And I was looking for something fun to do for the weekend I am firing up the VMs and starting testing Thank you so much for this! Also from a quick look on the readme it seems to me that the bypass esu supressor for 2008 is best left out of the picture and just use the lite version of the dotnetesubypass for vista for the one update that requires it. Personally I have incorporated it into a script that installs the bypass --> installs the dotnet 4.7 update --> removes the bypass in one go. (Obviously I am updating offline with all updates already on my hdd. I use windows update only to check if everything installed properly.) By the way I would love a dotnetesubypass (with unattended switches or similar) in one script file like the kms aio is but I assume that this is not possible for vista right? Maybe because of the powershell 2.0. (my knowledge is limited regarding this) Anyway diving in the VMs for now!
On Vista Ultimate x64 worked like a charm! The scan took a full 35 minutes and the ram peaked at 7.47gb (one could say flew upwards like a Boeing...) Previously it used to peak at 4.75gb for me. I had 8gb of ram allocated on the VM (pagefile deactivated) and it actually throttled down twice. I used the option 3 on wuc patch and it detected 299 important + 84 optional updates. It detected properly the last dotnet cumulative (66.6mb so both 4.7 and 2.0&3.0) and the monthly security update. Before the scan i had applied already 63 updates + dotnet 3.5 + 4.6.2 + IE9. In order to initiate the scan I chose the "check but let me choose" option. So as @abbodi1406 said about the ram.. it is for the best to not to use any. Definitely don't deactivate the pagefile if you have anything less than 8gb of ram.
Just here to confirm, that this still works as of the 19th February 2023. After applying the patch as intended and then the WU_datastore_Fix it worked beautifully for me. It didnt use much resources, only 2GB of RAM while checking and downloading. The first time it checks for updates it takes about 45 minutes to check, but after that it downloads them very fast. After the first time checking for updates it doesnt take nearly as long to check for updates, only about 5 minutes for me. Thank you again for this nice patch!
This is what I get when I run the ps script on Vista Enterprise: Spoiler TLS_RSA_WITH_AES_128_CBC_SHA TLS_RSA_WITH_AES_256_CBC_SHA TLS_RSA_WITH_RC4_128_SHA TLS_RSA_WITH_3DES_EDE_CBC_SHA TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P256 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P384 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P521 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P256 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P384 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P521 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P256 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P384 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P521 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P256 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P384 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P521 TLS_DHE_DSS_WITH_AES_128_CBC_SHA TLS_DHE_DSS_WITH_AES_256_CBC_SHA TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA TLS_RSA_WITH_RC4_128_MD5 SSL_CK_RC4_128_WITH_MD5 SSL_CK_DES_192_EDE3_CBC_WITH_MD5 TLS_RSA_WITH_NULL_MD5 TLS_RSA_WITH_NULL_SHA So I guess I have only the week ones. (I wonder if someone is able to make a patch that adds the newer ciphers )
the weak are the ones currently working for Win 7-8.1, but Vista list don't have them (as expected) Code: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P384 notice SHA256 and SHA384 if someone can check the same on updated Server 2008
Server 2008 SP2 x86, no April updates applied, yet. Code: TLS_RSA_WITH_AES_128_CBC_SHA TLS_RSA_WITH_AES_256_CBC_SHA TLS_RSA_WITH_RC4_128_SHA TLS_RSA_WITH_3DES_EDE_CBC_SHA TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P256 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P384 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P521 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P256 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P384 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P521 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P256 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P384 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P521 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P256 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P384 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P521 TLS_DHE_DSS_WITH_AES_128_CBC_SHA TLS_DHE_DSS_WITH_AES_256_CBC_SHA TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA TLS_RSA_WITH_RC4_128_MD5 SSL_CK_RC4_128_WITH_MD5 SSL_CK_DES_192_EDE3_CBC_WITH_MD5 TLS_RSA_WITH_NULL_MD5 TLS_RSA_WITH_NULL_SHA Edit: x64 exactly the same. Edit2: April updates don't change anything. WU is toast. Something's off with fe2.update.microsoft.com?
Yes, they cut down NT 6.0 i wonder how the whoever has Server 2008 Premium Assurance is going to receive ESU updates
I had also problems with just browsing the update catalog with firefox that day. Who knows maybe they just manage to mess up something. I will wait and see for the time being. I will keep updating my script regardless.
yes office product are affected if you try office 365 last built or 2021 on windows 8.1 shared image are blank .. early month this work fines ...
"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA" is now added to the Cipher Suites, which should be working for Vista/Server 2008 (require some update)
The first update is replaced by kb4490514 and in turn replaced by the subsequent monthly rollup. The second update is still current and need also for the IE9