@rem Apply Windows XP Service Pack 3 and all critical post-SP3 hotfixes @rem Copyright (c) 2003-2008, Ross Smith. All rights reserved. :: ChangeLog: :: Added jun-sep releases @rem $Id$ @if "%debug%" == "" echo off @if not "%debug%" == "" echo on :: the relative directory containing the SP3 and all hotfixes :: do not include trailing backslash :: if left blank, the current directory will be used set hotfixdir=. :: options for hotfixes set options=/passive /norestart if not "%1" == "" ( set hotfixdir=%1 ) verify other 2>nul setlocal enableextensions setlocal enabledelayedexpansion if exist "%hotfixdir%" goto hotfix_ok :get_hotfix echo. echo Enter the directory path to contain Service Pack 3 and the hotfixes set REPLY= set /p REPLY=or press [Enter] for '%hotfixdir%' or enter Q to quit : if /i "%reply%" == "Q" goto :eof if not exist "%reply%\" ( echo. echo The directory '%reply%' does not exist echo. goto get_hotfix ) set hotfixdir=%reply% :hotfix_ok echo Please save all files in the directory '%hotfixdir%' if not "%DOWNLOADER%" == "" goto start_downloads wget --version >nul 2>nul if not errorlevel 9009 ( set DOWNLOADER=wget -nd -N goto start_downloads ) curl --version >nul 2>nul if not errorlevel 9009 ( set DOWNLOADER=curl -k -L -O -R goto start_downloads ) set DOWNLOADER=start /D"%hotfixdir%" /wait /b :start_downloads :: jul 08: none :: aug 08: del /f *KB950759* >nul 2>nul :: sep 08: none ::::::::::::::::::::::: :: jun 08: :: SP2: replaces none :: SP3: replaces none :: MS08-030 – Critical :: Vulnerability in Bluetooth Stack Could Allow Remote Code Execution (951376) call :download http://download.microsoft.com/download/a/6/5/a65308a2-7ede-4219-981a-20feb38bfd0e/WindowsXP-KB951376-v2-x86-ENU.exe :: SP2: replaces MS08-024 :: SP3: replaces none :: MS08-031 - Critical :: Cumulative Security Update for Internet Explorer (950759) :: replaced by MS08-45 :: call :download http://download.microsoft.com/download/2/2/5/2255ad65-47ba-44f1-9e88-feba8f019c55/WindowsXP-KB950759-x86-ENU.exe :: SP2: replaces MS08-023 :: SP3: replaces none :: MS08-032 - Moderate :: Cumulative Security Update of ActiveX Kill Bits (950760) call :download http://download.microsoft.com/download/c/6/e/c6e4b3e0-0af6-4ac8-92f7-5f7e8d471fb2/WindowsXP-KB950760-x86-ENU.exe :: SP2: replaces MS07-064 :: SP3: replaces none :: MS08-033 – Critical :: Vulnerabilities in DirectX Could Allow Remote Code Execution (951698) call :download http://download.microsoft.com/download/3/1/5/315c86ba-2910-47f0-9f02-b5616511536d/WindowsXP-KB951698-x86-ENU.exe :: SP2: replaces MS08-003 :: SP3: replaces none :: MS08-035 – Important :: Vulnerability in Active Directory Could Allow Denial of Service (953235) call :download http://download.microsoft.com/download/5/f/a/5fa7006d-023f-496f-9c85-796fb82dfd16/WindowsXP-KB949269-x86-ENU.exe :: SP2: replaces MS06-052 :: SP3: replaces none :: MS08-036 – Important :: Vulnerabilities in Pragmatic General Multicast (PGM) Could Allow Denial of Service (950762) call :download http://download.microsoft.com/download/1/4/3/1438b520-8200-466d-9daf-4de18bd4dc0f/WindowsXP-KB950762-x86-ENU.exe :: jul 08: :: SP2: replaces MS06-064, MS08-001 :: SP3: replaces none :: MS08-037 – Important :: Vulnerabilities in DNS Could Allow Spoofing (953230) call :download http://download.microsoft.com/download/f/5/f/f5f31962-0215-44e6-be41-02818b4373f3/WindowsXP-KB951748-x86-ENU.exe :: aug 08: :: SP2: replaces MS08-031 :: SP3: replaces MS08-031 :: MS08-045 - Critical :: Cumulative Security Update for Internet Explorer (953838) call :download http://download.microsoft.com/download/3/9/3/3933471e-a08e-4640-8980-d3d3eb5b3c34/WindowsXP-KB953838-x86-ENU.exe :: SP2: replaces none :: SP3: replaces none :: MS08-046 – Critical :: Vulnerability in Microsoft Windows Image Color Management System Could Allow Remote Code Execution (952954) call :download http://download.microsoft.com/download/a/1/9/a19c9aff-bd94-4fc1-98ff-db432358f902/WindowsXP-KB952954-x86-ENU.exe :: SP2: replaces none :: SP3: replaces none :: MS08-048 - Important :: Security Update for Outlook Express and Windows Mail (951066) call :download http://download.microsoft.com/download/3/a/f/3afd84f3-729c-4f54-9d38-e77c5112ae0d/WindowsXP-KB951066-x86-ENU.exe :: SP2: replaces none :: SP3: replaces none :: MS08-049 – Important :: Vulnerabilities in Event System Could Allow Remote Code Execution (950974) call :download http://download.microsoft.com/download/5/d/d/5dd0ab05-b357-4175-bd93-894903f07579/WindowsXP-KB950974-x86-ENU.exe :: SP2: replaces none :: SP3: replaces none :: MS08-050 – Important :: Vulnerability in Windows Messenger Could Allow Information Disclosure (955702) call :download http://download.microsoft.com/download/4/d/8/4d84fd95-9124-461a-95eb-6b5908b6fe62/WindowsXP-KB946648-x86-ENU.exe :: sep 08: :: SP2: replaces none :: SP3: replaces none :: MS08-052 - Critical :: Vulnerabilities in GDI+ Could Allow Remote Code Execution (954593) call :download http://download.microsoft.com/download/7/8/1/78141dc7-3b1d-42f3-9aa2-4dca79ad739b/WindowsXP-KB938464-x86-ENU.exe :: SP2: replaces none :: SP3: replaces none :: MS08-053 - Critical :: Vulnerability in Windows Media Encoder 9 Could Allow Remote Code Execution (954156) call :download http://download.microsoft.com/download/2/b/2/2b252ed6-39fe-423d-a74e-d48c85d24c2a/WindowsMedia9-KB954156-x86-ENU.exe :: SP2: replaces none :: SP3: replaces none :: MS08-054 - Critical :: Vulnerability in Windows Media Player Could Allow Remote Code Execution (954154) call :download http://download.microsoft.com/download/b/6/6/b662a844-9aa2-4b80-8713-27a6c0da16d8/WindowsMedia11-KB954154-x86-ENU.exe set fixes_applied= if not exist %SystemRoot%\system32\xpsp3res.dll ( :: http://support.microsoft.com/kb/936929 : Windows XP Service Pack 3 call :download http://download.microsoft.com/download/d/3/0/d30e32d8-418a-469d-b600-f32ce3edf42d/WindowsXP-KB936929-SP3-x86-ENU.exe set KB936929=!rv! if not exist !KB936929! ( echo File not found: '!KB936929!' goto :eof ) echo Integrating !KB936929!... start "Integrating !KB936929!..." /wait "%hotfixdir%\!KB936929!" %options% set e=%errorlevel% if errorlevel 1 ( echo !KB936929! returned error %e% goto :eof ) set fixes_applied=!fixes_applied! KB936929 ) set XPSP3_REG=%temp%\xpsp3.reg copy /y nul "%XPSP3_REG%" regedit /e "%XPSP3_REG%" "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates" :: ignore errors, per http://smithii.com/slipstream_xpsp3#comment-287 :: set e=%errorlevel% :: :: if not exist "%XPSP3_REG%" ( :: echo Can't export "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates" to :: echo "%XPSP3_REG%" :: echo regedit returned error %e% :: goto :eof :: ) for %%a in ("%hotfixdir%"\Windows*.exe) do ( for /f "delims=- tokens=2" %%b in ("%%a") do ( set kb=%%b ) if /i not "!kb!" == "KB936929" ( find "!kb!" "%XPSP3_REG%" >NUL 2>NUL if errorlevel 1 ( echo Integrating %%a... start "Integrating %%a..." /wait "%hotfixdir%\%%a" %options% set e=%errorlevel% :: 3010 = reboot required if not "!e!" == "3010" ( if errorlevel 1 ( echo %%a returned error %e% goto :eof ) ) set fixes_applied=!fixes_applied! !kb! ) ) ) del /f "%XPSP3_REG%" echo. if "%fixes_applied%" == "" ( echo All fixes have already been applied to %SystemRoot% ) else ( echo The following fixes have been applied to %SystemRoot%: echo %fixes_applied% set /p REPLY=Do you want to reboot now [Y,N] ? if /i "%reply%" == "y" ( shutdown -r -t 20 -c "Applied hotfixes %fixes_applied%" ) ) echo. goto :eof :download for /f "delims=/ tokens=8" %%a in ("%1") do set exe=%%a set rv=%exe% if "%rv%" == "" ( echo Unable to parse the filename from "%1" goto :eof ) if exist "%hotfixdir%\%rv%" goto :eof %DOWNLOADER% %1 :loop if "%debug%" == "" cls echo.|time|find "current" echo Waiting for "%hotfixdir%\%rv%" to appear echo or press [Ctrl]-[Break] to abort... ping -w 1000 -n 2 127.0.0.1 >nul 2>nul if not exist "%hotfixdir%\%rv%" goto :loop cacls "%hotfixdir%\%rv%" /T /E /C /G "%USERNAME%":F goto :eof