Moderators mta Posted May 21, 2017 Moderators Share Posted May 21, 2017 damn, you have to love stats and how they can be reported with huge bias. that link login123 provided to Kaspersky states Windows 10 was the 3rd most effected OS, and although that is true, the supplied figures show it was 10th in the list, and at a whopping 0.03%. that could even be discarded as a simple statistical anomaly. but hey, never let the facts get in the way of a good story. Backup now & backup often.It's your digital life - protect it with a backup.Three things are certain; Birth, Death and loss of data. You control the last. Link to comment Share on other sites More sharing options...
Noesis Posted May 21, 2017 Share Posted May 21, 2017 Yeah, tend to agree with you there MTA. Love those stats, all they do is actually take away from what they are saying, and to be honest none of it is really surprising. Like you point out windows 10 was 10th on the list but 3rd most affected perhaps it's because they broke it down a bit too much, I mean win7 32 & 64 & home 64 & win 7 home 32 are all simply win 7 (and was win 7 home 32/64 infection stats included or excluded from the other win 7 ones ??) but if they didn't break it down so much they would have only had 3 os/s in that list, Win 7, R2 2008 Server, and Win 10 (well excluding Win 10 32 bit), so yeah still 3rd. While XP, Vista & win 8/8.x don't even appear on the list. Seems to me it's kind of obvious win 7 was the worst hit, since it's got the largest usage share, and you can run it for years without updating it. Isn't it a no brainer that it would be the worst hit. It was interesting that XP would give an error as opposed to be exploited though, and It's good that MS just patched the vulnerability regardless of support status. But ultimately if one is looking to blame, you couldn't have blamed XP anyway, IMO only the NSA could be blamed, they found it and sat on it for however long (years would be my guess) and didn't report it to MS until they knew it had been "released", and that's assuming they actually did bother to report it to MS, since it isn't confirmed that they did. (oh and sure you can blame the people that made the exploit too but, I tend to think they couldn't have done it without the NSA's inadvertent help). Link to comment Share on other sites More sharing options...
Moderators hazelnut Posted May 23, 2017 Author Moderators Share Posted May 23, 2017 ...and another XP update released http://news.softpedia.com/news/microsoft-releases-another-surprising-windows-xp-security-update-kb982316-515938.shtml Support contact https://support.ccleaner.com/s/contact-form?language=en_US&form=general or support@ccleaner.com Link to comment Share on other sites More sharing options...
Moderators Andavari Posted May 23, 2017 Moderators Share Posted May 23, 2017 I got that one too Hazelnut, but it seems to be an old update they've re-released. Link to comment Share on other sites More sharing options...
trium Posted May 24, 2017 Share Posted May 24, 2017 ...and another XP update released http://news.softpedia.com/news/microsoft-releases-another-surprising-windows-xp-security-update-kb982316-515938.shtml ... only for english xp´s. german version not available on microsoft update katalog or ms download center Versions of CCleaner Cloud; Introduction Ccleaner Cloud; Ccleaner-->System-Requirements; Ccleaner FAQ´s; Ccleaner builds; Scheduling Ccleaner Free Es ist möglich, keine Fehler zu machen und dennoch zu verlieren. Das ist kein Zeichen von Schwäche. Das ist das Leben -> "Picard" Link to comment Share on other sites More sharing options...
login123 Posted June 3, 2017 Share Posted June 3, 2017 Andavari and other xp users, if I may ask, do you have a file in C:\ on your xp computer called tapicust.dll? When I ran that second fix from post 28 it installed that file. No restart required. If that is an old security update, then the file should be on most xp computers. It is gone from here as I had Powershadow running when I installed it. The CCleaner SLIM version is always released a bit after any new version; when it is it will be HERE :-) Pssssst: ... It isn't really a cloud. Its a bunch of big, giant servers. Link to comment Share on other sites More sharing options...
Moderators Andavari Posted June 4, 2017 Moderators Share Posted June 4, 2017 (edited) Nirsoft SearchMyFiles didn't find it anywhere on my system, so no the physical file doesn't exist on my system. I did however restart after that supposed "needed update", even though it never prompted to do so. RegEdit however found it listed in the registry with this information - notice the build date that it lists (June 14, 2010): [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP4\KB982316] "Description"="Security Update for Windows XP (KB982316)" "InstalledDate"="5/23/2017" "InstalledBy"="YourUserNameWillBeHere" "Type"="Update" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP4\KB982316\Filelist] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP4\KB982316\Filelist\0] "FileName"="tapicust.dll" "Version"="5.1.2600.5996" "BuildDate"="Mon Jun 14 04:06:12 2010" "BuildCheckSum"="13f91" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP4\KB982316\Filelist\1] "FileName"="tapicust.dll" "Version"="5.1.2600.5996" "BuildDate"="Mon Jun 14 04:06:12 2010" "BuildCheckSum"="13f91" Edited June 4, 2017 by Andavari Link to comment Share on other sites More sharing options...
Moderators Andavari Posted June 4, 2017 Moderators Share Posted June 4, 2017 Also I didn't find it inside my Macrium Reflect disk image I had made on the same day hours before installing that update. I looked in the usual places: C:\Windows C:\WINDOWS\Driver Cache\i386 C:\Windows\System C:\Windows\System32 I noticed that file also doesn't exist inside of the sp3.cab located at: C:\WINDOWS\Driver Cache\i386\sp3.cab Link to comment Share on other sites More sharing options...
login123 Posted June 4, 2017 Share Posted June 4, 2017 Thank you. Those reg entries don't exist on this machine at this time. Didn't check before restart. The restart that would have removed them. After the installation of fix #2, but before restart, tapicust.dll was present at: C:\WINDOWS\$hf_mig$\KB982316\tapicust.dll C:\WINDOWS\$hf_mig$\KB982316\update\tapicust.dll C:\WINDOWS\$NtUninstallKB982316$\spuninst\tapicust.dll Your reg entries show the date of Hazelnut's post, "InstalledDate"="5/23/2017". I wonder why the dll is not present on your system since you did install the update? Also, if it was a 2010 update, why isn't it on this machine? Probably there is a good explanation that everybody else already knows. In any case, I guess I better reinstall that update permanently. Thing is, lately I don't trust microsoft much. The CCleaner SLIM version is always released a bit after any new version; when it is it will be HERE :-) Pssssst: ... It isn't really a cloud. Its a bunch of big, giant servers. Link to comment Share on other sites More sharing options...
Noesis Posted June 5, 2017 Share Posted June 5, 2017 Just wondering if Andavari is using a 32-bit XP, because tapicust.dll is 32bit only (64-bit gets tapisrv.dll & wtapisrv.dll instead). As per the update notes: https://support.microsoft.com/en-us/help/982316/an-update-is-available-for-the-windows-telephony-application-programming-interface-tapi Link to comment Share on other sites More sharing options...
login123 Posted June 5, 2017 Share Posted June 5, 2017 Think so, not sure. The CCleaner SLIM version is always released a bit after any new version; when it is it will be HERE :-) Pssssst: ... It isn't really a cloud. Its a bunch of big, giant servers. Link to comment Share on other sites More sharing options...
Moderators Andavari Posted June 5, 2017 Moderators Share Posted June 5, 2017 C:\WINDOWS\$hf_mig$\KB982316\tapicust.dll C:\WINDOWS\$hf_mig$\KB982316\update\tapicust.dll C:\WINDOWS\$NtUninstallKB982316$\spuninst\tapicust.dll Your reg entries show the date of Hazelnut's post, "InstalledDate"="5/23/2017". I wonder why the dll is not present on your system since you did install the update? I did install it again, but it was done in about 1 second as if it skipped the update since it was already installed all those years ago. Also the reason that dll isn't present on my system is because my batch file cleaner has code in it to delete $hf_mig$ and those $NtUninstallKB* folders - being as XP was never intended to get any more updates from Microsoft. Link to comment Share on other sites More sharing options...
login123 Posted June 6, 2017 Share Posted June 6, 2017 OK, thanks, I understand. Still seems like the dll itself should be somewhere in your windows. ?? I'm going to install that update permanently. Will report back if that dll winds up somewhere in windows. Will be a day or two. The CCleaner SLIM version is always released a bit after any new version; when it is it will be HERE :-) Pssssst: ... It isn't really a cloud. Its a bunch of big, giant servers. Link to comment Share on other sites More sharing options...
Moderators Andavari Posted June 6, 2017 Moderators Share Posted June 6, 2017 If the only place you're finding it on your system is in the folders for $hf_mig$ and $NtUninstallKB982316$, that's why it wouldn't be on mine since my batch cleaner automatically removes those folders.That first update they released to protect against that ransomware virus was the one I tracked the installation of, being that it was new and I was waiting for a new update to screw something up just like in years past with so many botched updates. I however didn't bother tracking the installation of that old re-released update since it was already installed. Link to comment Share on other sites More sharing options...
Moderators hazelnut Posted June 14, 2017 Author Moderators Share Posted June 14, 2017 Microsoft have released 3 more updates for XP this month apparently to protect against 'EnglishmanDentist, EsteemAudit, and ExplodingCan' https://support.microsoft.com/en-us/help/4025687/microsoft-security-advisory-4025685-guidance-for-older-platforms More info here http://www.computerworld.com/article/3200765/windows-pcs/theres-a-reason-microsoft-is-patching-windows-xp-again-this-month.html Support contact https://support.ccleaner.com/s/contact-form?language=en_US&form=general or support@ccleaner.com Link to comment Share on other sites More sharing options...
trium Posted June 14, 2017 Share Posted June 14, 2017 what 3? all 3 from... Older platforms table 3 of 3? Versions of CCleaner Cloud; Introduction Ccleaner Cloud; Ccleaner-->System-Requirements; Ccleaner FAQ´s; Ccleaner builds; Scheduling Ccleaner Free Es ist möglich, keine Fehler zu machen und dennoch zu verlieren. Das ist kein Zeichen von Schwäche. Das ist das Leben -> "Picard" Link to comment Share on other sites More sharing options...
trium Posted June 14, 2017 Share Posted June 14, 2017 kb4024323 kb4024402 and kb4025218? Versions of CCleaner Cloud; Introduction Ccleaner Cloud; Ccleaner-->System-Requirements; Ccleaner FAQ´s; Ccleaner builds; Scheduling Ccleaner Free Es ist möglich, keine Fehler zu machen und dennoch zu verlieren. Das ist kein Zeichen von Schwäche. Das ist das Leben -> "Picard" Link to comment Share on other sites More sharing options...
Moderators Andavari Posted June 14, 2017 Moderators Share Posted June 14, 2017 More info here http://www.computerworld.com/article/3200765/windows-pcs/theres-a-reason-microsoft-is-patching-windows-xp-again-this-month.html That article states "you can get them through Windows Updates", although they weren't listed as available on my XP system, and Automatic Updates doesn't list them either. And like Trium stated what 3 updates? That Microsoft page is confusing the way they have it layed out which was why I instead tried to get them via Windows Updates ("Microsoft Updates") and Automatic Updates but as I mentioned they weren't available. Link to comment Share on other sites More sharing options...
Moderators Andavari Posted June 14, 2017 Moderators Share Posted June 14, 2017 Did some digging: KB958644 is an old one they're supposedly re-releasing but why? It's dated 10/22/2008 (22 October 2008):I don't need it as it's already installed when I did a search with RegEdit, it's for netapi32.dll located in C:\Windows\System32:https://www.microsoft.com/en-us/download/details.aspx?id=3205KB2347290 results into a broken error page - but it's for an old 2010 or 2011 patch for the print spooler:http://www.catalog.update.microsoft.com/Search.aspx?q=KB2347290%20windows%20xpKB4012598 is new as of 5/15/2017 (15 May 2017):When I checked it is NOT available via Automatic Updates / Microsoft Updates / Windows Updates:https://www.microsoft.com/en-us/download/details.aspx?id=55245KB4012583 is new as of 6/13/2017 (14 June 2017):When I checked it is NOT available via Automatic Updates / Microsoft Updates / Windows Updates:https://www.microsoft.com/en-us/download/details.aspx?id=55460I wonder whey they're re-releasing very old patches like the last one which was a telephony patch that any XP system would already have applied because it was when they supported the OS with updates. The old re-releases doesn't help but instead makes it confusing. Link to comment Share on other sites More sharing options...
Moderators hazelnut Posted June 14, 2017 Author Moderators Share Posted June 14, 2017 I think it is these 3 https://www.microsoft.com/en-us/download/details.aspx?id=55465 https://www.microsoft.com/en-us/download/details.aspx?id=55425 https://www.microsoft.com/en-us/download/details.aspx?id=55460 Support contact https://support.ccleaner.com/s/contact-form?language=en_US&form=general or support@ccleaner.com Link to comment Share on other sites More sharing options...
trium Posted June 14, 2017 Share Posted June 14, 2017 ...so i have downloaded and installed all updates for xp sp3 because nothing of this were available with manually windows update or online on the windows update site especially for xp and i have yet nothing of this updates on my xp. older platforms 1 of 3 WindowsXP-KB958644-x86-DEU.exeVeröffentlichungsdatum:22.10.2008File Size:641 KBKB-Artikel: KB958644Sicherheitsbulletins:MS08-067Server service can allow remote code executionWhen an affected system receives a specially crafted RPC requestOn systems running Microsoft Windows 2000, Windows XP, and Windows Server 2003 ______________________________________ Sicherheitsupdate für Windows XP (KB2347290)Letzte Änderung: 13.09.2010Größe: 511 KBMSRC-Nummer: MS10-061MSRC-Sicherheit: CriticalKB-Artikelnummern: 2347290Weitere Informationen:http://go.microsoft.com/fwlink/?LinkId=200505Support-URL:http://support.microsoft.comPrinter queue service can allow remote code executionWhen an attacker sends a specially crafted print requestMitigating Factors- On any of the currently supported Windows operating systems, printers are shared by default.- Systems are only vulnerable to remote access when a printer is shared and the remote accesser can access the printer share.- By using best practices for the firewall and standardized firewall configurations, networks can be protected from remote attacks from outside the organization. A proven method is to open a minimal number of ports for systems that are connected to the Internet.Block the ports used for RPC on the firewall- The UDP ports 135, 137, 138, and 445, as well as the TCP ports 135, 139, 445, and 593.- The unwanted incoming traffic with ports> 1024.- All other specially configured RPC ports.Multiple Windows services use the affected ports. By blocking the connection to the ports, different applications or services may stop working. Some of the potentially affected applications and services are listed below- Applications using SMB (CIFS)- Applications that use maillots or named pipes (RPC over SMB)- Server (file and printer sharing)- group Policy- registration service- Distributed File System (DFS)- Terminal Server licensing- print queue- computer browser- Remote Procedure Call Locator- Fax service- Indexing service- Performance logs and warning messages- Systems Management Server- License Logging ____________________________________ WindowsXP-KB4012583-x86-Custom-DEU.exeVeröffentlichungsdatum:13.06.2017File Size:1.5 MBKB-Artikel: KB4012583Sicherheitsbulletins:MS17-013Microsoft graphics componentIn Microsoft Windows, Microsoft Office, Skype for Business, Microsoft Lync, and Microsoft SilverlightWhen a user visits a specially designed website or opens a specially designed document. This may have less impact for users with fewer system privileges than for users who work with administrative rights ____________________________________WindowsXP-KB4012598-x86-Custom-DEU.exeVeröffentlichungsdatum:15.05.2017File Size:673 KBKB-Artikel: KB4012598Sicherheitsbulletins:MS17-010Microsoft Windows SMB ServerWhen an attacker sends a series of specially designed messages to a affected Windows SMBv1 server Versions of CCleaner Cloud; Introduction Ccleaner Cloud; Ccleaner-->System-Requirements; Ccleaner FAQ´s; Ccleaner builds; Scheduling Ccleaner Free Es ist möglich, keine Fehler zu machen und dennoch zu verlieren. Das ist kein Zeichen von Schwäche. Das ist das Leben -> "Picard" Link to comment Share on other sites More sharing options...
trium Posted June 14, 2017 Share Posted June 14, 2017 older platforms table 2 of 3 WindowsXP-KB3197835-x86-Custom-DEU.exe -> CVE-2017-7269 [EXPLODINGCAN]Veröffentlichungsdatum:13.06.2017File Size:613 KBKB-Artikel: KB3197835Sicherheitsbulletins:MS16-143WebDAV remote code executionexists in IIS when WebDAV improperly handles objects in memory ______________________________________ Kumulatives Sicherheitsupdate für Internet Explorer 8 unter Windows XP SP3 (KB4018271)IE8-WindowsXP-KB4018271-x86-Custom-DEU.exeVeröffentlichungsdatum:13.06.2017File Size:10.5 MBKB-Artikel: KB4018271when Internet Explorer improperly accesses objects in memory ____________________________________ WindowsXP-KB4018466-x86-Custom-DEU.exeVeröffentlichungsdatum:13.06.2017File Size:673 KBKB-Artikel: KB4018466Windows SMB Information Disclosurethat the Microsoft Server Message Block 1.0 (SMBv1) server handles certain requests ____________________________________ WindowsXP-KB4022747-x86-Custom-DEU.exe -> CVE-2017-0176 [ESTEEMAUDIT]Veröffentlichungsdatum:13.06.2017File Size:551 KB KB-Artikel: KB4022747in Remote Desktop Protocol (RDP) if the RDP server has Smart Card authentication enabled ____________________________________ WindowsXP-KB4024323-x86-Custom-DEU.exeVeröffentlichungsdatum:13.06.2017File Size:855 KBKB-Artikel: KB4024323Windows RPC remote code executionexists in RPC if the server has Routing and Remote Access enabled Versions of CCleaner Cloud; Introduction Ccleaner Cloud; Ccleaner-->System-Requirements; Ccleaner FAQ´s; Ccleaner builds; Scheduling Ccleaner Free Es ist möglich, keine Fehler zu machen und dennoch zu verlieren. Das ist kein Zeichen von Schwäche. Das ist das Leben -> "Picard" Link to comment Share on other sites More sharing options...
trium Posted June 14, 2017 Share Posted June 14, 2017 older platforms table 3 of 3 WindowsXP-KB4019204-x86-Custom-DEU.exeVeröffentlichungsdatum:13.06.2017File Size:1.4 MBKB-Artikel: KB4019204Win32k Elevation of Privilegewhen the Windows kernel-mode driver fails to properly handle objects in memory ____________________________________ WindowsXP-KB4024402-x86-Custom-DEU.exeVeröffentlichungsdatum:13.06.2017File Size:1.0 MBKB-Artikel: KB4024402 ____________________________________ WindowsXP-KB4025218-x86-Custom-DEU.exe -> CVE-2017-8487 [ENGLISHMANSDENTIST]Veröffentlichungsdatum:13.06.2017File Size:526 KBKB-Artikel: KB4025218olecnv32.dll remote code execution Versions of CCleaner Cloud; Introduction Ccleaner Cloud; Ccleaner-->System-Requirements; Ccleaner FAQ´s; Ccleaner builds; Scheduling Ccleaner Free Es ist möglich, keine Fehler zu machen und dennoch zu verlieren. Das ist kein Zeichen von Schwäche. Das ist das Leben -> "Picard" Link to comment Share on other sites More sharing options...
Moderators hazelnut Posted June 15, 2017 Author Moderators Share Posted June 15, 2017 The only 3 that I will be installing are the ones I linked to in post #45 of this thread. KB4022747 KB3197835 KB4012583 You can download and install them from the Microsoft Update Catalogue. EDIT.. Actually here is a much better list of the XP updates https://www.bleepingcomputer.com/news/microsoft/microsoft-issues-windows-xp-security-updates-for-previously-ignored-nsa-hacking-tools/ Support contact https://support.ccleaner.com/s/contact-form?language=en_US&form=general or support@ccleaner.com Link to comment Share on other sites More sharing options...
Moderators Andavari Posted June 15, 2017 Moderators Share Posted June 15, 2017 (edited) That KB4012598 is to protect against WannaCrypt ransomware yet the resulting download page unlike the original when it was first released doesn't even mention it's to protect against WannaCrypt. Microsoft is making things unnecessarily confusing in my opinion, that WannaCrypt patch has matching SHA-256 hashes but they've changed the filename: Original: KB4012598-x86-WindowsXPSP3.exe Now: WindowsXP-KB4012598-x86-Custom-ENU.exe That explains why it wouldn't install again on my system, when I ran the new installer name without realizing it was the same patch for WannaCrypt it finished in about 1 second - doing nothing. Edited June 15, 2017 by Andavari Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now