Tuesday, 17 January 2017

One Last Update For Internet Explorer 8.0 on XP

Microsoft decided to release One Last Update For Internet Explorer 8.0 for Windows XP on the 30th April 2014 after officially pulling the plug on the 8th of April 2014.

The browser update was released right across the board for XP including the embedded IE6 built into XP and also for the IE7 and IE8 updated browsers on both x86 and x64.

Although oddly the KB search on the update catalogue site provides No results, but the files are still on the microsoft download site.

WindowsXP-KB2964358-x86-custom-ENU.exe
IE7-WindowsXP-KB2964358-x86-custom-ENU.exe
IE8-WindowsXP-KB2964358-x86-custom-ENU.exe

WindowsServer2003-KB2964358-x64-ENU.exe
IE7-WindowsServer2003-KB2964358-x64-ENU.exe
IE8-WindowsServer2003.WindowsXP-2964358-x64-ENU.exe

Updated 17th January 2017:

WARNING:

For the genuine none PosReady users i hate to say it but "Windows Update" along with "Microsoft Update" and the windows "Auto Update" no longer offer users the KB2964358 update.

Also the most modern Cumulative Security Update for Internet Explorer 8 Windows XP   they now offer users is KB2879017, which is oddly dated 23rd September 2013.

That's a far cry from even KB2909210 released on the 10th February 2014, one could say "yeah but you also get KB2632503 and KB2510531" but lets take a closer look at what they both really are and remind our selves just.. what they where.

KB2632503
IE8-WindowsXP-KB2632503-x86-ENU.exe, well this thing replaced KB976662 which in turn was also replaced by KB2510531... bah humbug... All confusion aside if i was to just name something people would remember and suddenly you realise its been missing a while.

What if i renamed IE8-WindowsXP-KB2632503-x86-ENU.exe
Into      WindowsXP-KB2632503-JS58-x86-ENU.exe

see that JS58? and suddenly its gone from kinda like this...

Description: Install this update to improve Internet Explorer 8's JSON interoperability in conformance with the new ECMAScript, fifth edition standard. After you install this item, you may have to restart your computer. (even that lacks the old term JScript)

Into

Description: Install this update to resolve issues in Windows. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article for more information. After you install this item, you may have to restart your computer.

So what about this one ?

KB2510531
IE8-WindowsXP-KB2510531-x86-ENU.exe
Just what's under the hood of this one ?
Well do you remember getting another update every month along with JScript?  Only this one was for ActiveX Killbits?  well that's what it is. (and this things dated March 2011)

Doesn't it make you wonder what ever happened to the CAPICOM-KB931906

Description: This update resolves a security vulnerability in the redistributable component CAPICOM (versions prior to 2.1.0.2) which could result in remote code execution.

So if your updating a bog standard XP online then your missing at the very least, KB2909210, KB931906, KB931906 and KB2964358. Its no wonder KB2925418 got pulled by what people are describing but that's just the last one (that's the March 2014 Cumulative Security Update for Internet Explorer 8, 9 & 10)

If we where to talk "Conspiracies" and say (just for imaginative example) That between October 2013 and April 2014.. a company leased the telemetry code and fed it into users machines to gather stats for windows 10 and also this idea of users essentially "Torrenting Updates with windows 10" to save a company a load of bandwidth...

Then the lease runs out, so in turn, any updates featuring that code get pulled. Kinda looks like that  MS good deed of.. "here people you can have IE8-WindowsXP-KB2964358-x86-custom-ENU.exe"  but then  "advising us" its best to install it right after a roll up.. conveniently being IE8-WindowsXP-KB2925418-x86-ENU.exe seems more like a slap in our face than a good deed.

So users formatting, partition restoring and updating

Your using a JScript from the 4th of March 2011
Your using ActiveX Killabits from 28th October 2011
and a IE Cumulative Security Update from the 23rd of October 2013

and yet support ended 8th April 2014? and one assumes your fully updated to that 8th of April? because it lets you get the downloads...?

False sense of security is even more false than one can imagine...
i get the moaning that some updates were telemetry fixes.. but theirs no way from March 2011, Oct 2013 to April 2014 their wasn't major security or other bugs fixed.

When i set up an XP x64 SP2 (with IE 8) I get offered the same set of KB Numbers.

So remember, although support ended in April 2014, the browsers patch rate is October 2013, one runtimes from March 2011 and the others from October 2011... Hell... does this mean they've been officially data mining info since march 2011, escalated it in october 2011 and went in for the kill in 2013?... April 30th 2014 looked like someone was scooping up the dregs before pulling the plug.

And people wonder why i maintain this blog...

So if it has been safe using just these 3
IE8-WindowsXP-KB2510531-x86-ENU.exe
IE8-WindowsXP-KB2632503-x86-ENU.exe
IE8-WindowsXP-KB2879017-x86-ENU.exe
Since october, then just wtf was with the next 5 cumulative updates....