Security

Enabling Network Level Authentication(NLA) on Remote Desktop Connection version 7 on XP

0

By default NLA isn’t enabled on XP, so if you try connecting to a remote server that has it enable you will get an error saying that you don’t have NLA support. The issue here is with Credential Security Service Provider (CredSSP) in Windows XP, it’s easy to fix, first make sure if you have Remote Desktop Connection 7 by verifying in the about box:

If you don’t you can Download and install the following update KB969084. Alright, first go to the Registry editor by typing regedit in the run box(How to open the run box the easiest way in by pressing the Windows Key + R)

We will change two registry keys, first navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa and modify the key named Security Packages.
Add ‘tspkg’ to the listing of security packages. Do not remove any packages.


Click OK and now navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders. Modify the key named SecurityProviders
Add ‘credssp.dll’ to the listing of Security Providers.


Click OK and close the editor. Now you will be able to connect to remote servers/computer that have NLA support enabled.

Getting AES 256-Bit, TLS 1.2 support and disabling insecure ciphers under Windows XP

0

Windows XP lacked any modern cipher support in his heyday. With the POSReady 2009 trick you can get AES 256-Bit, TLS 1.2 support. I will show how to get them. First make sure you have the POSReady trick so you would be able to install them, next download the following updates in order:
AES 256-Bit support(KB3081320)
Update for WES09 and POSReady 2009(KB4019276)
Cumulative Update for Internet Explorer 8(KB4316682)
Update for WinHTTP to add TLS 1.2 support(KB4467770)
Install them all in order, then apply the registry file to enable TLS 1.2 and reboot. Now you can check at the Internet Options and you will see TLS 1.2 and TLS 1.1 in the list.

And Internet Explorer 8 will show that the cipher strength is now 256-Bit.

And howsmyssl.com reports that we do indeed have TLS 1.2 support and no insecure ciphers and we’re no longer vulnerable to the BEAST Vulnerability that affected TLS 1.0.


This doesn’t fully fix the issue with Chromium browsers that use XP’s schannel.dll because SNI or ECC support is not available on XP and you can get ERR_SSL_VERSION_OR_CIPHER_MISMATCH sometimes.

How to fully update Windows XP 32-bit until 2019

0

I often hear questions from people asking “How do i make Windows Update working on XP?, I cannot update XP help!, Unable to access Windows Update under XP,” etc, etc. I have a perfect solution for this. First if your install is fresh and your offline download the following needed files:

Windows Genuine Advantage Validation v1.9.42.0(KB892130)
Permanent copy of the Package Installer for Windows (KB898461)
Windows Installer 4.5 (KB942288)
The Dec 2013 Security Update for Windows Internet Explorer 6
Windows Update agent 7.6 x86
You will have to install all of them in this order. Unfortunately the default settings in Windows XP have SSL2 turned on, which won’t allow Windows Update use TLS. It is also recommended to turn off SSL3.0 as it is considered insecure.
To change this, click Start, Windows Key, then Run, type or copy/paste inetcpl.cpl into the textbox and click OK.

Go to the Advanced tab, scroll down to the bottom of the list, uncheck Use SSL 2.0, Use SSL 3.0 and verify that Use TLS 1.0 is checked. Then click OK.

Don’t forget to disable Automatic updates as they aren’t needed right now

Now Windows Update is working. If you have other Microsoft Products for example Microsoft Office click “Get Microsoft Update today!”

Click “Custom” instead of “Express”. If you receive this message click Yes

Now after it searched for updates, scroll down and find KB2934207, uncheck it and hide it. It’s not needed at all. Go to Software. Optional and check everything that is marked in the image below

The other ones not marked are optional. If you want them, select them too. Now that go to “Install Updates (xxx)”
And click “Install Updates”

Based on how your internet is fast it will download updates and install them. If this comes up, click “Next”

Accept the license agreement.

Wait a few seconds or minutes until it installs. After installing uncheck “Show me some of many benefits of using genuine software when I click Finish(Online)”

After updates installed reboot the computer and go back to Windows Update again. Install “Microsoft .NET 4 Client profile”. When that’s done reboot if asked and go back to Windows Update ONCE again and install all the left updates. Please note it can take hours to install .NET Framework updates depending on your computer’s and Internet speed. After you installed all of them it’s time for POSReady 2009 updates! First, before making the registry change below, you should download and install Microsoft’s updated Windows Installer 4.5 (KB942288-v3) from THIS LINK for Windows XP 32-bit, which is what we assume you have.  (The MS article that explains this updated installer is HERE.) Make sure”Windows…” line and has two blank lines after the line that ends in “00000001”
Rename the file POSReady.txt to POSReady.reg, right-click on it, select “Merge”, then “Yes”.

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\WPA\PosReady]
"Installed"=dword:00000001

Install KB4316682 and follow this link to get TLS 1.2 support so Windows Update will work after applying the trick. Go back to Windows Update once again and install all left updates, again this may take a while depending on your computer or internet speed. That’s it! You have successfully update to Windows XP until the offcial, (un)offcial support ended.
This post is valid until June 19, 2019 . After that date it may no longer work

Microsoft releases new Windows XP/Server 2003/x64 updates!

1

On May 14, 2019 Microsoft released one new security update for XP/Server 2003 to patch”a critical remote code execution vulnerability”KB4500331 It’s the first ever official update for them(without any tweaks/tricks) since 2017! This is like Wanna-cry but without any damage yet! You can read more about it. From the article:
Given the potential impact to customers and their businesses, we made the decision to make security updates available for platforms that are no longer in mainstream support (see download links in the following table). These updates are available from the Microsoft Update Catalog only. We recommend that customers running one of these operating systems download and install the update as soon as possible
So yeah, one more update to the XP update basket.

Windows Update is shutting down for NT5.x on July 19,2019: What now?

0

Recently while reading the news i saw this:

“It is understood that users will have until 19 July 2019 to apply the last updates, before the whole update system is switched off, not least of all because it doesn’t meet modern Windows Update security criteria”
From here.

It means that anyone wanting to update their NT5.x based systems won’t be able to because they will have shutdown the update servers. It’s going to be harder to update them because of this. Back in 2009 Microsoft decided to shutdown the update servers for Windows 95 and in 2011 for Windows 98 and Millennium Edition. My guess about 98/Me servers shutdown is because that same year Office XP support ended, and since it was the last Office version to run on those OSes. Same situation for Windows 95. Office 2000 support ended in 2009 so yeah makes sense. Although it doesn’t makes sense on shutting down the XP/Server 2003 update servers since Office 2010(last version to run on them) is still supported until October 13, 2020. Since i told about this at MSFN, XP users have started making backups encase they delete the updates from the Catalog. Soon we might expect an (un)official service pack that contains all updates in all languages.

While Microsoft ended support for POSReady 2009, they left broken updates!

0

April 9th was the day when the last version of Windows XP support ended. Yes it’s really sad for all of us XP users, but wait! They ended support with a broken update KB4494528! This update resolves an issue when “You receive an Error 1309 message when you install an .msi file on Windows Embedded POSReady 2009”
Quote by Heinoganda:

Since KB2918614 from August 11, 2014, the update deleted various entries in the installation file (update_SP3QFE.inf). These have led to the problem of not recognizing the existing MSI version and to the current problem of unregistered msi.dll.
The following entries are missing in the file update_SP3QFE.inf: 

[Prerequisite]
condition=CompositeOp,AndOp,MsiPrereq.Section

[ProcessesToRun]
“%systemroot%\system32\spupdsvc.exe /install”

[ProcessesToRunBeforeUninstall]
%systemroot%\system32\spupdsvc.exe /install
“%windir%\system32\regsvr32.exe /s /u %windir%\system32\msi.dll”

[ProcessesToRunAfterUninstallReboot.RebootNotRequired]
“%windir%\system32\regsvr32.exe /s %windir%\system32\msi.dll”

[ProcessesToRunAfterReboot.RebootNotRequired]
“%windir%\system32\regsvr32.exe /s %windir%\system32\msi.dll”

[Msidll.Present.Section]
PresentOp=CheckFilever,system32.Files,msi.dll

[Msidll.AndOp.Section]
GreatOrEqualOp=CheckFilever,system32.Files,msi.dll,”>=”,4.5.6001.22159
LessOrEqualOp=CheckFilever,system32.Files,msi.dll,”<=",4.5.6002.24556 [MsiPrereq.Section] SingleOp=Msidll.Present.Section AndOp=Msidll.AndOp.Section Display_String="This fix only installs over MSI 4.5"

The file spupdsvc.exe is also missing in KB4494528.

The easiest way to fix this is by registering the following 3 files:
Click Windows Key Start, then Run, type or copy/paste cmd into the textbox and click OK or Enter.

copy and paste the following code to the Command Prompt

regsvr32 MSI.DLL
regsvr32 MSIHND.DLL
regsvr32 MSISIP.DLL

This fix was made by roytam1, so credit to him 🙂
Make sure to right click and then paste:

You’re all done! 😉
About Office 2010. They made 1 broken update that prevents Office from running on Windows XP,KB4462223. This have been an issue since November and they never fixed it, rather let’s say they released another update that does the same issue as the previous one did. For example:

EDIT: I have recently made an easy fix for this solution. backup your working MSO.DLL from C:\Program Files\Common Files\OFFICE14. After you’ve done it, install the broken update. If you successfully installed it go back to the folder where MSO.DLL is located and place your backed one in it. Confirm to override the broken one and office should be working again!

It’s really sad that Windows XP support has ended FOR REAL this time 🙁 We hope there will be (Un)official updates that will fix MS’s left mess 🙂

How to update Root certificates under Windows XP

0

Since circa 2014 Microsoft broke the Root certificate updating on XP. But with a simple fan-made program you can update them! Thanks toHeinoganda for making it.Firstdownload the updater and extract it. After you downloaded it we only need “Cert_Updater_v1.6.exe” in this case. Run it and click “Yes” on the dialog box that comes up:

After you wait until it download the latest Roots until you get this window:

Your all done, the latest certificates have now been installed 🙂

Go to Top