POSReady 2009 updates ported to Windows XP SP3 (was: Good News - May13th Updates for Windows XP)

Discussion in 'PC Hardware' started by XP Guy, May 18, 2014.

  1. XP Guy

    XP Guy Guest

    POS - Point Of Sale (ie - cash registers, bank teller consoles, etc)

    http://www.msfn.org/board/topic/171814-posready-2009-updates-ported-to-windows-xp-sp3-enu/

    But before you get too excited, read post #20 (and beyond) in that
    thread.

    This might not be ready for prime time - yet.

    I told you that there would be a way for these XP updates to be modded
    and leaked to the web. Every PatchTuesday this is going to happen.

    =================

    The latest Patch tuesday updates have been easily ported to a Windows XP
    virtual system - fully updated until April 2014.

    The constraints are entirely artificial. Porting is easy as 1-2-3:

    1. Modify update.inf file and remove the

    condition=CompositeOp,OrOp,Prereq.XPInstallEmbedded.Section line from
    the Prerequisite section.

    2. Use a patched update.exe version 6.3.13.0 or later to accept the
    modified update.inf file.

    3. Compress to SFX EXE file. Delta compression optional.

    I have already uploaded the files at RyanVM.net...

    So Windows XP can have semi-official support until 2019! :w00t:

    The update is applicable to Windows XP x64 SP2 if you remove the:

    Condition=AndOp,Prereq.XPAMDInstallBlock.Section

    line from the [Prerequisite] section and patch the update.exe file to
    accept the modified update.inf. Instructions can be found here:

    http://www.ryanvm.net/forum/viewtopic.php?p=115464#115464

    The shlwapi.dll file is not an exclusive Server 2003 x64 component. In
    addition there are registry keys in the INF file specific for XP
    Professional x64:

    [ProductInstall.ProfessionalFiles]
    AddReg=Product.Add.Reg.Professional

    [Save.Reg.For.Uninstall]

    HKLM,SOFTWARE\Microsoft\Updates\Windows XP Version
    2003\SP%SERVICE_PACK_NUMBER%\%SP_SHORT_TITLE%

    [Product.Add.Reg.Professional]
    HKLM,SOFTWARE\Microsoft\Windows
    NT\CurrentVersion\Hotfix\%SP_SHORT_TITLE%,"Comments",0,%SP_TITLE_XP%
    HKLM,SOFTWARE\Microsoft\Windows
    NT\CurrentVersion\Hotfix\%SP_SHORT_TITLE%,"Fix
    Description",0,%SP_TITLE_XP%

    HKLM,SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\%SP_SHORT_TITLE%,"RegistryLocation",0,"HKLM\SOFTWARE\Microsoft\Updates\Windows
    XP Version 2003\SP%SERVICE_PACK_NUMBER%\%SP_SHORT_TITLE%"

    HKLM,SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\%SP_SHORT_TITLE%,"ParentDisplayName",0,"%PARENT_DISPLAY_NAME_XP%"
    HKLM,SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\%SP_SHORT_TITLE%,"DisplayName",0,"%SP_TITLE_XP%"
    HKLM,SOFTWARE\Microsoft\Updates\Windows XP Version
    2003\SP%SERVICE_PACK_NUMBER%\%SP_SHORT_TITLE%,"Description",,%SP_TITLE_XP%

    and the relevant strings.

    All these observations indicate that the update is applicable to XP x64
    without any issues (It's not proved completely - that would require an
    analysis of the patch itself, something rather difficult and not
    required in this scenario).

    One final note: Because these updates have been deployed on a relatively
    limited number of machines (XP support has officially ended and most
    users ignore the existance of these updates) testing any of them in VM
    before deploying to real hardware is strongly recommended.

    -----------------

    With reference to this:
    http://www.microsoft.com/en-us/download/details.aspx?id=42774

    which is related to this kb:
    http://support.microsoft.com/kb/2932079

    This update resolves a vulnerability in the Microsoft .NET Framework
    that could allow elevation of privilege if an unauthenticated attacker
    sends specially crafted data to an affected workstation or server that
    has the .NET Framework Remoting feature enabled.

    it is IMHO not a patch for a vulnerability, it is a patch for generic
    stupidity.

    -----------------

    First of all, thank you *very much* harkaz, this is beyond cool! Heading
    home from work yesterday I was almost a bit giddy seeing these
    semi-official patches and thinking of all the future ones that
    could/will be coming our way through 2019!

    Let the idiots on neowin storm off in a huff! Tell them to come back in
    2019.

    For myself, I only get 1 patch out of the deal (I don't have IE or any
    version of "dontnet" installed). Hmm, I didn't think about POS not
    having IE6. Looks like we won't get any IE 6 patches unless somebody
    ports them from 2003.

    Jaclaz, I agree it's a patch for general stupidity-let's hope MS
    doesn;'t start patching for that, as we'll all need petabyte sized
    drives.

    (Seriously though, the link to the bulletin 42774 that you posted; under
    'System Requirements' it states that Windows XP is a "supported
    operating system" along with Windows Server 2003. But the title at the
    top of the page for 42774 just says Windows Server 2003.)

    Rest assured the IE6 and the IE7 patches for POSReady 2009 also exist!
    I'm sure harkaz'll release modded versions of them soon, too.

    ----------------

    The patched update.exe seems to have done the trick. The update
    installed and is actually listed in my list of updates as a "Windows XP"
    update! I guess Microsoft isn't going to let anyone on XP x64 install it
    the easy way unless they have paid support, though. I know there's a
    risk to doing this, but this isn't a mission-critical machine, anyway.
    Just a laptop I use when I'm away from the big iron, to go online and
    stuff with. If it were, I'd just update it to 7. Guess I'll just keep
    doing this once a month until July of next year. Thanks for the help!

    There is also the older WEPOS/XPe which comes with IE6 and is supported
    until I think 2016 and also uses the same patches.
     
    XP Guy, May 18, 2014
    #1
    1. Advertisements

  2. XP Guy

    darkrats Guest

    Good information. It's true, some might find it problematic installing these
    updates. I had touble because I run a Symantec product on my system. But I
    found a way around it, I think I've seen the patched updates now on 4 or 5
    different forums. There are slight differences in some of the downloads, so
    more than one person is working on them. Sad to say, I'm not one of those
    talented people. Good to know about the updates anyway. As time goes by,
    they will likely become better able to work with more system variations.
    It's exciting to me, even though it's early in the game.


     
    darkrats, May 18, 2014
    #2
    1. Advertisements

  3. XP Guy

    Tony Guest

    Updates are for sissies, the type that hide behind their mother's apron strings!



    --
    The Grandmaster of the CyberFROG

    Come get your ticket to CyberFROG city

    Nay, Art thou decideth playeth ye simpleton games. *Some* of us know proper manners

    Very few. Ya know ahh, ahhh I used to take calls from *rank* noobs but got fired the first day on the job for potty mouth,

    Bur-ring, i'll get this one: WHAT'S YOUR PROBLEM JERK!!? We're here to help you dickweed, ok, ok give the power cord the jiggily piggily
    wiggily all the while pushing the power button repeatedly now take everything out of your computer except the power supply and *one* stick
    of ram. Subscriber asks will that fuckin' work? I guaranDAMtee it. Ok get the next sucker on the phone.

    I'm not Sam Hong but we both hate Roxio. Sam Hong pulled Roxio's Dong!

    There's the employer and the employee and the FROGGER and the FROGEE, which one are you?

    Hamster isn't a newsreader it's a mistake!

    El-Gonzo Jackson FROGS both me and Chuckcar (I just got EL-FROG-OED!!)

    All hail Chuckcar the CZAR!! Or in F-R-O-Gland Chuckcar laFROG laCZAR, ChuckZar!!

    I hate them both, With useless bogus bullshit you need at least *three* fulltime jobs to afford either one of them

    I'm a fulltime text *only* man on usenet now. The rest of the world downloads the binary files not me i can't afford thousands of dollars a
    month

    VBB = Volume based billing. How many bytes can we shove down your throat and out your arse sir?

    The only "fix" for the CellPig modem is a sledgehammer.

    UBB = User based bullFROGGING

    Colonel Debeers refuses to wrestle a black man ()

    Master Juba was a black man imitating a white man imitating a black man

    Always do incremental backups of your data or you'll end up like the A To Z(Zee)-Holes at DSL Reports. Justin says i made a boo-boo. Yeah
    boo-who.

    Updates are for idiots. As long as the thing works there's no reason to turn
    schizophrenic and develop a lifelong complex over such a silly issue.

    You don't have to be "stink-bottomed" to post on this newsgroup

    AIOE put can.internet.highspeed on the banlist to give other people a chance to snag the "Furst Poast" of the day

    Anyone who disagrees with me gets FROG tape over their yapper

    Adrian "jackpot" Lewis is a mama's boy!

    Jimmy Fricke is good for the game of poker

    Using my technical prowess and computer abilities to answer questions beyond the realm of understandability

    Regards Tony... Making usenet better for everyone everyday

    This sig file was compiled via my journeys through usenet
     
    Tony, May 18, 2014
    #3
  4. XP Guy

    XP Guy Guest

    UPDATE [22/5/2014]:

    A simple registry tweak is enough for WU to show the latest POSReady
    updates on Windows XP. This method has been tested and works on any XP
    build.

    Add the following registry keys (INF Format):

    HKLM,"System\CurrentControlSet\Control\WindowsEmbedded\ProductVersion","FeaturePackVersion",0x00000000,"SP3"

    HKLM,"SYSTEM\WPA\WEPOS","Installed",0x10001,0

    HKLM,"SYSTEM\WPA\WES","Installed",0x10001,0

    HKLM,"SYSTEM\WPA\POSReady","Installed",0x10001,1

    Or use notepad to copy the following and save as .reg file and run it:

    ==========
    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WindowsEmbedded\ProductVersion]
    "FeaturePackVersion"="SP3"

    [HKEY_LOCAL_MACHINE\SYSTEM\WPA\WEPOS]
    "Installed"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\WPA\WES]
    "Installed"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\WPA\PosReady]
    "Installed"=dword:00000001
    ===========

    Restart your computer, and make sure WindozeUpdate service is running.
    You will see there are updates for you to install! And your XP PC will
    continue to recieve MS patches until the year 2019.

    This is for 32-bit XP. There is a different method for 64-bit version
    of XP (by spoofing Windows 2003 server).

    This trick works because for the purposes of WindowsUpdate, it makes WU
    think you're running POS2009 (Point Of Service 2009) which is basically
    XP for cash registers and other "point-of-service" PC's. Microsoft
    provides update support for POS2009 until 2019.
     
    XP Guy, May 23, 2014
    #4
  5. XP Guy

    DK Guest

    I tested it today. I work just fine. "POSReady" updates show up
    in WU and after they get installed, the uninstall displays them
    as "Security update for Windows XP".

    The exact content of the *.inf file:
    **********************************************************************
    [Version]
    Signature=$CHICAGO$

    [DefaultInstall]
    AddReg=Add.Settings

    [Add.Settings]
    HKLM,"System\CurrentControlSet\Control\WindowsEmbedded\ProductVersion","FeaturePackVersion",0x00000000,"SP3"
    HKLM,"SYSTEM\WPA\WEPOS","Installed",0x10001,0
    HKLM,"SYSTEM\WPA\WES","Installed",0x10001,0
    HKLM,"SYSTEM\WPA\POSReady","Installed",0x10001,1
    *********************************************************************

    This probably will not last because MS will soon realize that there is
    surprising number of cash registers connecting in from residential
    addresses :)

    DK
     
    DK, May 24, 2014
    #5
  6. XP Guy

    Todd Guest

    So M$ actually has the updates, but is withholding
    them from the general public.

    Oh well, that is what is bound to happen when
    the same folks that own the roads also sells the
    cars that run on it.

    If Linux ever takes off, it will put an end to
    this scurrilous behavior.

    Now a regular business would just sell a subscription,
    but ...
     
    Todd, May 24, 2014
    #6
  7. XP Guy

    Paul Guest

    Actually, no it won't.

    Linux is perfectly capable of
    exactly the same scurrilous behavior.

    That's why the package manager for my 7.04 copy
    of Ubuntu, doesn't do anything. The servers are
    turned off. I wanted to do a simple thing, like
    get a copy of GCC for that distro, and compile
    a package from source, and I couldn't even do that.
    The disc doesn't have enough dev tools on it,
    to bootstrap an environment in it.

    *******

    In Linux, there is a slight difference in
    how distros distribute things.

    In Gentoo, you do everything from source.
    The distro is a "rolling" distro, meaning you never
    have to reinstall the OS. The packages in the OS evolve,
    you download updates, do another "build" of the World,
    and you're up to date. This idea has rough edges,
    and I've had to abandon Gentoo installations, when I
    could no longer "move forward" or "move backward"
    because something in the source tree broke. Basically,
    to easily maintain Gentoo, you must to maintenance
    regularly (weekly). Allowing too many changes to accumulate,
    things could break and only an expert can get you
    out of it. I left my distro for around nine months,
    and when I tried to do maintenance, I was stuck.

    In such an environment, if you downloaded all the source
    (many gigabytes), you could basically do anything you
    want with it. Since you have all the source, no one
    can hold you hostage.

    Other Linux setups (like Ubuntu), are binary distros.
    They use a package manager, and you just download
    pre-compiled code to the desktop. The lifecycle policy
    on the Ubuntu web site, tells you how long the
    servers will provide packages for that version of OS.
    After that date, you can't get anything.

    Since Gentoo is a source based distro, the source is
    easy to get from a mirror site. With Ubuntu, they don't
    exactly make all the source easy to get (they don't put
    the source for all 15,000 Debian programs onto a giant
    ISO for you).

    With a binary distro, you're accepting the convenience
    of pre-compiled binaries, with the understanding
    of a strict lifecycle and cutoff date. Just like
    WinXP had.

    While POS2009 may have WinXP-like updates, it will
    only have been tested on whatever constitutes POS2009
    equipment and configurations. You could download one
    of those updates, and discover it bricks some subsystem
    on your WinXP. You don't have the assurance of as
    broad a test plan. And certainly, someone manning the
    phone line at Microsoft, for Windows Update, will tell
    you to piss off, if you approach them with a POS2009
    bug when it is applied to WinXP Desktop.

    Paul
     
    Paul, May 24, 2014
    #7
  8. XP Guy

    Todd Guest

    I am afraid you are right. Vista would have
    done the trick, but people just suffered.
    Folks are just suffering with Frankenstein
    (W8) too. No one wants to be "different".
    Getting a Windows user off of Windows is like
    trying to get q drug addict off of crack cocaine.
    That is just wishful thinking on the part of
    folks that like M$.

    You can not run as an administrator and a user at the
    same time. M$ makes it too easy.

    You would never believe the crap on Windows I stop when I
    take a user's administrator rights away.

    Also, if you have time, take a look at this (SE Linux):
    http://en.wikipedia.org/wiki/Security-Enhanced_Linux
    Just try and hack that!

    -T
     
    Todd, May 24, 2014
    #8
  9. XP Guy

    Paul Guest

    Never under-estimate the impact a user can have.

    I could pop up a window that looks like
    the Package Manager, get you to type in
    the root password when prompted, then use
    that password to do what I wanted. Phishing
    is good enough.

    When it comes to hacking things, it doesn't
    have to be elegant. It just has to work.

    Paul
     
    Paul, May 24, 2014
    #9
  10. XP Guy

    Todd Guest

    You have a point there. The bad guys are looking
    for "low hanging fruit". The user will never
    cease to provide them with bushels and bushels.

    I doubt that many of the bad guys will bother trying
    to hack a system much any more. Just to easy to
    trick the user. Just look at all the junkware the
    users fall for!

    I have clean off buckets of junkware from a computer and
    had the same kind of crap (not necessarily the same ones)
    back on their computer in a week. Yikes! The solution
    is to take away their administrator's rights, like is
    done on OSx and Linux. There is definitely a personality
    involved with junkware.

    And when they call me to ask what their
    root password is, I will shut them down.
    Uses have the damnedest time remembering their
    passwords (especially their wireless ones).

    But, you do have a point. So far they haven't
    employed this method with OSx and Linux yet.
    Here is a nice article from Security Focus on Linux
    vs Windows and viruses.

    http://www.securityfocus.com/columnists/188

    Love the tag line:
    To mess up a Linux box, you need to work at it;
    to mess up your Windows box, you just need to
    work on it.

    -T
     
    Todd, May 24, 2014
    #10
  11. Good job in my opinion...
     
    Mr. Man-wai Chang, May 24, 2014
    #11
  12. XP Guy

    XP Guy Guest

    In the psychopathic mind of Macro$haft, Windows XP-SP3 and POSReady 2009
    are two completely different products, and hence they are not
    withholding anything from XP-SP3.

    In the rational and practical mind of the rest of us, POSReady 2009 and
    XP-SP3 are the same operating system - but with different license
    agreements (which naturally is of no consequence or concern to us).

    By the way, if you had done it today (and selected "Custom" instead of
    "Express" installation), this is what you'd see:

    3 Critical updates:

    ================

    Security Update for Microsoft .NET Framework 2.0 SP2 on Windows Server
    2003
    KB2932079 - MS14-026
    http://support.microsoft.com/kb/2932079
    Download size: 1.1 MB , less than 1 minute

    A security issue has been identified in a Microsoft software product
    that could affect your system. You can help protect your system by
    installing this update from Microsoft. For a complete listing of the
    issues that are included in this update, see the associated Microsoft
    Knowledge Base article. After you install this update, you may have to
    restart your system. Details...

    ==============

    Security Update for WEPOS and POSReady 2009
    KB2926765 - MS14-027
    http://support.microsoft.com/kb/2926765
    Typical download size: 275 KB , less than 1 minute

    A security issue has been identified in a Microsoft software product
    that could affect your system. You can help protect your system by
    installing this update from Microsoft. For a complete listing of the
    issues that are included in this update, see the associated Microsoft
    Knowledge Base article. After you install this update, you may have to
    restart your system. Details...

    ==================

    Security Update for Internet Explorer 8 for WEPOS and POSReady 2009
    KB2953522 - MS14-029
    AKA Security update for Internet Explorer versions 6, 7, 8, 9, 10, and
    11: May 13, 2014
    http://support.microsoft.com/kb/2953522
    Download size: 3.2 MB , less than 1 minute

    A security issue has been identified in a Microsoft software product
    that could affect your system. You can help protect your system by
    installing this update from Microsoft. For a complete listing of the
    issues that are included in this update, see the associated Microsoft
    Knowledge Base article. After you install this update, you may have to
    restart your system. Details...

    ===================

    Now you go ahead and read those microsoft links. And if you really want
    to be so frighted about the state of your XP system less than a month
    after "official" end-of-support, you'll read these:

    http://www.pcworld.com/article/2154...ttackers-a-roadmap-to-xp-vulnerabilities.html

    http://www.zdnet.com/microsoft-patches-office-sharepoint-and-windows-leaves-xp-behind-7000029405/

    As you read them and notice the MS14-what-ever numbers they mention, go
    and glance at what updates you could be installing right now if you
    follow my instructions. Those are the same updates being offered to
    Win-7 and various other platforms - but not for XP.

    Yes, I updated an XP-SP3 system with those 3 critical updates.

    And then I selected a bunch of suggested updates (there were about a
    dozen of them). One of those was a root certificate update (dated Nov
    2013) that for some reason Micro$haft wasn't offering to me before.

    One day, maybe soon, you'll realize that yes, POSReady 2009 is XP-SP3
    with a different license agreement, and you'll be dying to get those
    updates on your systems. So you can thank me now, or thank me later.

    And no, Micro$haft will do nothing to prohibit this in the future. The
    millions of various POS systems around the world are too important to
    **** with by trying to make some change that will prevent this hack from
    working on "real" XP systems.

    Mark my words. Hear me now and believe me later.

    In the mean time you can all shout "We're not worthy!".
     
    XP Guy, May 24, 2014
    #12
  13. XP Guy

    Jon Danniken Guest

    Sure you can, just give your user administrative rights, or just log in
    as root; it's not the best idea, but you can do it.

    Jon
     
    Jon Danniken, May 24, 2014
    #13
  14. XP Guy

    Todd Guest

    Hi Jon,

    You actually have to know how to do that. Out of the
    box, you don't get those rights. You have to work at
    it. And "why". Everyone just leaves it at the default.
    And the installer harasses you for proper passwords.

    Not with Windows. You get those rights right out
    of the box. You can even have blank passwords without
    being harassed. M$ makes it too easy.

    With Linux, you have to work at it. With Windows,
    all you have to do in work on it.

    There is no excuse for how sloppy M$ is with security.

    -T
     
    Todd, May 24, 2014
    #14
  15. XP Guy

    Todd Guest

    Todd, May 27, 2014
    #15
  16. XP Guy

    casey.o Guest

    And I always thought POS meant "Piece of Shit" :)
     
    casey.o, May 27, 2014
    #16
  17. XP Guy

    Ant Guest

    I wouldn't use these. Unsupported and untested by MS in old consumer XP
    SP3. :/
    --
    "The ant's a centaur in his dragon world. Pull down thy vanity, it is
    not man... Made courage, or made order, or made grace,... Pull down thy
    vanity, I say pull down. Learn of the green world what can be thy
    place... In scaled invention or true artistry,... Pull down thy
    vanity,... Paquin pull down! The green casque has outdone your
    elegance." --Ezra Pound's poem
    /\___/\ Ant(Dude) @ http://antfarm.ma.cx (Personal Web Site)
    / /\ /\ \ Ant's Quality Foraged Links: http://aqfl.net
    | |o o| |
    \ _ / If crediting, then use Ant nickname and AQFL URL/link.
    ( ) If e-mailing, then axe ANT from its address if needed.
    Ant is currently not listening to any songs on this computer.
     
    Ant, May 28, 2014
    #17
  18. XP Guy

    Larc Guest

    | I wouldn't use these. Unsupported and untested by MS in old consumer XP
    | SP3. :/

    I think M$ is saying that to try and keep people from using the workarounds. If
    there were any significant difference between consumer XP and the POS version, they
    could likely use that as a basis to cause problems with the former. I don't think
    anybody would argue that they aren't big enough SOBs to do something like that if
    they could. But I don't believe they can because differences are too insignificant.

    Larc
     
    Larc, May 28, 2014
    #18
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.