More Shadow Brokers Exploits Patched June 2017 for Win XP and Vista

Extended support for Vista SP2 ended on 11-Apr-2017, but Microsoft has taken the unusual step of releasing out-of-band security updates in June 2017 to patch vulnerabilities for three additional NSA-leaked exploits (EnglishmanDentist, EsteemAudit and ExplodingCan) for older operating system like Win XP and Vista.

See Woody Leonhard's 13-Jun-2017 Computerworld article There's a reason Microsoft is patching Windows XP again this month as well as the June 2017 blog entry on the Microsoft Security Response Center subtitled Microsoft releases additional updates for older platforms to protect against potential nation-state activity for additional information.

The five new security updates for Vista SP2 are listed in Tables 2 and 3 of the Microsoft Security Advisory 4025685: Guidance for Older Platforms: June 13, 2017.  These updates were not delivered via Windows Update and must be installed manually using .msu offline installers.

Download links are included in Advisory 4025685 and installers were also posted on the Microsoft Update Catalog in June 2017 at the following links:
     KB4018271 (Cumulative Security Update for Internet Explorer 9: May 9, 2017)
          http://www.catalog.update.microsoft.com/Search.aspx?q=KB4018271 Vista
     KB4018466 (Security Update for the Windows SMB Information Disclosure Vulnerability: May 9, 2017)
          http://www.catalog.update.microsoft.com/Search.aspx?q=KB4018466 Vista
     KB4021903 (LNK Remote Code Execution Vulnerability: June 13, 2017)
          http://www.catalog.update.microsoft.com/Search.aspx?q=KB4021903 Vista
     KB4024402 (Windows Search Vulnerabilities: June 13, 2017)
          http://www.catalog.update.microsoft.com/Search.aspx?q=KB4024402 Vista
     KB4019204 (Security Update for the Windows Win32k Information Disclosure Vulnerability: May 9, 2017)
          http://www.catalog.update.microsoft.com/Search.aspx?q=KB4019204 Vista



Install these security updates as follows:

  1. Disable automatic Windows Updates [Windows Update | Change settings | Important updates | Never check for updates (not recommended)] and re-boot to terminate any Windows Update session currently running in the background.
  2. Download the offline .msu installers and save them to your Windows desktop.  Use the Vista x86 installer if you have a 32-bit OS; use the Vista x64 installer if you have a 64-bit OS.
  3. Double-click each .msu file on your desktop to start the installation and restart your computer when prompted after the installer is finished.

Once all missing updates are installed you can reset your automatic Windows Updates back to your preferred setting.

____________________________________________

All Vista SP2 computers that were fully patched as of 11-Apr-2017 should have received the earlier updates listed in Table 1 of the advisory.  This includes security update KB4012598 (MS17-010: Security Update for Microsoft Windows SMB Server, March 14, 2017) to protect against the EternalBlue exploit used in the recent Shadow Broker WannaCry / WannaCrypt ransomware attacks.

To confirm that KB975517 (rel. Oct 2009), KB2347290 (rel. Sep 2010) and KB4012598 (rel. Mar 2017) were installed by Windows Update go to Control Panel | Programs | Programs and Features | View Installed Updates and search for the full KB number in the search box (e.g., "KB4012598" and not a partial string like "4012598").



If you are missing any of these older updates, please note that many Vista SP2 users are currently affected by a problem where the initial "Checking for updates..." phase of Windows Update can hang for several hours (or even days) while the Windows Update Agent searches for available updates.  See the instructions posted on page 1 of m#l's thread Updates not working, it has been searching for updates for hours for a possible workaround that should help speed up Windows Update and ensure that all security updates released as of 11-Apr-2017 are also installed on your system.

------------
32-bit Vista Home Premium SP2 * Firefox ESR v52.2.0 * NS v22.9.4.8 * MB Premium v3.1.2
HP Pavilion dv6835ca, Intel Core2Duo T5550 @ 1.83 GHz, 3 GB RAM, NVIDIA GeForce 8400M GS                                         

 

Discussion Info


Last updated December 8, 2018 Views 5,255 Applies to:

* Please try a lower page number.

* Please enter only numbers.

* Please try a lower page number.

* Please enter only numbers.

 Nice to know that with all that Microsoft has to deal with that they care about security. Personally I hate to see these old operating systems not supported anymore as they contain unique learning experiences as well as memories. Thank You for the critical support and yes automatic updates installed older patches to Vista which is still running strong for me. I downloaded the newer ones today.

...and yes automatic updates installed these patches to Vista which is still running strong for me.

Hi Stephen V Coppola:

Do you mean that the five new Vista SP2 security updates that are listed in Tables 2 and 3 of the Microsoft Security Advisory 4025685: Guidance for Older Platforms: June 13, 2017 (KB4018271 / KB4018466 / KB4021903 / KB4024402 / KB4019204) were automatically delivered to your Vista SP2 computer via a Windows Update?  If so, what date were they delivered?

The security advisory states that "For customers on these older platforms, the following tables provide information to manually download applicable security updates" and I don't know of any Vista SP2 users who received these five out-of-band updates via Windows Update in June 2017.  As far as I know Vista SP2 users must download the standalone .msu installers from the Microsoft Update Catalog and install them manually.
----------
32-bit Vista Home Premium SP2 * Firefox ESR v52.2.0 * NS v22.9.4.8 * MB Premium v3.1.2
HP Pavilion dv6835ca, Intel Core2Duo T5550 @ 1.83 GHz, 3 GB RAM, NVIDIA GeForce 8400M GS

...and yes automatic updates installed these patches to Vista which is still running strong for me.

Hi Stephen V Coppola:

Do you mean that the five new Vista SP2 security updates that are listed in Tables 2 and 3 of the Microsoft Security Advisory 4025685: Guidance for Older Platforms: June 13, 2017 (KB4018271 / KB4018466 / KB4021903 / KB4024402 / KB4019204) were automatically delivered to your Vista SP2 computer via a Windows Update?  If so, what date were they delivered?

The security advisory states that "For customers on these older platforms, the following tables provide information to manually download applicable security updates" and I don't know of any Vista SP2 users who received these five out-of-band updates via Windows Update in June 2017.  As far as I know Vista SP2 users must download the standalone .msu installers from the Microsoft Update Catalog and install them manually.
----------
32-bit Vista Home Premium SP2 * Firefox ESR v52.2.0 * NS v22.9.4.8 * MB Premium v3.1.2
HP Pavilion dv6835ca, Intel Core2Duo T5550 @ 1.83 GHz, 3 GB RAM, NVIDIA GeForce 8400M GS

 Actually no some of the older ones mentioned in the information were and I Thank You for bringing it to my attention that these were needed and available for download in one easy spot. Which I will apply promptly.

Hi Great White North

 

Thanks so much for this wonderful post! I have successfully installed the 5 updates.

I'm interested in the line that reads, specifically, "confirm that KB975517 (rel. Oct 2009) had been installed". I don't have that update installed, but my research also shows that it has been superseded twice. I don't have the superseded updates either. The last supersede that I can see is KB980232 from April 2010. The prior one was KB978251. I'm not finding any supersede updates on this since, but I don't have any of the 3 that I mentioned.

 

Do I simply download and install KB980232? Or are you aware of more supersede updates for KB975517?

Thanks so much!

...I'm interested in the line that reads, specifically, "confirm that KB975517 (rel. Oct 2009) had been installed". I don't have that update installed, but my research also shows that it has been superseded twice...

Hi joezapp:

I searched my installed updates at Control Panel | Programs | Programs and Features | View Installed Updates and confirmed that KB975517 was installed on my 32-bit Vista SP2 machine on 14-Oct-2009, so it's possible that your operating system was originally installed (or re-installed) after that date and never received that particular update.

I followed the supersedence chain of KB975517 as best I could in the Microsoft Update Catalog and found the following:
  - KB975517 (12-Oct-2009) is replaced by KB982214 (08-Nov-2010) and KB2536275 (13-Jun-2011)
  - KB982214 (08-Nov-2010) is replaced by KB2508429 (11-Apr-2011)
  - KB2508429 (11-Apr-2011) is replaced by KB3177186 (12-Sep-2016)
  - KB2536275 (13-Jun-2011) is replaced by KB3177186 (12-Sep-2016)

KB3177186 (MS16-114: Security Update for Windows SMBv1 Server: September 13, 2016) appears to be the last update in the supersedence chain, so search your installed updates for "KB3177186" and see if it is already installed (I confirmed KB3177186 was automatically installed on my system with my other September 2016 Patch Tuesday updates).  If not, download the correct 32-bit (x86) or 64-bit (x64) .msu installer from the following link and see if it installs successfully.

   http://www.catalog.update.microsoft.com/Search.aspx?q=KB3177186 Vista

In your case, I assume the .msu installer for the old KB975517 would simply throw a "not applicable" error since it has been superseded (replaced) by newer updates per the MS support article "The update is not applicable to your computer" error when you install Windows updates.

----------
32-bit Vista Home Premium SP2 * Firefox ESR v52.2.1 * NS v22.10.0.83 * MB Premium v3.1.2
HP Pavilion dv6835ca, Intel Core2Duo T5550 @ 1.83 GHz, 3 GB RAM, NVIDIA GeForce 8400M GS

I indeed have KB3177186 installed. I therefore can consider myself fully patched!

Thanks so much, Great White North, for resolving the mystery of the KB975517 update, and for all the wonderful information that you have provided for us to keep our Vista computers operating. You are very much appreciated!

 

 I seem to have both KB975517  and  KB3177186 installed I suppose the newer patch would not uninstall the older ones? And will this affect performance in any way?  I did install the 5 newer patches described above and everything is working fine. Again Thanks for the tip and help as these security threats can cause many problems.

 I seem to have both KB975517  and  KB3177186 installed I suppose the newer patch would not uninstall the older ones? And will this affect performance in any way?

Hi Stephen V Coppola:

No, it's normal to have both those updates listed in your install updates (Control Panel | Programs | Programs and Features | View Installed Updates) if you have an older Vista SP2 machine that was built prior to November 2010.

If KB975517 was installed on your system you don't have to worry that a newer update in the supersedence chain would uninstall this update and leave your system exposed to the SMB vulnerabilities described in security bulletin MS09-050. Think of newer updates in the chain like KB2536275 or KB3177186 as "new and improved" versions that will install updated versions of some of the system files delivered with the older KB975517.  KB975517 is just the "minimum" update you need to be protected.

All these supersedence chains are checked by the Windows Update Agent when you run a Windows Update.  If you haven't run Windows Update for several months (or have a fresh reinstall of Vista SP2) the Windows Update Agent will check the supersedence chain of each update that is missing from your system and will only install the newest update in each chain to make the update process more efficient.

----------
32-bit Vista Home Premium SP2 * Firefox ESR v52.2.1 * NS v22.10.0.83 * MB Premium v3.1.2
HP Pavilion dv6835ca, Intel Core2Duo T5550 @ 1.83 GHz, 3 GB RAM, NVIDIA GeForce 8400M GS

 I seem to have both KB975517  and  KB3177186 installed I suppose the newer patch would not uninstall the older ones? And will this affect performance in any way?

Hi Stephen V Coppola:

No, it's normal to have both those updates listed in your install updates (Control Panel | Programs | Programs and Features | View Installed Updates) if you have an older Vista SP2 machine that was built prior to November 2010.

If KB975517 was installed on your system you don't have to worry that a newer update in the supersedence chain would uninstall this update and leave your system exposed to the SMB vulnerabilities described in security bulletin MS09-050. Think of newer updates in the chain like KB2536275 or KB3177186 as "new and improved" versions that will install updated versions of some of the system files delivered with the older KB975517.  KB975517 is just the "minimum" update you need to be protected.

All these supersedence chains are checked by the Windows Update Agent when you run a Windows Update.  If you haven't run Windows Update for several months (or have a fresh reinstall of Vista SP2) the Windows Update Agent will check the supersedence chain of each update that is missing from your system and will only install the newest update in the chain to make the update process more efficient.

----------
32-bit Vista Home Premium SP2 * Firefox ESR v52.2.1 * NS v22.10.0.83 * MB Premium v3.1.2
HP Pavilion dv6835ca, Intel Core2Duo T5550 @ 1.83 GHz, 3 GB RAM, NVIDIA GeForce 8400M GS

 I seem to have both KB975517  and  KB3177186 installed I suppose the newer patch would not uninstall the older ones? And will this affect performance in any way?

Hi Stephen V Coppola:

No, it's normal to have both those updates listed in your install updates (Control Panel | Programs | Programs and Features | View Installed Updates) if you have an older Vista SP2 machine that was built prior to November 2010.

If KB975517 was installed on your system you don't have to worry that a newer update in the supersedence chain would uninstall this update and leave your system exposed to the SMB vulnerabilities described in security bulletin MS09-050. Think of newer updates in the chain like KB2536275 or KB3177186 as "new and improved" versions that will install updated versions of some of the system files delivered with the older KB975517.  KB975517 is just the "minimum" update you need to be protected.

All these supersedence chains are checked by the Windows Update Agent when you run a Windows Update.  If you haven't run Windows Update for several months (or have a fresh reinstall of Vista SP2) the Windows Update Agent will check the supersedence chain of each update that is missing from your system and will only install the newest update in the chain to make the update process more efficient.

----------
32-bit Vista Home Premium SP2 * Firefox ESR v52.2.1 * NS v22.10.0.83 * MB Premium v3.1.2
HP Pavilion dv6835ca, Intel Core2Duo T5550 @ 1.83 GHz, 3 GB RAM, NVIDIA GeForce 8400M GS

Okay Thanks again for all the valuable help with these issues and keeping us up to date on things.

Hi Great White North,

I successfully ran Windows Update on my Vista (SP2) 64-bit system on 10/01/17, and I think I'm fully patched.

Two (2) of the June 2017 out-of-band security updates (KB4018271 and KB4019204) were offered and installed through Windows Update.

The other three (3) out-of-band security updates (KB4018466, KB4021903, KB4024402) were NOT offered by Windows Update, nor have they been installed on my PC.

Do you think I need KB4018466, KB4021903 and KB4024402?  I downloaded them from the Microsoft Update Catalog, in case I need them, but I'm apprehensive about installing them.  Can those three (3) updates do any harm to my PC?

Thanks.

* Please try a lower page number.

* Please enter only numbers.

* Please try a lower page number.

* Please enter only numbers.