DeutschEspañolFrançaisItalianoNederlandsPortuguêsΕλληνικάРусскийالعربية中文(简体)中文(繁體)日本語한국어
 
Donate Bitcoins
Google
 
www smithii.com
 

Automatically Slipstream Windows XP with SP2 and All Post-SP2 Security Hotfixes with a Single Command (Updated 03-May-09)

For information about slipstreaming Windows XP SP3, visit http://smithii.com/slipstream_xpsp3.

I've written the batch file xpsp2.cmd (updated 03-May-09) to automatically download and slipstream a standard Windows XP boot disk with Service Pack 2 and all post-SP2 security hotfixes.

It uses wget or curl (if either are found in the PATH), or your installed browser to download the updates. I have tested this with Internet Explorer, Firefox, and Opera. Other browsers should work, as well.

The batch file xpsp2local.cmd (updated 03-May-09) will update the copy of Windows XP that is installed on the computer you run the command on. You may wish to do this, if you do not have, or want, the machine you want to hotfix connected to the internet, or if you are unable to run Windows Update for some reason (for example, if Internet Explorer isn't installed, or doesn't work properly, due to a virus or similar mishap).

To slipstream the hotfixes, and burn the slipstreamed disk, I've created the makefile xpsp2.mak (updated 03-May-09). Details on usage below.

Microsoft XML Core Services Hotfixes

For Microsoft XML Core Services, run msxml_hotfixes.cmd (updated 24-Aug-07) to install the latest hotfixes locally.

Microsoft Office 2003 SP2 and Hotfixes

For Office 2003, run office_2003_hotfixes.cmd (updated 25-Aug-07) to install Service Pack 2, and all post-SP2 hotfixes locally.

The xpsp2* scripts listed above include the following security updates found at http://www.microsoft.com/technet/security/current.aspx:


Apr 09:

MS09-010 - Critical
Vulnerabilities in WordPad and Office Text Converters Could Allow Remote Code Execution (960477)
KB923561
SP2: replaces none
SP3: replaces none

MS09-013 - Critical
Vulnerabilities in Windows HTTP Services Could Allow Remote Code Execution (960803)
SP2: replaces none
SP3: replaces none

MS09-011 - Critical
Vulnerability in Microsoft DirectShow Could Allow Remote Code Execution (961373)
SP2: replaces MS08-033
SP3: replaces MS08-033

MS09-014 - Critical
Cumulative Security Update for Internet Explorer (963027)
SP2: replaces MS08-073, MS08-078
SP3: replaces MS08-073, MS08-078

MS09-012 - Important
Vulnerabilities in Windows Could Allow Elevation of Privilege (959454)
SP2: replaces MS07-022, MS08-002, MS08-064
SP3: replaces MS08-064

MS09-015 – Moderate
Blended Threat Vulnerability in SearchPath Could Allow Elevation of Privilege (959426)
SP2: replaces MS07-035
SP2: replaces MS07-035

Mar 09:

MS09-006 – Critical
Vulnerabilities in Windows Kernel Could Allow Remote Code Execution (958690)
SP2: replaces MS08-061
SP3: replaces MS08-061

MS09-007 - Important
Vulnerability in SChannel Could Allow Spoofing (960225)
SP2: replaces MS07-031
SP3: replaces none

Feb 09:

Jan 09:

MS09-001 – Critical
Vulnerabilities in SMB Could Allow Remote Code Execution (958687)
SP2: replaces MS08-063
SP3: replaces MS08-063

Dec 08:

MS08-071 – Critical
Vulnerabilities in GDI Could Allow Remote Code Execution (956802)
SP2: replaces MS08-021
SP3: replaces none

MS08-073 - Critical
Cumulative Security Update for Internet Explorer (958215)
SP2: replaces MS08-058
SP3: replaces MS08-058

MS08-076 – Important
Vulnerabilities in Windows Media Components Could Allow Remote Code Execution (959807)
SP2: replaces none
SP3: replaces none

MS08-078 - Critical
Security Update for Internet Explorer (960714)
SP2: replaces none
SP3: replaces none

Nov 08:

MS08-068 | Important
Vulnerability in SMB Could Allow Remote Code Execution (957097)
SP2: replaces MS05-011
SP3: replaces none

MS08-069 | Critical
Vulnerabilities in Microsoft XML Core Services Could Allow Remote Code Execution (955218)
SP2: replaces MS06-042
SP3: replaces none

Oct 08:

MS08-058 - Critical
Cumulative Security Update for Internet Explorer (956390)
SP2: replaces MS08-045
SP3: replaces MS08-045

MS08-061 – Important
Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (954211)
SP2: replaces MS08-025
SP3: replaces none

MS08-062 - Important
Vulnerability in Windows Internet Printing Service Could Allow Remote Code Execution (953155)
SP2: replaces none
SP3: replaces none

MS08-063 – Important
Vulnerability in SMB Could Allow Remote Code Execution (957095)
SP2: replaces MS06-063
SP3: replaces none

MS08-064 – Important
Vulnerability in Virtual Address Descriptor Manipulation Could Allow Elevation of Privilege (956841)
SP2: replaces MS07-022
SP3: replaces none

MS08-066 – Important
Vulnerability in the Microsoft Ancillary Function Driver Could Allow Elevation of Privilege (956803)
SP2: replaces none
SP3: replaces none

MS08-067 – Critical
Vulnerability in Server Service Could Allow Remote Code Execution (958644)
SP2: replaces MS06-040
SP3: replaces none

Sep 08:

MS08-052 - Critical
Vulnerabilities in GDI+ Could Allow Remote Code Execution (954593)
SP2: replaces none
SP3: replaces none

MS08-053 - Critical
Vulnerability in Windows Media Encoder 9 Could Allow Remote Code Execution (954156)
SP2: replaces none
SP3: replaces none

MS08-054 - Critical
Vulnerability in Windows Media Player Could Allow Remote Code Execution (954154)
SP2: replaces none
SP3: replaces none

Aug 08:

MS08-045 - Critical
Cumulative Security Update for Internet Explorer (953838)
SP2: replaces MS08-031
SP3: replaces MS08-031

MS08-046 - Critical
Vulnerability in Microsoft Windows Image Color Management System Could Allow Remote Code Execution (952954)
SP2: replaces none
SP3: replaces none

MS08-048 - Important
Security Update for Outlook Express and Windows Mail (951066)
SP2: replaces none
SP3: replaces none

MS08-049 - Important
Vulnerabilities in Event System Could Allow Remote Code Execution (950974)
SP2: replaces none
SP3: replaces none

MS08-050 - Important
Vulnerability in Windows Messenger Could Allow Information Disclosure (955702)
SP2: replaces none
SP3: replaces none

Jul 08:

MS08-037 - Important
Vulnerabilities in DNS Could Allow Spoofing (953230)
SP2: replaces MS06-064, MS08-001
SP3: replaces none

Jun 08:

MS08-030 - Critical
Vulnerability in Bluetooth Stack Could Allow Remote Code Execution (951376)
SP2: replaces none
SP3: replaces none

MS08-031 - Critical
Cumulative Security Update for Internet Explorer (950759)
SP2: replaces MS08-024
SP3: replaces none
replaced by MS08-45

MS08-032 - Moderate
Cumulative Security Update of ActiveX Kill Bits (950760)
SP2: replaces MS08-023
SP3: replaces none

MS08-033 - Critical
Vulnerabilities in DirectX Could Allow Remote Code Execution (951698)
SP2: replaces MS07-064
SP3: replaces none

MS08-035 - Important
Vulnerability in Active Directory Could Allow Denial of Service (953235)
SP2: replaces MS08-003
SP3: replaces none

MS08-036 - Important
Vulnerabilities in Pragmatic General Multicast (PGM) Could Allow Denial of Service (950762)
SP2: replaces MS06-052
SP3: replaces none
  1. KB941693: MS08-025: Vulnerability in Windows Kernel Could Allow Elevation of Privilege Release 08-Apr-08 (Important)
  2. KB944338: MS08-022: Vulnerability in VBScript and JScript Scripting Engines Could Allow Remote Code Execution Release 08-Apr-08 (Critical)
  3. KB948590: MS08-021: Vulnerabilities in GDI Could Allow Remote Code Execution Release 08-Apr-08 (Critical)
  4. KB945553: MS08-020: Vulnerability in DNS Client Could Allow Spoofing Release 08-Apr-08 (Important)
  5. <!-- Feb, 2008: http://www.microsoft.com/technet/security/bulletin/ms08-feb.mspx -->

  6. KB947890: MS08-008: Vulnerability in OLE Automation Could Allow Remote Code Execution Released 12-Feb-08 (Critical)
  7. KB946026: MS08-007: Vulnerability in WebDAV Mini-Redirector Could Allow Remote Code Execution Released 12-Feb-08 (Critical)
  8. KB942830: MS08-006: Vulnerability in Internet Information Services Could Allow Remote Code Execution Released 12-Feb-08 (Important)
  9. KB942831: MS08-005: Vulnerability in Internet Information Services Could Allow Elevation of Privilege Released 12-Feb-08 (Important)
  10. <!-- Jan, 2008: http://www.microsoft.com/technet/security/bulletin/ms08-jan.mspx -->

  11. KB943485: MS08-002: Vulnerability in LSASS Could Allow Local Elevation of Privilege Released 08-Jan-08 (Important)
  12. <!-- Dec, 2007: http://www.microsoft.com/technet/security/bulletin/ms07-dec.mspx -->

  13. KB941569: MS07-068: Vulnerability in Windows Media File Format Could Allow Remote Code Execution Released 11-Dec-07 (Critical)
  14. KB944653: MS07-067: Vulnerability in Macrovision Driver Could Allow Local Elevation of Privilege Released 11-Dec-07 (Important)
  15. KB937894: MS07-065: Vulnerability in Message Queuing Could Allow Remote Code Execution Released 11-Dec-07 (Important)
  16. <!-- Nov, 2007: http://www.microsoft.com/technet/security/bulletin/ms07-nov.mspx -->

  17. KB943460: MS07-061: Vulnerability in Windows URI Handling Could Allow Remote Code Execution Released 13-Nov-07 (Critical)
  18. <!-- Oct, 2007: http://www.microsoft.com/technet/security/bulletin/ms07-oct.mspx -->

  19. KB933729: MS07-058: Vulnerability in RPC Could Allow Denial of Service Released 09-Oct-07 (Important)
  20. KB941202: MS07-056: Security Update for Outlook Express and Windows Mail Released 09-Oct-07 (Critical)
  21. KB923810: MS07-055: Vulnerability in Kodak Image Viewer Could Allow Remote Code Execution Released 09-Oct-07 (Critical)
  22. <!-- Aug, 2007: http://www.microsoft.com/technet/security/bulletin/ms07-aug.mspx -->

  23. KB938127: MS07-050: Vulnerability in Vector Markup Language Could Allow Remote Code Execution Released 14-Aug-07 (Important)
  24. KB936782: MS07-047: Vulnerability in Windows Media Player Could Allow Remote Code Execution Released 14-Aug-07 (Critical)
  25. <!-- Jul, 2007: http://www.microsoft.com/technet/security/bulletin/ms07-jul.mspx -->

  26. KB939373: MS07-041: Vulnerability in Microsoft Internet Information Services Could Allow Remote Code Execution Released 20-Jul-07 (Important)
  27. <!-- June, 2007: http://www.microsoft.com/technet/security/bulletin/ms10-jun.mspx -->

  28. KB935839: MS07-035: Vulnerability in Win32 API Could Allow Remote Code Execution Released 12-Jun-07 (Critical)
  29. KB929123: MS07-034: Cumulative Security Update for Outlook Express and Windows Mail Released 12-Jun-07 (Critical)
  30. KB935840: MS07-031: Vulnerability in the Windows Schannel Security Package Could Allow Remote Code Execution Released 12-Jun-07 (Critical)
  31. <!-- May, 2007: http://www.microsoft.com/technet/security/bulletin/ms10-may.mspx -->

    <!-- April, 2007: http://www.microsoft.com/technet/security/bulletin/ms07-apr.mspx -->

  32. KB931784: MS07-022: Vulnerability in Windows Kernel Could Allow Elevation of Privilege Released 07-Apr-07 (Important)
  33. KB930178: MS07-021: Vulnerabilities in CSRSS Could Allow Remote Code Execution Released 07-Apr-07 (Critcal)
  34. KB932168: MS07-020: Vulnerability in Microsoft Agent Could Allow Remote Code Execution Released 07-Apr-07 (Critcal)
  35. KB931261: MS07-019: Vulnerability in Universal Plug and Play Could Allow Remote Code Execution Released 07-Apr-07 (Critcal)
  36. KB925902: MS07-017: Security Update for Windows XP Released 03-Apr-07 (Critcal)
  37. <!-- February, 2007: http://www.microsoft.com/technet/security/bulletin/ms07-feb.mspx -->

  38. KB918118: MS07-013: Vulnerability in Microsoft RichEdit Could Allow Remote Code Execution Released 12-Feb-07 (Important)
  39. KB924667: MS07-012: Vulnerability in Microsoft MFC Could Allow Remote Code Execution Released 12-Feb-07 (Important)
  40. KB926436: MS07-011: Vulnerability in Microsoft OLE Dialog Could Allow Remote Code Execution (Important) Released 12-Feb-07 (Important)
  41. KB927779: MS07-009: Vulnerability in Microsoft Data Access Components Could Allow Remote Code Execution Released 12-Feb-07 (Critical)
  42. KB928843: MS07-008: Vulnerability in HTML Help ActiveX Control Could Allow Remote Code Execution Released 12-Feb-07 (Critical)
  43. KB927802: MS07-007: Vulnerability in Windows Image Acquisition Service Could Allow Elevation of Privilege Released 12-Feb-07 (Important)
  44. KB928255: MS07-006: Vulnerability in Windows Shell Could Allow Elevation of Privilege Released 12-Feb-07 (Important)
  45. <!-- December, 2006: http://www.microsoft.com/technet/security/bulletin/ms06-dec.mspx -->

  46. KB926255: MS06-075: Vulnerability in Windows Could Allow Elevation of Privilege Released 12-Dec-06 (Important)
  47. KB926247: MS06-074: Vulnerability in SNMP Could Allow Remote Code Execution Released 12-Dec-06 (Important)
  48. <!-- November, 2006: http://www.microsoft.com/technet/security/bulletin/ms06-nov.mspx -->

  49. KB924270: MS06-070: Vulnerability in Workstation Service Could Allow Remote Code Execution Released 14-Nov-06 (Critical)
  50. KB920213: MS06-068: Vulnerability in Microsoft Agent Could Allow Remote Code Execution Released 14-Nov-06 (Critical)
  51. KB923980: MS06-066: Vulnerabilities in Client Service for NetWare Could Allow Remote Code Execution Released 14-Nov-06 (Important)
  52. <!-- October, 2006: http://www.microsoft.com/technet/security/bulletin/ms08-oct.mspx -->

  53. KB924496: MS06-065: Vulnerability in Windows Object Packager Could Allow Remote Execution Released 10-Oct-06 (Moderate)
  54. KB923414: MS06-063: Vulnerability in Server Service Could Allow Denial of Service and Remote Code Execution Released 10-Oct-06 (Important)
  55. KB924191: MS06-061: Vulnerabilities in Microsoft XML Core Services could allow remote code execution Released 10-Oct-06 (Critical)
  56. KB923191: MS06-057: Vulnerability in Windows Explorer Could Allow Remote Execution Released 10-Oct-06 (Critical)
  57. <!-- September, 2006: http://www.microsoft.com/technet/security/bulletin/ms07-sep.mspx -->

  58. KB920685: MS06-053: Vulnerability in Indexing Service Could Allow Cross-Site Scripting Released 12-Sep-06 (Moderate)
  59. <!-- August, 2006: http://www.microsoft.com/technet/security/bulletin/ms06-aug.mspx -->

  60. KB920670: MS06-050: Vulnerabilities in Microsoft Windows Hyperlink Object Library Could Allow Remote Code Execution  Released 08-Aug-06 Important)
  61. KB920683: MS06-041: Vulnerability in DNS Resolution Could Allow Remote Code Execution Released 08-Aug-06 (Critical)
  62. <!-- July, 2006: http://www.microsoft.com/technet/security/bulletin/ms06-jul.mspx -->

  63. KB914388: MS06-036: Vulnerability in DHCP Client Service Could Allow Remote Code Execution Released 11-Jul-06 (Critical)
  64. <!-- June, 2006: http://www.microsoft.com/technet/security/bulletin/ms06-jun.mspx -->

  65. KB914389: MS06-030: Vulnerability in Server Message Block Could Allow Elevation of Privilege Released 13-Jun-06 (Important)
  66. KB911280: MS06-025: Vulnerability in Routing and Remote Access Could Allow Remote Code Execution Released 13-Jun-06 (Critical)
  67. KB918439: MS06-022: Vulnerability in ART Image Rendering Could Allow Remote Code Execution Released 13-Jun-06 (Critical)
  68. <!-- May, 2006: http://www.microsoft.com/technet/security/bulletin/ms06-may.mspx -->

  69. KB913580: MS06-018: Vulnerability in Microsoft Distributed Transaction Coordinator could allow denial of service Released 09-May-06 (Moderate)
  70. <!-- April, 2006: http://www.microsoft.com/technet/security/bulletin/ms06-apr.mspx -->

  71. KB908531: MS06-015: Vulnerability in Windows Explorer Could Allow Remote Code Execution Released 11-Apr-06 (Updated 25-Apr-06) (Critical)
  72. KB911562: MS06-014: Vulnerability in Microsoft Data Access Components (MDAC) function could allow code execution Released 11-Apr-06 (Updated 11-May-06) (Critical)
  73. <!-- February, 2006: http://www.microsoft.com/technet/security/bulletin/ms06-feb.mspx -->

  74. KB901190: MS06-009: Vulnerability in the Korean Input Method Editor (IME) could allow elevation of privilege Released 10-May-06 (Important)
  75. KB911927: MS06-008: Vulnerability in Web Client Service Could Allow Remote Code Execution Released 10-May-06 (Important)
  76. KB911564: MS06-006: Vulnerability in Windows Media Player Plug-in with Non-Microsoft Internet Browsers Could Allow Remote Code Execution Released 10-May-06 (Important)
  77. KB911565: MS06-005: Vulnerability in Windows Media Player 9 Could Allow Remote Code Execution Released 10-May-06 (Critical)
  78. <!-- January, 2006: http://www.microsoft.com/technet/security/bulletin/ms06-jan.mspx -->

  79. KB908519: MS06-002: Vulnerability in Embedded Web Fonts Could Allow Remote Code Execution Released 11-Jan-06 (Critical)
  80. <!-- November, 2005: http://www.microsoft.com/technet/security/bulletin/ms05-nov.mspx -->

  81. KB902400: MS05-051: Vulnerabilities in MS DTC and COM+ could allow remote code execution Released 8-Nov-05 (Critical)
  82. <!-- October, 2005: http://www.microsoft.com/technet/security/bulletin/ms05-oct.mspx -->

  83. KB900725: MS05-049: Vulnerabilities in the Windows shell could allow for remote code execution Released 29-Dec-05 (Important)
  84. KB901017: MS05-048: Vulnerability in the Microsoft Collaboration Data Objects Could Allow Remote Code Execution Released 29-Dec-05 (Important)
  85. KB905749: MS05-047: Vulnerability in Plug and Play Could Allow Remote Code Execution and Local Elevation of Privilege Released 29-Dec-05 (Important)
  86. KB905414: MS05-045: Vulnerability in Network Connection Manager Could Allow Denial of Service Released 29-Dec-05 (Moderate)
  87. <!-- August, 2005: http://www.microsoft.com/technet/security/bulletin/ms05-aug.mspx -->

  88. KB896423: MS05-043: Vulnerability in Print Spooler Service Could Allow Remote Code Execution Released 14-Aug-05 (Critical)
  89. KB899587: MS05-042: Vulnerabilities in Kerberos Could Allow Denial of Service, Information Disclosure, and Spoofing Released 14-Aug-05 (Moderate)
  90. KB899591: MS05-041: Vulnerability in Remote Desktop Protocol Could Allow Denial of Service Released 14-Aug-05 (Moderate)
  91. KB893756: MS05-040: Vulnerability in Telephony Service Could Allow Remote Code Execution Released 14-Aug-05 (Important)
  92. <!-- July, 2005: http://www.microsoft.com/technet/security/bulletin/ms05-jul.mspx -->

  93. KB901214: MS05-036: Vulnerability in Microsoft Color Management Module Could Allow Remote Code Execution Released 12-Jul-05 (Critical)
  94. <!-- June, 2005: http://www.microsoft.com/technet/security/bulletin/ms05-jun.mspx -->

  95. KB896428: MS05-033: Vulnerability in Telnet Client Could Allow Information Disclosure Released 14-Jun-05 (Moderate)
  96. KB890046: MS05-032: Vulnerability in Microsoft Agent Could Allow Spoofing Released 14-Jun-05 (Moderate)
  97. KB896358: MS05-026: Vulnerability in HTML Help Could Allow Remote Code Execution Released 14-Jun-05 (Critical)
  98. <!-- April, 2005 -->

  99. KB890859: MS05-018: Vulnerabilities in Windows kernel Could Allow Elevation of Privilege and Denial of Service Released 12-Apr-05 (Important)
  100. <!-- February, 2005 -->

  101. KB891781: MS05-013: Vulnerability in the DHTML Editing Component ActiveX Control Could Allow Code Execution Released 8-Feb-05 (Critical)
  102. KB887472: MS05-009: Vulnerability in PNG Processing Could Allow Remote Code Execution Released 8-Feb-05 (Critical)
  103. KB888302: MS05-007: Vulnerability in Windows Could Allow Information Disclosure Released 8-Feb-05 (Important)
  104. <!-- December, 2004 -->

  105. KB885835: MS04-044: Vulnerabilities in Windows Kernel and LSASS Could Allow Elevation of Privilege Released 14-Dec-04 (Important)
  106. KB873339: MS04-043: Vulnerability in HyperTerminal Could Allow Code Execution Released 14-Dec-04 (Important)
  107. KB885836: MS04-041: A Vulnerability in WordPad Could Allow Code Execution Released 14-Dec-04 (Important)
  108. <!-- August, 2004 -->

  109. KB835935: Windows XP Service Pack 2 Released 24-Aug-04

<!-- ******************************************************************** -->
These updates are not included as they have been superceeded by a following update:
<!-- ******************************************************************** -->

  1. KB947864: MS08-024: Cumulative Security Update for Internet Explorer Release 08-Apr-08 (Critical)
  2. KB948881: MS08-023: Security Update of ActiveX Kill Bits Release 08-Apr-08 (Critical)
  3. KB944533: MS08-010: Cumulative Security Update for Internet Explorer Released 12-Feb-08 (Critical)
  4. KB946538: MS08-003: Vulnerability in Active Directory Could Allow Denial of Service Released 12-Feb-08 (Important)
  5. KB941644: MS08-001: Vulnerabilities in Windows TCP/IP Could Allow Remote Code Execution Released 08-Jan-08 (Critical)
  6. KB938829: MS07-046: Vulnerability in GDI Could Allow Remote Code Execution Released 14-Aug-07 (Critical)
  7. KB942615: MS07-069: Cumulative Security Update for Internet Explorer Released 11-Dec-07 (Critical)
  8. KB941568: MS07-064: Vulnerabilities in DirectX Could Allow Remote Code Execution Released 11-Dec-07 (Critical)
  9. KB939653: MS07-057: Cumulative Security Update for Internet Explorer Released 09-Oct-07 (Critical)
  10. KB937143: MS07-045: Cumulative Security Update for Internet Explorer Released 14-Aug-07 (Critical)
  11. KB921503: MS07-043: Vulnerability in OLE Automation Could Allow Remote Code Execution Released 14-Aug-07 (Critical)
  12. KB933566: MS07-033: Cumulative Security Update for Internet Explorer Released 12-Jun-07 (Critical)
  13. KB931784: MS07-027: Cumulative Security Update for Internet Explorer Released 08-May-07 (Critical)
  14. KB928090: MS07-016: Cumulative Security Update for Internet Explorer Released 12-Feb-07 (Critical)
  15. KB929969: MS07-004: Vulnerability in Vector Markup Language Could Allow Remote Code Execution Released 09-Jan-07 (Critical)
  16. KB923689: MS06-078: Vulnerability in Windows Media Format Could Allow Remote Code Execution Released 12-Dec-06 (Critical)
  17. KB923694: MS06-076: Cumulative Security Update for Outlook Express Released 12-Dec-06 (Important)
  18. KB925454: MS06-072: Cumulative Security Update for Internet Explorer Released 12-Dec-06 (Critical)
  19. KB922760: MS06-067: Cumulative Security Update for Internet Explorer Released 14-Nov-06 (Critical)
  20. KB925486: MS06-055: Vulnerability in Vector Markup Language Could Allow Remote Code Execution Released 12-Sep-06 (Critical)
  21. KB922819: MS06-064: Vulnerabilities in TCP/IP IPv6 Could Allow Denial of Service Released 10-Oct-06 (Low)
  22. KB919007: MS06-052: Vulnerability in Reliable Multicast Program (PGM) Could Allow Remote Code Execution Released 12-Sep-06 (Important)
  23. KB917422: MS06-051: Vulnerability in Windows Kernel Could Result in Remote Code Execution Released 08-Aug-06 (Critical)
  24. KB922616: MS06-046: Vulnerability in HTML Help Could Allow Remote Code Execution Released 08-Aug-06 (Critical)
  25. KB921398: MS06-045: Vulnerability in Windows Explorer Could Allow Remote Code Execution  Released 08-Aug-06 Important)
  26. KB920214: MS06-043: Vulnerability in Microsoft Windows Could Allow Remote Code Execution Released 08-Aug-06 (Critical)
  27. KB918899: MS06-042: Cumulative Security Update for Internet Explorer Released 08-Aug-06 (Critical)
  28. KB921883: MS06-040: Vulnerability in Server Service Could Allow Remote Code Execution Released 08-Aug-06 (Critical)
  29. KB917159: MS06-035: Vulnerability in Server Service Could Allow Remote Code Execution Released 11-Jul-06 (Critical)
  30. KB917537: MS06-034: Vulnerability in Microsoft Internet Information Services using Active Server Pages Could Allow Remote Code Execution Released 11-Jul-06 (Important)
  31. KB917953: MS06-032: Vulnerability in TCP/IP Could Allow Remote Code Execution Released 13-Jun-06 (Important)
  32. KB917734: MS06-024: Vulnerability in Windows Media Player Could Allow Remote Code Execution Released 13-Jun-06 (Critical)
  33. KB917344: MS06-023: Vulnerability in Microsoft JScript Could Allow Remote Code Execution Released 13-Jun-06 (Critical)
  34. KB916281: MS06-021: Cumulative Security Update for Internet Explorer Released 13-Jun-06 (Critical)
  35. KB913433: MS06-020: Vulnerabilities in Macromedia Flash Player from Adobe Could Allow Remote Code Execution Released 09-May-06 (Critical)
  36. KB911567: MS06-016: Cumulative Security Update for Outlook Express Released 11-Apr-06 (Important)
  37. KB912812: MS06-013: Cumulative Security Update for Internet Explorer Released 11-Apr-06 (Critical)
  38. KB913446: MS06-007: Vulnerability in TCP/IP Could Allow Denial of Service Released 10-May-06 (Important)
  39. KB912919: MS06-001: Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution Released 6-Jan-06 (Critical)
  40. KB905915: MS05-054: Cumulative Security Update for Internet Explorer Released 13-Dec-05 (Critical)
  41. KB896424: MS05-053: Vulnerabilities in Graphics Rendering Engine Could Allow Code Execution Released 8-Nov-05 (Critical)
  42. KB896688: MS05-052: Cumulative Security Update for Internet Explorer Released 29-Dec-05 (Critical)
  43. KB904706: MS05-050: Vulnerability in DirectShow Could Allow Remote Code Execution Released 29-Dec-05 (Critical)
  44. KB899589: MS05-046: Vulnerability in the Client Service for NetWare Could Allow Remote Code Execution Released 29-Dec-05 (Important)
  45. KB899588: MS05-039: Vulnerability in Plug and Play Could Allow Remote Code Execution and Elevation of Privilege Released 14-Aug-05 (Critical)
  46. KB896727: MS05-038: Cumulative Security Update for Internet Explorer for Windows XP Service Pack 2 Released 14-Aug-05 (Critical)
  47. KB903235: MS05-037: Vulnerability in JView Profiler Could Allow Remote Code Execution Released 14-Aug-05 (Critical)
  48. KB890046: MS05-032: Vulnerability in Microsoft Agent Could Allow Spoofing Released 14-Jun-05 (Moderate)
  49. KB896422: MS05-027: Vulnerability in Server Message Block Could Allow Remote Code Execution Released 14-Jun-05 (Critical)
  50. KB883939: MS05-025: Cumulative Security Update for Internet Explorer Released 14-Jun-05 (Critical)
  51. KB890923: MS05-020: Cumulative security update for Internet Explorer Released 12-Apr-05 (Important)
  52. KB893086: MS05-016: Vulnerability in Windows Shell that Could Allow Remote Code Execution Released 12-Apr-05 (Critical)
  53. KB888113: MS05-015: Vulnerability in Hyperlink Object Library Could Allow Remote Code Execution Released 8-Feb-05 (Critical)
  54. KB873333: MS05-012: Vulnerability in OLE and COM Could Allow Remote Code Execution Released 8-Feb-05 (Critical)
  55. KB885250: MS05-011: Vulnerability in Server Message Block Could Allow Remote Code Execution Released 8-Feb-05 (Critical)
  56. KB890047: MS05-008: Vulnerability in Windows shell could allow remote code execution Released 8-Feb-05 (Important)
  57. KB890175: MS05-001: Vulnerability in HTML Help could allow code execution Released 11-Jan-05 (Critical)
  58. <!--
    not security updates

  59. KB885932: Update for Internet Explorer 6 for XP Service Pack 2
  60. KB884020: Programs that connect to IP addresses that are in the loopback address range may not work as you expect in Windows XP Service Pack 2 Released Sep-04
  61. KB886185: Critical update for Windows Firewall "My Network (subnet) only" scoping in Windows XP Service Pack 2 Released 14-Dec-04 (Critical)
  62. -->

<!-- ******************************************************************** -->
The following security updates are not presently included:
<!-- ******************************************************************** -->

  1. KB923723: MS07-005: Vulnerability in Step-by-Step Interactive Training Could Allow Remote Code Execution Released 12-Feb-07 (Important)
  2. KB923789: MS06-069: Vulnerabilities in Macromedia Flash Player from Adobe Could Allow Remote Code Execution Released 14-Nov-06 (Critical)
  3. KB898458: MS05-031: Vulnerability in Step-by-Step Interactive Training Could Allow Remote Code Execution Released 14-Jun-05 (Important)
  4. KB893066: MS05-019: Vulnerabilities in TCP/IP Could Allow Remote Code Execution and Denial of Service Released 12-Apr-05 (Critical)
  5. KB890261: MS05-009: Vulnerability in PNG Processing Could Lead to Buffer Overrun Released 8-Feb-05 (Critical)
  6. KB887219: MS05-004: ASP.NET Path Validation Vulnerability Released 8-Feb-05 (Important)
  7. KB816093: MS03-011: Flaw in Microsoft VM Could Enable System Compromise Released 14-Dec-04 (Critical)

Please let me know if you feel I've missed an important update.

Fitting All the Hotfixes onto a 700MB CD

If you slipstream all of the hotfixes listed above, the resulting size will be greater than will fit on a single 700MB "80 minute" CD-R. There are two options to get around this limitation:

1. Burn to a DVD instead of a CD. Of course, this isn't an option if the computer you are installing on does not have a DVD drive, or you don't have software to burn an .ISO file to a DVD.

2. Remove unneeded directories from the CD. On my Windows XP SP1 CD, I found I could delete the following directories before creating the .ISO:

D:\I386\WIN9XMIG: 33.5MB (Windows 9x migration files, not used when performing a fresh XP installation)
D:\DOTNETFX:      33.1MB (.NET Framework, install this manually later if needed)
D:\cmpnents       26.5MB (.NET Framework, TabletPC)
D:\SUPPORT:       11.3MB (Support tools, not used by the installer)
D:\VALUEADD:       9.1MB (Value added programs, not used by the installer)
D:\I386\WIN9XUPG:  3.9MB (Windows 9x upgrade files, not used when performing a fresh XP installation)
D:\DOCS:           0.1MB (Miscellaneous documents, not used by the installer)

If you don't need to install the Recovery Console, you can remove:

D:\I386\WINNTUPG:  1.0MB (Windows NT/2000 upgrade files, not used when performing a fresh XP installation)

If you don't need to install languages other than English, you can remove:

D:\I386\LANG:    101.7MB

If you remove all of the above directories, you will have reduced the size of the CD by over 223MB. Using my Windows XP SP1 disk, I went from 786MB, to 563MB, which easily fits on most sizes of CD-R media (see the table below).

Here is a table listing the different sizes of CD media. The sizes listed below I discovered empirically, and may vary depending on the type of media used.

Disk Type                       Size
------------------------ -----------
80 minute/"700MB" CD-R   697,425,920
74 minute/"650MB" CD-R   642,883,584
80 minute/"700MB" CD-R/W 598,808,576
74 minute/"650MB" CD-R/W 557,260,800

Of course, using a program such as nLite, you can accomplish a far greater size reduction that what is listed above.

For more information, see:

http://unattended.msfn.org/unattended.xp/view/web/57/
http://pages.videotron.com/tbone/unattended/#_Toc79089721

Using Cygwin to Burn a Bootable CD

If you have, or install, Cygwin, you can build and burn a bootable CD, by editing the CD and CD_DEV variables at the beginning of xpsp2.mak, and typing:

$ make -f xpsp2.mak

You can also add the parameters on the command line:

$ make -f xpsp3.mak CD=F: CD_DEV=0,0,0

If you include md5s.txt (updated 03-May-09), make will verify the files downloaded correctly before executing them.

Note: KB885835 and KB885250 share the same file (mrxsmb.sys), so an error occurs if you attempt to slipstream both of them at once. These scripts solve this issue by superceeding KB885835's version of the file (5.1.2600.2541, xpsp_sp2_gdr.040919-1056, dated 10-27-2004, 448,128 bytes) with KB885250's version (5.1.2600.2598, xpsp_sp2_gdr.041130-1729, dated 1-18-2005, 451,584 bytes).

Of course, to run make, you will need to install Cygwin and select the make, perl, and wget packages.

To create a Windows XP boot disk with Service Pack 1a and Update Rollup 1 (KB826939), use xpsp1_ru.mak.

Older Scripts

To create a Windows XP boot disk with only SP1a, use xpsp1.mak.

To create a Windows 2000 boot disk with SP4, use w2k_sp4.mak.

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

Fixed in the latest release

Sorry 'bout that.

Thanks for the feedback

For:

KB913446 / MS06-007 (14-Feb-2006) replaced by KB917953 / MS06-032
KB896422 / MS05-027 (14-Jun-2005) replaced by KB923414 / MS06-063

I removed the superceeded items.

For:

KB924191 / MS06-061 (10-Oct-2006) replaced by KB928088 / MS06-071

I removed this fix. I've created a new script, called msxml_hotfixes.cmd, which will apply these hotfixes if needed.

Thanks for the heads up

The bug was the URL had .EXE, instead of .exe. I fixed both md5s.txt and xpsp2.mak and posted the updated versions.

Here's a resource

Well, then your timing is perfect.

Icy,

Your post is the perfect answer to Bob Dobelina's critique.

I know my scripts aren't very "newbie friendly", but they truly are a one-script/one-command solution to slipstreaming.

HFSLIP is great, but it requires the user to manually download everything. A requirement I find distasteful.

Hmmm....

You state "where your hotfix files are located".

How do you get the 60+ hotfix files in the first place?

Perhaps you can run my script first! :)

-Ross

Ouch!

Thanks for the feedback. Here's mine:

* My goal was to automate the entire process, and share the scripts with others. Not to write a howto for newbies.

* I'm assuming a level of expertise to use my scripts. They work for me, and I'm offering them to others to use if they want. There are many other, potentially better, solutions out there, including Ryanvm, HFSLIP, and many others.

* xpsp2.mak is only required if you want to burn a slipstreamed CD. cdrecord/mkisofs are used. HFSLIP also calls these commands. I know of no other way to burn a CD on the command line in Windows. Do you?

* xpsp2.cmd uses the default browser to download the hotfixes. If curl or wget are installed they will be used instead, and the disconcerting popups will not appear.

Again, thanks for the critique.

Thanks... I think :)

Icy,

I'm not sure if you're really being complementary, or pulling my leg, after reading Bob Dobelina's post, but I'll take you at your word.

I'm glad you found the script useful.

-Ross

Both typos

Thanks for the catch. I'll publish an update soon.

That's because you have Office 2003 installed

Not everyone does, and it certainly isn't not on an original Windows XP installation CD.

Why are you including KB817772?

My scripts don't include it. Neither does Ryanvm.

My .iso file has never exceeded 700MB. What disk are you starting with, and what are you adding to it?

Sorry, I have experienced the issue you are describing

Perhaps try using a different Windows XP install disk. I use an Windows XP SP1 Upgrade disk. Others report success with Windows XP SP2 Full.

Nope, not a typo

http://www.microsoft.com/technet/security/bulletin/ms05-048.mspx lists KB907245, but the download is named WindowsXP-KB901017-x86-ENU.exe.

I had the download correct, but listed KB907245. I've changed it to KB901017 to be consistent. Thanks for the heads up.

Sorry, I have no experience with Media Center

So I really can't address any of your questions.

You may want to try HFSLIP. I haven't used it, but it may support the functionality you're looking for.

Thanks,

Ross

pk:

You'll need to install Cygwin by running setup.exe.

Then, when prompted, install the folling optional packages:

make
perl
unzip
wget

Good luck!

Not sure I understand the problem

It sounds like it's waiting for a download file to appear in the directory it's expecting them in. Sorry I can't be of more help.

Fixed xpsp2.mak has been uploaded

It should work for you now.

Thanks for you help, and patience.

Hey Fresh

Both xpsp2.mak and xpsp2.cmd can create a Windows XP installation CD with all of the hotfixes slipsteamed in. They both require an existing Windows XP installation CD (SP0, SP1 or SP2).

Hi Daniel,

Yes, you can certainly edit the URLs.

For a list of hotfixes in other languages, take a look here.

Cheers,

Ross

Fixed, please try again

A small typo slipped thru.

Problem in the script

It's been fixed. Please try again.

You must save the downloads in the correct directory

For example, I run the script from the d:\X1APCCP_EN directory. When FireFox prompts me where to save the download files, I manually select this directory. If you have FireFox automatically set to save your download files in a different directory, the script will sit there forever waiting to see the files in the directory it expects them in.

Good question

I'm only including security fixes. Here's what I've found from your list:

KB893803v2:	Windows Installer 3.1 (v2)
		(Not a security update)

KB886185:	Critical update for Windows Firewall "My Network (subnet) only" scoping
		(Not a security update, Ryamvm says it's superceeded by KB889527)

KB894391:	You receive a "Generic Host Process" error message after you start
                the computer, or DBCS attachment file names are not displayed in 
                Rich Text e-mail messages
		(Not a security update)

KB898461:	Permanent copy of the Package Installer for Windows version 6.2.29.0
		(Not a security update)

KB899587:	Vulnerabilities in Kerberos could allow denial of service, information 
                disclosure, and spoofing (Moderate)
		(I added this hotfix to the scripts)

KB900485:	0x0000007E stop error in Windows XP SP2
		(Not a security update)

KB900725:	Vulnerabilities in the Windows shell could allow for remote code execution
                (Important)
		(I added this hotfix the scripts, superceeded by KB909608, which does not
                appear to be available)

KB902400:	Vulnerabilities in MS DTC and COM+ could allow remote code execution (Critical)
		(I added this hotfix to the scripts)
			
KB904706:	Vulnerability in DirectShow could allow remote code execution (Critical)
		(I added this hotfix to the scripts)

KB910437:	Access violation error occurs when Windows Automatic Updates tries to download
                updates
		(Not a security update)

KB916595:	Stop error message on a Windows XP-based computer: "STOP 0x000000D1"
		(Not a security update)

KB887742: 	You receive the Stop error "Stop 0x05 (INVALID_PROCESS_ATTACH_ATTEMPT)" in
                Windows XP Service Pack 2 or Windows Server 2003
		(Removed as it's not a security update, also, ryanvm says it's superceeded by 
                KB916595)

Thanks for the information,

Ross

Fixed, thanks for the heads

Fixed, thanks for the heads up

I uploaded the corrected script

Thanks for the heads up.

I can't duplicate the problem you are having

The code to check for the WIN51IP.SP2 file is there, line 324:

if not exist "%builddir%\win51*.sp2" (

I tested it, and it works fine for me.

You might try turning on debugging, and seeing if you can determine why it's failing:

set debug=y
xpsp2.cmd

And then press Ctrl-S to stop the scrolling right after you reply to the prompts. Type Ctrl-Q to start it again.

Let me know if you determine what the problem is.

Sorry, I have no idea

First, you need to be using Windows XP.

If your CD drive is drive D:, it wont ask you for the source drive, if the file D:\WIN51 is found.

It then runs the VOL command on the above drive, and checks if a directory exists with the volume name underneath the current directory.

For example, in my case, the volume name of the CD is X1APCCP_EN, and I'm running the script in the directory D:\XPSP2. The program then looks for the directory D:\XPSP2\X1APCCP_EN. If it exists, it won't ask for the destination directory.

If the program is not asking you, then either the directory already exists, or it is failing to get the result of the VOL command.

Without seeing the debug output, I can't really help any further.

You could also try simply specifying the source and destination directories on the command line:

xpsp2.cmd source_drive dest_dir

For example:

xpsp2.cmd D: XPSP2

-Ross

Sorry, I misunderstood

I didn't realize you are using the xpsp2.mak script. I should have figured that out, when you mentioned Cygwin.

I have fixed the script to not download or integrate SP2 if it finds the WIN51IP.SP2 file.

Please download this version and try it.

I need more information

If you have already copied the CD, and have answered the prompts with the correct directory names, the script will not copy the CD again.

Also, the script will not download, or slipstream SP2 itself, if it sees a win51*.sp2 file in the root directory.

So, I'm not sure what, exactly, is the problem. Perhaps you can detail exactly what you are doing, and I'll see if I can help figure out a solution.

Thanks,

Ross

Microsoft bumped the version

WindowsXP-KB908531-x86-ENU.exe is now WindowsXP-KB908531-v2-x86-ENU.exe.

I've just posted the corrected scripts.

Which version of mkisofs.exe are you using? Also, how are you burning the CD, with cdrecord? If so, which version? I don't just mean the version number, but where did you get the version from, as there are several different sites providing the same version number.

I just created an .ISO and loaded into VMWare, and was not able to duplicate your problem. Perhaps the issue is with cdrecord?

Yes, I should quote more

I'll fix this to the next release.

Thanks for help, and the positive feedback,

Ross

Excellent point

I will implement as you suggested.

And yes, I'm working on the April fixes now. I should have the changes up this evening.

Thanks

Trial and error

Alan,

Trial and error is how I came up with it.

Please note, on Wed, 04/20/2005 @ 07:33, adfernandes posted the comment:

1) QCHAIN.exe, which ensures that the highest file version is installed if there is a scenario where 2 hotfixes contain the same exe/dll file with different version numbers.

I haven't explored this lead.

-Ross

Alexander, I download it w

Alexander,

I download it with a download utility such as flashget, or wget -S. They tell you the "final" URL.

Hmmm..., works for me

Sventech,

xcopy is supposed to create the directory, without asking, if a \ is appended to the destination.

But if it didn't work for you, it may not work for others, so I will implement your fix, and add a

mkdir "%buildir%"

just before it.

Re: KB910437, my script is for XP. If you're using W2K3, it needs a different hotfix, appearently.

Thanks for your help,

Ross

Good feedback

Borris,

I have implemented these changes in my local copies, and will publish them in the next release.

Thanks,

Ross

It's a typo

Max,

It's a typo, but it works fine with the duplicate entries.

The corrected versions with be posted the next time I add new hotfixes.

Thanks for the catch,

Ross

Fixed the URL, use C:\XPSP2 instead of C:\Documents ...

I fixed the URL for KB904706. Re the error message, please try running the script from a directory that doesn't contain spaces, such as C:\XPSP2. Once I have fixed the scripts to surround all file names with quotes, I will post the corrected scripts.

Related site

Yes, it should work fine

xpsp2local.cmd will apply all files in the format WindowsXP-KB*.exe. So yes, if I understand your question correctly, you could download any number of WindowsXP-KB*.exe files to the current directory, and then run xpsp2local.cmd. It will download the patches listed, and then install both those, and the non-critical files you downloaded previously.

If you list the specific "non-critical" updates, I'll see about incorporating them into xpsp2local.cmd.

Good luck,

Ross

Firefox or IE?

I use Firefox and have no problems. What browser do you use?

Try:

set debug=y
xpsp2local

and see if you can determine what the problem is, and let me know.

All good questions

> Where is the difference in the commands that calls IE in xpsp2.cmd, but doesn't call IE in xpsp2local.cmd?

The biggest difference is in the parameters passed to each hotfix. In xpsp2.cmd, the hotfix is slipstream into an directory containing the files from an XP installation CD.

In xpsp2local.cmd, the hotfix is applied to the version of Windows that is currently running, for example c:\windows

> Doesn't xpsp2local.cmd contain calls to download the hotfixes from the Internet?

Yes, but only if the hotfix doesn't already exist.

> Won't the script fail if the machine on which the script is run is not connected to the Internet?

It wouldn't necessarily fail, it just wouldn't apply those hotfixes.

If you are not connected to the internet, it is assumed you downloaded the hotfixes and copied them to the required directory prior to running the script.

> Thanks for posting these!

You're very welcome. I hope you find them useful,

Ross

Good advise, thanks

Surfing around, I found http://ryanvm.msfn.org/updatepack.html, which appears to include every MS patch available. This is overkill for me, but others may find it helpful.

cygwin packages

When installing cygwin, you should also install "unzip", at least I had to. In case you're looking for them, wget is in the "web" section, unzip in the "archives" and "make" in the devel section of the cygwin installer.

Essential Cygwin packages

I install the following "optional" Cygwin packages as I find them indispensible:

bzip2
file
make
perl
unzip
wget
zip

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.
DeutschEspañolFrançaisItalianoNederlandsPortuguêsΕλληνικάРусскийالعربية中文(简体)中文(繁體)日本語한국어
 
Donate Bitcoins
Google
 
www smithii.com
 
Special thanks to Riester Rente Online for a generous donation!