Page 1 of 1

Missing updates for Windows XP in WSUS Offline Update 9.2.3

PostPosted: 12.02.2018, 12:28
by hbuhrmester
Missing updates for Windows XP in WSUS Offline Update 9.2.3 ESR

Some updates are missing, if Windows XP is updated with WSUS Offline Update 9.2.3 ESR. This partly depends on the selected options in the UpdateInstaller.exe: I selected all options except Microsoft Security Essentials, because this doesn't work offline, and MSSE cannot be installed on Windows XP anymore.

Remote Desktop Client

The update installer still tries to install the Remote Desktop Client (kb969084) on Windows XP. This results in two warnings in the installation log:

Code: Select all
11.02.2018  5:47:44,59 - Warning: Update kb969084 not found
11.02.2018  5:47:45,26 - Warning: Remote Desktop Client installation file(s) not found

The Microsoft Baseline Security Analyzer does not report this update as missing.

The download links for kb969084 can only be found in the version 9.2.1. They were deliberately removed in the first ESR version 9.2.2, because the downloads are no longer available.

From the file history.txt:

Code: Select all
Version 9.2.2 -- 03.07.17
- NOTE: This is an extended support release for older platforms (Windows XP, Server 2003, Vista and 8)
- Fix: Removed unavailable static download links for kb953356, kb969084, rootsupd.exe and rvkroots.exe

This update should not be used anymore; some unsupported Remote Desktop Client will probably only be a security risk. But then the code to install this update should be removed from version 9.2.3 ESR.

rootsupd.exe and rvkroots.exe

The files rootsupd.exe and rvkroots.exe are not downloaded anymore, but the update installer still tries to install them.

Actually, the download link to rvkroots.exe still works, and the file rootsupd.exe can be downloaded from viewtopic.php?f=3&t=4820&start=20#p25057

These download links can be added to the static download file StaticDownloadLinks-win-x86-glb.txt or to a custom file with the same name in the wsusoffline/static/custom directory.

.NET Frameworks

Ten updates for .NET Frameworks are missing, because they are superseded by newer updates for the embedded Windows XP POSReady. But updates for POSReady can't be installed on the regular versions of Windows XP, so these updates end up missing.

This has been reported by Denniss before: viewtopic.php?f=4&t=5175#p16838

But, instead of defining the links statically, it is sufficient to add the kb numbers to the file ExcludeList-superseded-exclude.txt, or to a file with the same name in the wsusoffline/exclude/custom directory:

Code: Select all


One update for Silverlight is missing. It is reported in the installation log:

Code: Select all
11.02.2018  6:00:45,46 - Warning: Update kb2977218 (id: 68568dfa-c35c-4bc3-8996-74a818d0e5d7) not found

The Microsoft Baseline Security Analyzer also reports this update as missing.

There are four downloads associated with this update id in the file package.xml:

Code: Select all

The same downloads can also be found in the Microsoft Update Catalog for the kb number kb2977218: ... =kb2977218

Handling these updates is more difficult than the others: The XSLT transformation file for "win" does not extract downloads for "silverlight", and the downloads do not have the kb number in their names. Then these files must be statically defined with their complete URLs in the file StaticDownloadLinks-win-x86-glb.txt.

This will cause all four files to be downloaded to the directory wsusoffline/client/win/glb, but the update installer still won't install them automatically. One of these files, the "Update for Silverlight" or "Silverlight for Developers", 32-bit or 64-bit, must be installed manually. The update requires another restart of the computer.

Once this is done, the installation script of WSUS Offline Update and the Microsoft Baseline Security Analyzer won't find any missing security updates anymore.

Re: Missing updates for Windows XP in WSUS Offline Update 9.

PostPosted: 16.02.2018, 16:11
by hbuhrmester
More about Silverlight updates

The downloads for Silverlight should just be "Silverlight.exe" and "Silverlight_x64.exe"; they should not have the embedded SHA-1 hashes from the WSUS catalog file

Instead, the URLs from this topic should be used:

Update für Microsoft Silverlight 5 Juli 2014 (KB2977218)

Code: Select all

This update was applied to WSUS Offline Update 9.3.1, as Trac shows for Changeset 605:

Changeset 605

Changeset 605 for trunk/static/StaticDownloadLinks-win-x86-glb.txt ... 86-glb.txt

Changeset 605 for trunk/cmd/DownloadUpdates.cmd ... pdates.cmd

Note, how the version for DownloadUpdates.cmd changes:

Code: Select all
set WSUSOFFLINE_VERSION=9.3.1+ (r605)

So, this Update for Silverlight was applied to version 9.3.1, revision 605 and probably released in version 9.3.2. Then the same patch should also be applied to version 9.2.3 ESR.

However, kb2977218 was only the update, which was reported as missing in Windows XP, but Windows Vista or Windows 8 (which are also supported by version 9.2.3 ESR) could possibly use a newer version of Silverlight.

Re: Missing updates for Windows XP in WSUS Offline Update 9.

PostPosted: 18.02.2018, 17:46
by WSUSUpdateAdmin
Moin Hartmut,

danke schön! :)
Das gucke ich mir nochmal in Ruhe an...


Re: Missing updates for Windows XP in WSUS Offline Update 9.

PostPosted: 23.03.2018, 15:03
by WSUSUpdateAdmin

Ich habe jetzt eingebaut:
- Microsoft Silverlight updated to v. 5.1.30514.0 (Thanks to "harry" and H. Buhrmester)
- Removed obsolete Remote Desktop Client installation (Thanks to H. Buhrmester)
- Fix: Download part missed ten updates for .NET Frameworks (Thanks to "Denniss" and H. Buhrmester)

Die Lösung für rootsupd.exe / rvkroots.exe gehört für mich auch eher in den "custom"-Bereich.

Danke nochmal, viele Grüße
und ein schönes Wochenende,