Security-Update KB982316 for Windows XP (May 2017)

Windows Update[German]Microsoft has (probably) released another security update (KB982316) for Windows XP to the public. Admins of systems running the unsupported Windows XP could install this update. But the whole thing is mysterious – the package contains only old stuff – and the update is available in English only (not installable on other languages).


Advertising

WannaCry and the after EOL Windows XP-Update

Windows XP is no longer supported from Microsoft for the masses (end of life was 2014). Only customers paying for extended support are receiving additional security updates (and also Windows Embedded). But there has been an exception: After WannaCry used a vulnerability in SMBv1, Microsoft released update KB4012598 for (unsupported) Windows XP, Windows 8 and Windows Server 2003 to the public.

Update KB982316 for Windows XP – the next one?

Microsoft Update KB982316 for Windows XP has been released at May 19, 2017, as Windows Central reported here (and according to the date given on Microsoft's web site). I used a web search for update KB982316 which returned the page An update is available for the Windows Telephony Application Programming Interface (TAPI). dated from 2010 and addresses also Windows XP. Also Microsoft Update Catalog doesn't provide an entry.

But Security Update for Windows XP Service Pack 3 (KB982316) may be downloaded from this Microsoft download site. The update has a size of 492 KB and is available in English only. The download site, dated May 19, 2017, says:

A security issue has been identified that could allow an authenticated local attacker to compromise your system and gain control over it.

A security issue has been identified that could allow an authenticated local attacker to compromise your system and gain control over it. You can help protect your system by installing this update from Microsoft. After you install this update, you may have to restart your system.

Although this vulnerability requires an attacker to be authenticated local, it seems that this issue is critical enough, that Microsoft released another security patch for a non supported operating system. The update may be installed executing the .exe download. A system restart is required. That's what we can read on Microsoft's site…

Inspecting the package

But I've inspected the .exe file and it's content and got puzzled. The files within the package comes with time stamps from 2009 up to 2010. The manifest file says that a TAPI dll shall be updated. And also subfolder update shipped within the patch has a date 06/14/2010. A bit mysterious – but I don't believe, that's an accidental shipped update, because it's only offered from the download link given above.


Advertising

My theory: Microsoft intended to realease an update – but somebody failed to link to the appropriate update package – or something in the download mechanic is broken (could be an explanation of the broken language selection).


Advertising

This entry was posted in Update, Windows and tagged , , , , . Bookmark the permalink.

One Response to Security-Update KB982316 for Windows XP (May 2017)

  1. Chris Chiesa says:

    For what it's worth, I'm here because I just found a file WindowsXP-KB982316-x86-ENU.exe (503,672 bytes), in the "downloads to be looked at" folder on a WinXP laptop of mine, and wanted to know what it was, before just launching it…

    Google search results include a download page at Microsoft that lists this update, but the link ( http://www.microsoft.com/en-us/download/details.aspx?id=18770 ) turns out to be broken.

    I'd say "you can't get it from Microsoft anymore, but I have it if you want it" — but you "don't know me from Adam," so that's probably not useful.

Leave a Reply

Your email address will not be published. Required fields are marked *

Note: Please note the rules for commenting on the blog (first comments and linked posts end up in moderation, I release them every few hours, I rigorously delete SEO posts/SPAM).