Automatically Slipstream Windows XP with SP3 and All Post-SP3 Security Hotfixes with a Single Command (Updated 03-May-09)
For information about slipstreaming Windows XP SP2, visit http://smithii.com/slipstream_xpsp2.
I've written the batch file xpsp3.cmd (updated 03-May-09) to automatically download and slipstream a standard Windows XP boot disk with Service Pack 2 and all post-SP3 security hotfixes.
It uses wget or curl (if either are found in the PATH), or your installed browser to download the updates. I have tested this with Internet Explorer, Firefox, and Opera. Other browsers should work, as well. The batch file xpsp3local.cmd (updated 03-May-09) will update the copy of Windows XP that is installed on the computer you run the command on. You may wish to do this, if you do not have, or want, the machine you want to hotfix connected to the internet, or if you are unable to run Windows Update for some reason (for example, if Internet Explorer isn't installed, or doesn't work properly, due to a virus or similar mishap). To slipstream the hotfixes, and burn the slipstreamed disk, I've created the makefile xpsp3.mak (updated 03-May-09). Details on usage below.The xpsp3* scripts listed above include the following security updates found at http://www.microsoft.com/technet/security/current.aspx:
Apr 09: MS09-010 - Critical Vulnerabilities in WordPad and Office Text Converters Could Allow Remote Code Execution (960477) KB923561 SP2: replaces none SP3: replaces none MS09-013 - Critical Vulnerabilities in Windows HTTP Services Could Allow Remote Code Execution (960803) SP2: replaces none SP3: replaces none MS09-011 - Critical Vulnerability in Microsoft DirectShow Could Allow Remote Code Execution (961373) SP2: replaces MS08-033 SP3: replaces MS08-033 MS09-014 - Critical Cumulative Security Update for Internet Explorer (963027) SP2: replaces MS08-073, MS08-078 SP3: replaces MS08-073, MS08-078 MS09-012 - Important Vulnerabilities in Windows Could Allow Elevation of Privilege (959454) SP2: replaces MS07-022, MS08-002, MS08-064 SP3: replaces MS08-064 MS09-015 – Moderate Blended Threat Vulnerability in SearchPath Could Allow Elevation of Privilege (959426) SP2: replaces MS07-035 SP2: replaces MS07-035 Mar 09: MS09-006 – Critical Vulnerabilities in Windows Kernel Could Allow Remote Code Execution (958690) SP2: replaces MS08-061 SP3: replaces MS08-061 MS09-007 - Important Vulnerability in SChannel Could Allow Spoofing (960225) SP2: replaces MS07-031 SP3: replaces none Feb 09: Jan 09 MS09-001 – Critical Vulnerabilities in SMB Could Allow Remote Code Execution (958687) SP2: replaces MS08-063 SP3: replaces MS08-063 Dec 08 MS08-071 – Critical Vulnerabilities in GDI Could Allow Remote Code Execution (956802) SP2: replaces MS08-021 SP3: replaces none MS08-073 - Critical Cumulative Security Update for Internet Explorer (958215) SP2: replaces MS08-058 SP3: replaces MS08-058 MS08-076 – Important Vulnerabilities in Windows Media Components Could Allow Remote Code Execution (959807) SP2: replaces none SP3: replaces none MS08-078 - Critical Security Update for Internet Explorer (960714) SP2: replaces none SP3: replaces none Nov 08: MS08-068 | Important Vulnerability in SMB Could Allow Remote Code Execution (957097) SP2: replaces MS05-011 SP3: replaces none MS08-069 | Critical Vulnerabilities in Microsoft XML Core Services Could Allow Remote Code Execution (955218) SP2: replaces MS06-042 SP3: replaces none Oct 08: MS08-061 – Important Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (954211) SP2: replaces MS08-025 SP3: replaces none MS08-062 - Important Vulnerability in Windows Internet Printing Service Could Allow Remote Code Execution (953155) SP2: replaces none SP3: replaces none MS08-064 – Important Vulnerability in Virtual Address Descriptor Manipulation Could Allow Elevation of Privilege (956841) SP2: replaces MS07-022 SP3: replaces none MS08-066 – Important Vulnerability in the Microsoft Ancillary Function Driver Could Allow Elevation of Privilege (956803) SP2: replaces none SP3: replaces none MS08-067 – Critical Vulnerability in Server Service Could Allow Remote Code Execution (958644) SP2: replaces MS06-040 SP3: replaces none Sep 08: MS08-052 - Critical Vulnerabilities in GDI+ Could Allow Remote Code Execution (954593) SP2: replaces none SP3: replaces none MS08-053 - Critical Vulnerability in Windows Media Encoder 9 Could Allow Remote Code Execution (954156) SP2: replaces none SP3: replaces none MS08-054 - Critical Vulnerability in Windows Media Player Could Allow Remote Code Execution (954154) SP2: replaces none SP3: replaces none Aug 08: MS08-045 - Critical Cumulative Security Update for Internet Explorer (953838) SP2: replaces MS08-031 SP3: replaces MS08-031 MS08-046 - Critical Vulnerability in Microsoft Windows Image Color Management System Could Allow Remote Code Execution (952954) SP2: replaces none SP3: replaces none MS08-048 - Important Security Update for Outlook Express and Windows Mail (951066) SP2: replaces none SP3: replaces none MS08-049 - Important Vulnerabilities in Event System Could Allow Remote Code Execution (950974) SP2: replaces none SP3: replaces none MS08-050 - Important Vulnerability in Windows Messenger Could Allow Information Disclosure (955702) SP2: replaces none SP3: replaces none Jul 08: MS08-037 - Important Vulnerabilities in DNS Could Allow Spoofing (953230) SP2: replaces MS06-064, MS08-001 SP3: replaces none Jun 08: MS08-030 - Critical Vulnerability in Bluetooth Stack Could Allow Remote Code Execution (951376) SP2: replaces none SP3: replaces none MS08-031 - Critical Cumulative Security Update for Internet Explorer (950759) SP2: replaces MS08-024 SP3: replaces none replaced by MS08-45 MS08-032 - Moderate Cumulative Security Update of ActiveX Kill Bits (950760) SP2: replaces MS08-023 SP3: replaces none MS08-033 - Critical Vulnerabilities in DirectX Could Allow Remote Code Execution (951698) SP2: replaces MS07-064 SP3: replaces none MS08-035 - Important Vulnerability in Active Directory Could Allow Denial of Service (953235) SP2: replaces MS08-003 SP3: replaces none MS08-036 - Important Vulnerabilities in Pragmatic General Multicast (PGM) Could Allow Denial of Service (950762) SP2: replaces MS06-052 SP3: replaces none
<!-- ******************************************************************** -->
These updates are not included as they have been superceeded by a following update:
<!-- ******************************************************************** -->
<!-- ******************************************************************** -->
The following security updates are not presently included:
<!-- ******************************************************************** -->
Fitting All the Hotfixes onto a 700MB CD
If you slipstream all of the hotfixes listed above, the resulting size will be greater than will fit on a single 700MB "80 minute" CD-R. There are two options to get around this limitation:1. Burn to a DVD instead of a CD. Of course, this isn't an option if the computer you are installing on does not have a DVD drive, or you don't have software to burn an .ISO file to a DVD.
2. Remove unneeded directories from the CD. On my Windows XP SP1 CD, I found I could delete the following directories before creating the .ISO:
D:\I386\WIN9XMIG: 33.5MB (Windows 9x migration files, not used when performing a fresh XP installation) D:\DOTNETFX: 33.1MB (.NET Framework, install this manually later if needed) D:\cmpnents 26.5MB (.NET Framework, TabletPC) D:\SUPPORT: 11.3MB (Support tools, not used by the installer) D:\VALUEADD: 9.1MB (Value added programs, not used by the installer) D:\I386\WIN9XUPG: 3.9MB (Windows 9x upgrade files, not used when performing a fresh XP installation) D:\DOCS: 0.1MB (Miscellaneous documents, not used by the installer)
If you don't need to install the Recovery Console, you can remove:
D:\I386\WINNTUPG: 1.0MB (Windows NT/2000 upgrade files, not used when performing a fresh XP installation)
If you don't need to install languages other than English, you can remove:
D:\I386\LANG: 101.7MB
If you remove all of the above directories, you will have reduced the size of the CD by over 223MB. Using my Windows XP SP1 disk, I went from 786MB, to 563MB, which easily fits on most sizes of CD-R media (see the table below).
Here is a table listing the different sizes of CD media. The sizes listed below I discovered empirically, and may vary depending on the type of media used.
Disk Type Size ------------------------ ----------- 80 minute/"700MB" CD-R 697,425,920 74 minute/"650MB" CD-R 642,883,584 80 minute/"700MB" CD-R/W 598,808,576 74 minute/"650MB" CD-R/W 557,260,800
Of course, using a program such as nLite, you can accomplish a far greater size reduction that what is listed above.
For more information, see:
http://unattended.msfn.org/unattended.xp/view/web/57/
http://pages.videotron.com/tbone/unattended/#_Toc79089721
Using Cygwin to Burn a Bootable CD
If you have, or install, Cygwin, you can build and burn a bootable CD, by editing the CD and CD_DEV variables at the beginning of xpsp3.mak, and typing: $ make -f xpsp3.mak You can also add the parameters on the command line:$ make -f xpsp3.mak CD=F: CD_DEV=0,0,0 If you include md5s.txt (updated 03-May-09), make will verify the files downloaded correctly before executing them. Of course, to run make, you will need to install Cygwin and select the make, perl, and wget packages. To create a Windows XP boot disk with Service Pack 1a and Update Rollup 1 (KB826939), use xpsp1_ru.mak.
Older Scripts
To slipstream a Windows XP boot disk with SP2, use xpsp2.cmd. To update Windows XP with SP2, use xpsp2local.cmd. To create a Windows XP boot disk with SP2, use xpsp2.mak. To create a Windows XP boot disk with only SP1a, use xpsp1.mak. To create a Windows 2000 boot disk with SP4, use w2k_sp4.mak.Microsoft XML Core Services Hotfixes
For Microsoft XML Core Services, run msxml_hotfixes.cmd (updated 01-Jan-08) to install the latest hotfixes locally.
Microsoft Office 2003 SP3 and Hotfixes
For Office 2003, run office_2003_hotfixes.cmd (updated 31-Dec-07) to install Service Pack 2, and all post-SP3 hotfixes locally.
- ross's blog
- Login to post comments
halsteadk,
Thanks for the heads up! The correct files have been posted.
Chris,
xpsp3.mak is only needed if you want to build and burn a CD with one command. It requires Cygwin.
Otherwise, just use xpsp3.cmd.
Methanoid
You're right. It should say 31-Dec-07. I'll fix that soon. Thanks for the heads up.