POS - Point Of Sale (ie - cash registers, bank teller consoles, etc) http://www.msfn.org/board/topic/171814-posready-2009-updates-ported-to-windows-xp-sp3-enu/ But before you get too excited, read post #20 (and beyond) in that thread. This might not be ready for prime time - yet. I told you that there would be a way for these XP updates to be modded and leaked to the web. Every PatchTuesday this is going to happen. ================= The latest Patch tuesday updates have been easily ported to a Windows XP virtual system - fully updated until April 2014. The constraints are entirely artificial. Porting is easy as 1-2-3: 1. Modify update.inf file and remove the condition=CompositeOp,OrOp,Prereq.XPInstallEmbedded.Section line from the Prerequisite section. 2. Use a patched update.exe version 6.3.13.0 or later to accept the modified update.inf file. 3. Compress to SFX EXE file. Delta compression optional. I have already uploaded the files at RyanVM.net... So Windows XP can have semi-official support until 2019! :w00t: The update is applicable to Windows XP x64 SP2 if you remove the: Condition=AndOp,Prereq.XPAMDInstallBlock.Section line from the [Prerequisite] section and patch the update.exe file to accept the modified update.inf. Instructions can be found here: http://www.ryanvm.net/forum/viewtopic.php?p=115464#115464 The shlwapi.dll file is not an exclusive Server 2003 x64 component. In addition there are registry keys in the INF file specific for XP Professional x64: [ProductInstall.ProfessionalFiles] AddReg=Product.Add.Reg.Professional [Save.Reg.For.Uninstall] HKLM,SOFTWARE\Microsoft\Updates\Windows XP Version 2003\SP%SERVICE_PACK_NUMBER%\%SP_SHORT_TITLE% [Product.Add.Reg.Professional] HKLM,SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\%SP_SHORT_TITLE%,"Comments",0,%SP_TITLE_XP% HKLM,SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\%SP_SHORT_TITLE%,"Fix Description",0,%SP_TITLE_XP% HKLM,SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\%SP_SHORT_TITLE%,"RegistryLocation",0,"HKLM\SOFTWARE\Microsoft\Updates\Windows XP Version 2003\SP%SERVICE_PACK_NUMBER%\%SP_SHORT_TITLE%" HKLM,SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\%SP_SHORT_TITLE%,"ParentDisplayName",0,"%PARENT_DISPLAY_NAME_XP%" HKLM,SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\%SP_SHORT_TITLE%,"DisplayName",0,"%SP_TITLE_XP%" HKLM,SOFTWARE\Microsoft\Updates\Windows XP Version 2003\SP%SERVICE_PACK_NUMBER%\%SP_SHORT_TITLE%,"Description",,%SP_TITLE_XP% and the relevant strings. All these observations indicate that the update is applicable to XP x64 without any issues (It's not proved completely - that would require an analysis of the patch itself, something rather difficult and not required in this scenario). One final note: Because these updates have been deployed on a relatively limited number of machines (XP support has officially ended and most users ignore the existance of these updates) testing any of them in VM before deploying to real hardware is strongly recommended. ----------------- With reference to this: http://www.microsoft.com/en-us/download/details.aspx?id=42774 which is related to this kb: http://support.microsoft.com/kb/2932079 This update resolves a vulnerability in the Microsoft .NET Framework that could allow elevation of privilege if an unauthenticated attacker sends specially crafted data to an affected workstation or server that has the .NET Framework Remoting feature enabled. it is IMHO not a patch for a vulnerability, it is a patch for generic stupidity. ----------------- First of all, thank you *very much* harkaz, this is beyond cool! Heading home from work yesterday I was almost a bit giddy seeing these semi-official patches and thinking of all the future ones that could/will be coming our way through 2019! Let the idiots on neowin storm off in a huff! Tell them to come back in 2019. For myself, I only get 1 patch out of the deal (I don't have IE or any version of "dontnet" installed). Hmm, I didn't think about POS not having IE6. Looks like we won't get any IE 6 patches unless somebody ports them from 2003. Jaclaz, I agree it's a patch for general stupidity-let's hope MS doesn;'t start patching for that, as we'll all need petabyte sized drives. (Seriously though, the link to the bulletin 42774 that you posted; under 'System Requirements' it states that Windows XP is a "supported operating system" along with Windows Server 2003. But the title at the top of the page for 42774 just says Windows Server 2003.) Rest assured the IE6 and the IE7 patches for POSReady 2009 also exist! I'm sure harkaz'll release modded versions of them soon, too. ---------------- The patched update.exe seems to have done the trick. The update installed and is actually listed in my list of updates as a "Windows XP" update! I guess Microsoft isn't going to let anyone on XP x64 install it the easy way unless they have paid support, though. I know there's a risk to doing this, but this isn't a mission-critical machine, anyway. Just a laptop I use when I'm away from the big iron, to go online and stuff with. If it were, I'd just update it to 7. Guess I'll just keep doing this once a month until July of next year. Thanks for the help! There is also the older WEPOS/XPe which comes with IE6 and is supported until I think 2016 and also uses the same patches.
Good information. It's true, some might find it problematic installing these updates. I had touble because I run a Symantec product on my system. But I found a way around it, I think I've seen the patched updates now on 4 or 5 different forums. There are slight differences in some of the downloads, so more than one person is working on them. Sad to say, I'm not one of those talented people. Good to know about the updates anyway. As time goes by, they will likely become better able to work with more system variations. It's exciting to me, even though it's early in the game.
Updates are for sissies, the type that hide behind their mother's apron strings! -- The Grandmaster of the CyberFROG Come get your ticket to CyberFROG city Nay, Art thou decideth playeth ye simpleton games. *Some* of us know proper manners Very few. Ya know ahh, ahhh I used to take calls from *rank* noobs but got fired the first day on the job for potty mouth, Bur-ring, i'll get this one: WHAT'S YOUR PROBLEM JERK!!? We're here to help you dickweed, ok, ok give the power cord the jiggily piggily wiggily all the while pushing the power button repeatedly now take everything out of your computer except the power supply and *one* stick of ram. Subscriber asks will that fuckin' work? I guaranDAMtee it. Ok get the next sucker on the phone. I'm not Sam Hong but we both hate Roxio. Sam Hong pulled Roxio's Dong! There's the employer and the employee and the FROGGER and the FROGEE, which one are you? Hamster isn't a newsreader it's a mistake! El-Gonzo Jackson FROGS both me and Chuckcar (I just got EL-FROG-OED!!) All hail Chuckcar the CZAR!! Or in F-R-O-Gland Chuckcar laFROG laCZAR, ChuckZar!! I hate them both, With useless bogus bullshit you need at least *three* fulltime jobs to afford either one of them I'm a fulltime text *only* man on usenet now. The rest of the world downloads the binary files not me i can't afford thousands of dollars a month VBB = Volume based billing. How many bytes can we shove down your throat and out your arse sir? The only "fix" for the CellPig modem is a sledgehammer. UBB = User based bullFROGGING Colonel Debeers refuses to wrestle a black man () Master Juba was a black man imitating a white man imitating a black man Always do incremental backups of your data or you'll end up like the A To Z(Zee)-Holes at DSL Reports. Justin says i made a boo-boo. Yeah boo-who. Updates are for idiots. As long as the thing works there's no reason to turn schizophrenic and develop a lifelong complex over such a silly issue. You don't have to be "stink-bottomed" to post on this newsgroup AIOE put can.internet.highspeed on the banlist to give other people a chance to snag the "Furst Poast" of the day Anyone who disagrees with me gets FROG tape over their yapper Adrian "jackpot" Lewis is a mama's boy! Jimmy Fricke is good for the game of poker Using my technical prowess and computer abilities to answer questions beyond the realm of understandability Regards Tony... Making usenet better for everyone everyday This sig file was compiled via my journeys through usenet
UPDATE [22/5/2014]: A simple registry tweak is enough for WU to show the latest POSReady updates on Windows XP. This method has been tested and works on any XP build. Add the following registry keys (INF Format): HKLM,"System\CurrentControlSet\Control\WindowsEmbedded\ProductVersion","FeaturePackVersion",0x00000000,"SP3" HKLM,"SYSTEM\WPA\WEPOS","Installed",0x10001,0 HKLM,"SYSTEM\WPA\WES","Installed",0x10001,0 HKLM,"SYSTEM\WPA\POSReady","Installed",0x10001,1 Or use notepad to copy the following and save as .reg file and run it: ========== Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WindowsEmbedded\ProductVersion] "FeaturePackVersion"="SP3" [HKEY_LOCAL_MACHINE\SYSTEM\WPA\WEPOS] "Installed"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\WPA\WES] "Installed"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\WPA\PosReady] "Installed"=dword:00000001 =========== Restart your computer, and make sure WindozeUpdate service is running. You will see there are updates for you to install! And your XP PC will continue to recieve MS patches until the year 2019. This is for 32-bit XP. There is a different method for 64-bit version of XP (by spoofing Windows 2003 server). This trick works because for the purposes of WindowsUpdate, it makes WU think you're running POS2009 (Point Of Service 2009) which is basically XP for cash registers and other "point-of-service" PC's. Microsoft provides update support for POS2009 until 2019.
I tested it today. I work just fine. "POSReady" updates show up in WU and after they get installed, the uninstall displays them as "Security update for Windows XP". The exact content of the *.inf file: ********************************************************************** [Version] Signature=$CHICAGO$ [DefaultInstall] AddReg=Add.Settings [Add.Settings] HKLM,"System\CurrentControlSet\Control\WindowsEmbedded\ProductVersion","FeaturePackVersion",0x00000000,"SP3" HKLM,"SYSTEM\WPA\WEPOS","Installed",0x10001,0 HKLM,"SYSTEM\WPA\WES","Installed",0x10001,0 HKLM,"SYSTEM\WPA\POSReady","Installed",0x10001,1 ********************************************************************* This probably will not last because MS will soon realize that there is surprising number of cash registers connecting in from residential addresses DK
So M$ actually has the updates, but is withholding them from the general public. Oh well, that is what is bound to happen when the same folks that own the roads also sells the cars that run on it. If Linux ever takes off, it will put an end to this scurrilous behavior. Now a regular business would just sell a subscription, but ...
Actually, no it won't. Linux is perfectly capable of exactly the same scurrilous behavior. That's why the package manager for my 7.04 copy of Ubuntu, doesn't do anything. The servers are turned off. I wanted to do a simple thing, like get a copy of GCC for that distro, and compile a package from source, and I couldn't even do that. The disc doesn't have enough dev tools on it, to bootstrap an environment in it. ******* In Linux, there is a slight difference in how distros distribute things. In Gentoo, you do everything from source. The distro is a "rolling" distro, meaning you never have to reinstall the OS. The packages in the OS evolve, you download updates, do another "build" of the World, and you're up to date. This idea has rough edges, and I've had to abandon Gentoo installations, when I could no longer "move forward" or "move backward" because something in the source tree broke. Basically, to easily maintain Gentoo, you must to maintenance regularly (weekly). Allowing too many changes to accumulate, things could break and only an expert can get you out of it. I left my distro for around nine months, and when I tried to do maintenance, I was stuck. In such an environment, if you downloaded all the source (many gigabytes), you could basically do anything you want with it. Since you have all the source, no one can hold you hostage. Other Linux setups (like Ubuntu), are binary distros. They use a package manager, and you just download pre-compiled code to the desktop. The lifecycle policy on the Ubuntu web site, tells you how long the servers will provide packages for that version of OS. After that date, you can't get anything. Since Gentoo is a source based distro, the source is easy to get from a mirror site. With Ubuntu, they don't exactly make all the source easy to get (they don't put the source for all 15,000 Debian programs onto a giant ISO for you). With a binary distro, you're accepting the convenience of pre-compiled binaries, with the understanding of a strict lifecycle and cutoff date. Just like WinXP had. While POS2009 may have WinXP-like updates, it will only have been tested on whatever constitutes POS2009 equipment and configurations. You could download one of those updates, and discover it bricks some subsystem on your WinXP. You don't have the assurance of as broad a test plan. And certainly, someone manning the phone line at Microsoft, for Windows Update, will tell you to piss off, if you approach them with a POS2009 bug when it is applied to WinXP Desktop. Paul
I am afraid you are right. Vista would have done the trick, but people just suffered. Folks are just suffering with Frankenstein (W8) too. No one wants to be "different". Getting a Windows user off of Windows is like trying to get q drug addict off of crack cocaine. That is just wishful thinking on the part of folks that like M$. You can not run as an administrator and a user at the same time. M$ makes it too easy. You would never believe the crap on Windows I stop when I take a user's administrator rights away. Also, if you have time, take a look at this (SE Linux): http://en.wikipedia.org/wiki/Security-Enhanced_Linux Just try and hack that! -T
Never under-estimate the impact a user can have. I could pop up a window that looks like the Package Manager, get you to type in the root password when prompted, then use that password to do what I wanted. Phishing is good enough. When it comes to hacking things, it doesn't have to be elegant. It just has to work. Paul
You have a point there. The bad guys are looking for "low hanging fruit". The user will never cease to provide them with bushels and bushels. I doubt that many of the bad guys will bother trying to hack a system much any more. Just to easy to trick the user. Just look at all the junkware the users fall for! I have clean off buckets of junkware from a computer and had the same kind of crap (not necessarily the same ones) back on their computer in a week. Yikes! The solution is to take away their administrator's rights, like is done on OSx and Linux. There is definitely a personality involved with junkware. And when they call me to ask what their root password is, I will shut them down. Uses have the damnedest time remembering their passwords (especially their wireless ones). But, you do have a point. So far they haven't employed this method with OSx and Linux yet. Here is a nice article from Security Focus on Linux vs Windows and viruses. http://www.securityfocus.com/columnists/188 Love the tag line: To mess up a Linux box, you need to work at it; to mess up your Windows box, you just need to work on it. -T
In the psychopathic mind of Macro$haft, Windows XP-SP3 and POSReady 2009 are two completely different products, and hence they are not withholding anything from XP-SP3. In the rational and practical mind of the rest of us, POSReady 2009 and XP-SP3 are the same operating system - but with different license agreements (which naturally is of no consequence or concern to us). By the way, if you had done it today (and selected "Custom" instead of "Express" installation), this is what you'd see: 3 Critical updates: ================ Security Update for Microsoft .NET Framework 2.0 SP2 on Windows Server 2003 KB2932079 - MS14-026 http://support.microsoft.com/kb/2932079 Download size: 1.1 MB , less than 1 minute A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article. After you install this update, you may have to restart your system. Details... ============== Security Update for WEPOS and POSReady 2009 KB2926765 - MS14-027 http://support.microsoft.com/kb/2926765 Typical download size: 275 KB , less than 1 minute A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article. After you install this update, you may have to restart your system. Details... ================== Security Update for Internet Explorer 8 for WEPOS and POSReady 2009 KB2953522 - MS14-029 AKA Security update for Internet Explorer versions 6, 7, 8, 9, 10, and 11: May 13, 2014 http://support.microsoft.com/kb/2953522 Download size: 3.2 MB , less than 1 minute A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article. After you install this update, you may have to restart your system. Details... =================== Now you go ahead and read those microsoft links. And if you really want to be so frighted about the state of your XP system less than a month after "official" end-of-support, you'll read these: http://www.pcworld.com/article/2154...ttackers-a-roadmap-to-xp-vulnerabilities.html http://www.zdnet.com/microsoft-patches-office-sharepoint-and-windows-leaves-xp-behind-7000029405/ As you read them and notice the MS14-what-ever numbers they mention, go and glance at what updates you could be installing right now if you follow my instructions. Those are the same updates being offered to Win-7 and various other platforms - but not for XP. Yes, I updated an XP-SP3 system with those 3 critical updates. And then I selected a bunch of suggested updates (there were about a dozen of them). One of those was a root certificate update (dated Nov 2013) that for some reason Micro$haft wasn't offering to me before. One day, maybe soon, you'll realize that yes, POSReady 2009 is XP-SP3 with a different license agreement, and you'll be dying to get those updates on your systems. So you can thank me now, or thank me later. And no, Micro$haft will do nothing to prohibit this in the future. The millions of various POS systems around the world are too important to **** with by trying to make some change that will prevent this hack from working on "real" XP systems. Mark my words. Hear me now and believe me later. In the mean time you can all shout "We're not worthy!".
Sure you can, just give your user administrative rights, or just log in as root; it's not the best idea, but you can do it. Jon
Hi Jon, You actually have to know how to do that. Out of the box, you don't get those rights. You have to work at it. And "why". Everyone just leaves it at the default. And the installer harasses you for proper passwords. Not with Windows. You get those rights right out of the box. You can even have blank passwords without being harassed. M$ makes it too easy. With Linux, you have to work at it. With Windows, all you have to do in work on it. There is no excuse for how sloppy M$ is with security. -T
M$ noticed! http://www.infoworld.com/t/microsoft-windows/unofficial-xp-update-has-microsoft-in-arms-243183
I wouldn't use these. Unsupported and untested by MS in old consumer XP SP3. :/ -- "The ant's a centaur in his dragon world. Pull down thy vanity, it is not man... Made courage, or made order, or made grace,... Pull down thy vanity, I say pull down. Learn of the green world what can be thy place... In scaled invention or true artistry,... Pull down thy vanity,... Paquin pull down! The green casque has outdone your elegance." --Ezra Pound's poem /\___/\ Ant(Dude) @ http://antfarm.ma.cx (Personal Web Site) / /\ /\ \ Ant's Quality Foraged Links: http://aqfl.net | |o o| | \ _ / If crediting, then use Ant nickname and AQFL URL/link. ( ) If e-mailing, then axe ANT from its address if needed. Ant is currently not listening to any songs on this computer.
| I wouldn't use these. Unsupported and untested by MS in old consumer XP | SP3. :/ I think M$ is saying that to try and keep people from using the workarounds. If there were any significant difference between consumer XP and the POS version, they could likely use that as a basis to cause problems with the former. I don't think anybody would argue that they aren't big enough SOBs to do something like that if they could. But I don't believe they can because differences are too insignificant. Larc
