceptance and knowledge.
-
Thank you Noel. I was not suggesting an upgrade to any of the other specific supported operating systems, 7, 8.1 or 10 in context. So it was not about bleeding age, but about the support (indirect, via updates and not direct agreement) and security. There are hacks available to tell WU that the system is embedded, but as few users reported here and elsewhere, this may cause issues with the officially released patches like the current one. If the malware built based on the supposedly NSA leaked code continues to affect the internet for a while longer, there may be new official patches for XP released to the wider public, although as it appears now, those chances are slim. Related, there are a few businesses which use Windows 2003 for legacy applications or difficult to migrate File Servers and do not have the funding to pay custom support, so this issue would affect businesses too.
I don’t like Aero either and when I use Windows 7 I always select the Basic Theme. With later OS it is a bit more difficult as Desktop Composition which is useful comes with Aero like features, although full Aero has been discontinued. There are built-in settings which make the OS faster if the graphics features are not required or desired, although some of them require admin user access, which should not be an issue for home users. This is something which has been known from XP or Windows 2000.
If you notice, I was not asking why not moving from Windows XP to Windows 10, but moving away only from Windows XP and your answer like any other answers following are useful in the context. -
anonymousNoel – Ars Techinica has just reported that the WannaCry ransomware hit mostly Win 7 and hardly at all XP !!! See THIS ARS TECHNICA LINK .
Viva XP forever !!!Edit to remove HTML
1 user thanked author for this post.
-
We’ve been aware that XP wasn’t involved in the recent outbreak (and neither were phishing emails): https://www.askwoody.com/forums/topic/the-original-wannacry-does-not-infect-windows-xp-boxes/
But – XP can be infected by it, the French researcher that discovered how to decrypt and recover the files did so by manually infecting an XP box.
-
-
-
-
anonymousWhat vulnerability does this patch fix?
-
Not sure what level of detail you wanted – the KB article is linked below
https://support.microsoft.com/en-us/help/4018556/title – and says the following:
Security update for the Windows COM Elevation of Privilege Vulnerability in Windows
An elevation of privilege exists in Windows COM Aggregate Marshaler.
An attacker who successfully exploits the vulnerability could run arbitrary code with elevated privileges.It appears to fix these two exploits
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0213
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0214
– the first of which was reported by the Google Chrome developers.
-
-
In a different forum (MSFN), a few folks think this problem with KB 4018556 in XP Embedded (XP continuing to get updates with the POS Ready 2009 hack) might be in the Russian version only (or, who knows, maybe only in the Moldovan version).
On the other hand, MS has pulled it from XP Embedded, so maybe it’s not limited to Russian version only.
Anyway, it’s just a thought. Anyone who finds out for sure, please let us know.
Спасибо, и повеселились в Молдове.
PS – I’ve kept XP updated on one of my machines because: all of my emails are there in Outlook Express going back to 1942, no later version of Windows has OE, and it’s just too danged hard to move all of them to a different email app in Win 7 or later. And updating XP is fun.
Edit Please follow the –Lounge Rules– no personal attacks, no swearing, and politics/religion are relegated to the Rants forum.
-
There is no ‘Moldovan’ version.
It is either Romanian (which is the official language in Moldova in a dialect form) or Russian which is a widely accepted alternative.
-
-
AuthorPosts
Comments are closed.
-
-
It's easy to post questions about Windows 10, Win8.1, Win7, Surface, Office, or browse through our Forums. Post anonymously or register for greater privileges. Keep it civil, please: Decorous Lounge rules strictly enforced.
Keep AskWoody alive and free
Shop on Amazon by clicking on our affiliate link.
Buy anything, AskWoody gets a small bounty.
No charge to you, of course.
Bitcoin 17JPn51nLfwzSGmQGaYPNseMSkrRSJceD4
Or send a check payable to AskWoody
P.O. Box 2511 - Brentwood, TN 37024
If you don't want your name to appear on the Thanks! page, please so indicate in PayPal/ Patreon comments.
Search The Lounge
Recent Replies
-
Noel Carboni on Patch Lady – finally got an HP Envy 8 Note 5000 upgraded
51 minutes ago -
JohnW on Linux Hardware, LTS versions, and Kernel 4.17
2 hours, 33 minutes ago -
Bill C. on Profiles
3 hours, 45 minutes ago -
Great Lake Bunyip on Patch Lady – finally got an HP Envy 8 Note 5000 upgraded
4 hours, 7 minutes ago -
ch100 on Since Jan 2018 update, HP laptop will not update
4 hours, 15 minutes ago -
Faye CW 23 on Since Jan 2018 update, HP laptop will not update
4 hours, 52 minutes ago -
GeoffB on Patch Lady – KB4099950 gets a revision
4 hours, 54 minutes ago -
ch100 on Since Jan 2018 update, HP laptop will not update
5 hours, 13 minutes ago -
Faye CW 23 on Since Jan 2018 update, HP laptop will not update
5 hours, 57 minutes ago -
ch100 on Since Jan 2018 update, HP laptop will not update
6 hours, 48 minutes ago -
OldBiddy on Patch Lady – KB4099950 gets a revision
7 hours, 48 minutes ago -
anonymous on Patch Lady – finally got an HP Envy 8 Note 5000 upgraded
8 hours, 4 minutes ago -
anonymous on Has the “real” Win10 version 1803 just been pushed
9 hours, 5 minutes ago -
OscarCP on Patch Lady – finally got an HP Envy 8 Note 5000 upgraded
9 hours, 14 minutes ago -
fernlady on Patch Lady – KB4099950 gets a revision
9 hours, 54 minutes ago -
PKCano on Patch Lady – KB4099950 gets a revision
10 hours, 10 minutes ago -
fernlady on Patch Lady – KB4099950 gets a revision
10 hours, 25 minutes ago -
Faye CW 23 on Since Jan 2018 update, HP laptop will not update
11 hours, 1 minute ago -
anonymous on Patch Lady – KB4099950 gets a revision
11 hours, 19 minutes ago -
anonymous on Patch Lady – finally got an HP Envy 8 Note 5000 upgraded
11 hours, 49 minutes ago
Recent Topics
-
January to April 2018 updates
3 hours, 8 minutes ago
-
Linux Hardware, LTS versions, and Kernel 4.17
2 hours, 33 minutes ago
-
13″ MacBook Pro Battery Replacement Program
23 hours, 14 minutes ago
-
Update for Windows 10 on a loop
1 day, 5 hours ago
-
Hard Drive size mismatch
16 hours, 2 minutes ago
-
Patch Lady – finally got an HP Envy 8 Note 5000 upgraded
51 minutes ago
-
Has the “real” Win10 version 1803 just been pushed
9 hours, 5 minutes ago
-
Status of April Updates?
12 hours, 3 minutes ago
-
How to change your Win10 Network Profile from Public to Private
13 hours, 45 minutes ago
-
Now we know why this month’s Win7 Monthly Rollup, KB 4093118, installs itself over and over
11 hours, 58 minutes ago
Search for Topics
Recent blog posts
- Patch Lady – finally got an HP Envy 8 Note 5000 upgraded
- Has the “real” Win10 version 1803 just been pushed?
- How to change your Win10 Network Profile from Public to Private
- Now we know why this month’s Win7 Monthly Rollup, KB 4093118, installs itself over and over
- Patch Lady – KB4099950 gets a revision