Microsoft Enhanced Mitigation Experience Toolkit

Regarding Vulnerability APSA10-05. Can you tell us if the Microsoft EMET tool (Enhanced Mitigation Experience Toolkit) will protect against this vulnerability if EMET is setup to protect the various .exe files from Adobe (Acrobat, FlashPlayer, etc...).
This tools seems like it is one of the best ways to protect against Zero Day vulnerabilities in Adobe Software, but I am unsure if EMET can protect beyond the Adobe .exe and into the supporting DLLs. Testing your products with EMET would seem to me to be a good idea and then you could encourage users to use EMET to assist in protecting your software against Zero Day vulnerabilities. You could post that sort of protection information in your advisories.
Thank you for you time.

Please note that this is a user forum; you are not talking with Adobe here. Adobe staff may or may not note any posts here.

Similar Messages

How can I get the Microsoft enhanced Point and Print compatibility driver installed on Win7 LC master?

We recently migrated from a Windows Server 2003 to Windows Server 2012 print server. When recomposing a linked clone pool with the old 2003 server, drivers were taken care of for the printer when the user printed for the first time after desktop recompose. With 2012, any printer using the Point and Print driver doesn't seem to obtain the driver again from the 2012 server. All of our clients are running Windows 7 which means the Microsoft enhanced Point and Print compatibility driver is not installed in the OS natively.
I apparently need to figure out a way to get this installed on the host image so it trickles down to snapshots when recomposing the linked clone pool but I haven't been able to dig much information on doing this. Does anyone out there have any insight on how to accomplish this? If I recompose a pool now for a user who is using a new Point and Print driver, they get the following message that is resolved by removing the printer from their account and re-adding it:
"The 'Microsoft enhanced Point and Print compatibility driver' printer driver is not installed on this computer. Some printer properties will not be accessible unless you install the printer driver. Do you want to install the driver now?"
I figured the easy solution would be to just install a printer using the Point and Print driver and then remove it...leaving the driver behind (unless it cleaned up after itself). The problem with this is in my testing, even after removing and re-adding a printer that set off installation of this Point and Print driver on the client, any other printer that was using it still required the remove/re-add process in order to work, else I got the same message. That tells me that the driver may be custom for each printer installed?
Color me a little confused. I do NOT like the way that Server 2012 handles printers. I've come across a few other issues as well (such as duplex capabilities not being remember on the print server for a printer) that I never had with the 2003 server.
Thanks!!

I was able to get it to work using your instructions off of here and your other thread
Thank you!
Chris
http://social.technet.microsoft.com/Forums/en-US/864553c2-c8ff-49d2-bd48-eb7b47381111/windows-2012-print-server-problem-with-xp-clients?prof=required

Fault messages in target web service (microsoft visual studio) -experience?

Hi guys!
We use async scenario : SAP_R3 (ABAP Proxy) -> XI -> Web Service (SOAP). Target web service is created in microsoft visual studio. Standard scenario worx fine. We send data from r3, the web service processes them. However, we want to use also fault messages in case, there will be exception rised in the target web service and let operator in sxmb monitor know, that there's a problem. These fault messages should be used as acknowledgement. But we have serious problem with implementing fault messages in the target web service in the visual studio. Does someone have experience with this?
Thanx a lot for info!
Olian

Hi
see the below links
Consuming XI Web Services using Web Dynpro Part II-/people/riyaz.sayyad/blog/2006/05/08/consuming-xi-web-services-using-web-dynpro-150-part-ii
Consuming XI Web Services using Web Dynpro Part I -/people/riyaz.sayyad/blog/2006/05/07/consuming-xi-web-services-using-web-dynpro-150-part-i
https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/0d7349b6-0901-0010-ddbe-ec43178a61ff
https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/ee5bc490-0201-0010-e9b5-a258cf083bca
Troubleshooting SOAP Message - XI - /people/varadharajan.krishnasamy/blog/2007/01/09/troubleshooting-soap-message--xi
Troubleshooting - RFC and SOAP scenarios-/people/shabarish.vijayakumar/blog/2008/01/08/troubleshooting--rfc-and-soap-scenarios-updated-on-20042009
Regards
Chilla

Details on Microsoft File Server Migration Toolkit 1.2

We are planning to move our file server from a Server 2008 cluster (running on an outdated SAN) to a Server 2008 R2 cluster attached to a new SAN.
The FSMT looks like the best way to accomplish this, but I have a few questions.
1. The docs don't mention 2008 R2 in any functional descriptions, but the requirements on the download link at http://www.microsoft.com/en-us/download/details.aspx?id=10268 mention
2008 R2. Does this version of the tool work with 2008 R2? If so, are there any restrictions or features that are unavailable?
2. The existing file servers are old and tend to get slowed down periodically by a combination of heavy use, security software, and automated vulnerability scans. The docs do mention graceful rollback, but is there any mechanism for retrying copies due to
slow/dropped connections?
3. We cannot have a single point of failure, so DFS will have to be clustered. Can the DFS root server run on the same cluster as the source or target file servers? Target would be preferable since we intend to decommission the source cluster. (We are in
a restricted environment where adding machines takes a great deal of time.)

I havent tried your scenario with FSMT.
Do you have a DFS Namespace that you use today for the access?
Im not certain that FSMT can setup a DFS Consolidation namespace in a Cluster, but it is possible by hand anyway.
Microsoft KB829885 specifies how to setup a DFS Consolidation namespace in a Windows 2003 Cluster, the process for a single node is the same so I guess the same is true for cluster setups.
Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. Even if you are not the author of a thread you can always help others by voting as Helpful. This can
be beneficial to other community members reading the thread.
Oscar Virot

Microsoft Security Advisory 2963983

https://technet.microsoft.com/library/security/2963983
I called MS today not sure i had the right department, but the gentleman didn't know what I was referencing does anyone know of a site to get up to date information of this issue and when MS plans on releasing a patch?
Also were advising everyone to disable the Adobe flash in internet explorer Add-on's, anything else that we can do to remedy this is greatly valued.
Thank you,

Summary:
For more information on these and other remediation options, please see
Security Advisory 2963983. Additional information on this limited, targeted attack can be found on the
MSRC blog.
IE is widely recognized as the most secure browser against socially-engineered malware, the most common form of attack, blocking 99.9% of malware in a
recent NSS Labs test.
We encourage you to consider upgrading to the latest version of IE for improved security features such as Enhanced Protected Mode, better backward compatibility through
Enterprise Mode, increased performance, and support for the modern web standards that run today’s websites and services.
On April 26, 2014, Microsoft released a
Security Advisory (2963983) to notify customers of a vulnerability in IE. At this time we are aware of limited, targeted attacks. We encourage customers to follow the suggested mitigations outlined in the security advisory while an update is
finalized.
Guidance on suggested mitigations:
Our investigation has revealed that Enhanced Protected Mode, on by default for the modern browsing experience in IE10 and IE11, as well as Enhanced Mitigation Experience Toolkit (EMET) 4.1 and EMET 5.0 Technical Preview, could help protect against this potential
risk. We encourage customers to follow the suggested mitigations outlined in the security advisory while an update is finalized.
The Enhanced Mitigation Experience Toolkit 4.1: (EMET)
helps mitigate the exploitation of this vulnerability by adding additional protection layers that make the vulnerability harder to exploit. EMET 4.1 is supported by Microsoft, and is automatically configured to help protect Internet Explorer. EMET
can also be configured using Group Policy. For more information, see
Microsoft Knowledge Base Article 2458544.
More details:
Deploy the Enhanced Mitigation Experience Toolkit 4.1
Pros: Blocks potential exploits of this vulnerability
Cons: May be incompatible with some web apps
Enable Enhanced Protected Mode
Pros: Blocks potential exploits of this vulnerability
Cons: May be incompatible with some web apps; not available on 32-bit Windows 7
Businesses who have upgraded to IE11 or IE10 can enable
Enhanced Protected Mode
(EPM) for additional security protection. On Windows 8 and Windows 8.1, EPM is enabled by default for the modern, immersive browsing experience. Customers using the touch-friendly IE11 browser on Windows tablets, for example, are already
using EPM and may not be susceptible to this and similar attacks.
Enhanced Protected Mode can be enabled and managed through Group Policy. To manually enable EPM in IE, perform the following steps:
On the IE Tools menu, click Internet Options.
In the Internet Options dialog box, click the Advanced tab, and then scroll down to the Security section of the settings list.
Ensure the checkboxes next to Enable Enhanced Protected Mode and Enable 64-bit processes for Enhanced Protected Mode (for 64-bit systems) are selected.
Click OK to accept the changes and return to IE.
Restart your system.
While Enhanced Protected Mode provides significant additional protection, it may not be compatible with some add-ons and enterprise web apps. Also, while EPM is available for
64-bit Windows 7, it is not an option for 32-bit Windows 7 installations.
Unregister VGX.DLL
Pros: Relatively simple workaround
Cons: May not protect against other exploits
Known attacks currently take advantage of VGX.DLL, which provides support for Vector Markup Language (VML). VML is not natively supported by most web browsers today,
so this remediation option may have the least impact on enterprise web app compatibility.
To unregister VGX.DLL:
Click Start, click Run, and type "%SystemRoot%\System32\regsvr32.exe" /u /s "%CommonProgramFiles%\Microsoft Shared\VGX\vgx.dll"
After an update has been released and installed, you can re-register VGX.DLL with: "%SystemRoot%\System32\regsvr32.exe" /s "%CommonProgramFiles%\Microsoft Shared\VGX\vgx.dll"
These commands can be issued as batch files via Microsoft System Center Configuration Manager or other infrastructure management solutions.
Rob^_^

Cannot install EMET Notifier 4.1 or 5.0 Tech Preview

I uninstalled EMET notifier 3 to try out the new 5.0 tech preview. However when trying to install I get an error saying "There is a problem with this Windows Installer package. A DLL required for this install to complete could not be run. Contact your
support personnel or package vendor."
I tried installing 4.1 and get the same error. I am running Windows 8.1 Home Premium and have .Net 4 installed. I have turned on verbose logging, apologies for the massive amount of data but I didn't want anything to get missed.
The log file is below. Can anyone suggest what might be going wrong?
\Edit - The log below is pretty heavy reading, but the line that seems to be causing the trouble is:
CustomAction DIRCA_CheckFX returned actual error code 1157 (note this may not be 100% accurate if translation happened inside sandbox)
Solution
The solution is to go into c:\users\"username"\AppData\Local\ then right click on "temp" and choose "properies". Choose "security" --> edit --> add, and add the username you are using, and give yourself all rights.
I got this information from http://sourceforge.net/p/googlesyncmod/support-requests/225/?page=0
Many thanks,
Ian
=== Verbose logging started: 30/04/2014 11:25:31 Build type: SHIP UNICODE 5.00.9600.00 Calling process: C:\WINDOWS\System32\msiexec.exe ===
MSI (c) (C4:6C) [11:25:31:363]: Font created. Charset: Req=0, Ret=0, Font: Req=MS Shell Dlg, Ret=MS Shell Dlg
MSI (c) (C4:6C) [11:25:31:364]: Font created. Charset: Req=0, Ret=0, Font: Req=MS Shell Dlg, Ret=MS Shell Dlg
MSI (c) (C4:04) [11:25:31:373]: Resetting cached policy values
MSI (c) (C4:04) [11:25:31:373]: Machine policy value 'Debug' is 0
MSI (c) (C4:04) [11:25:31:373]: ******* RunEngine:
           ******* Product: C:\Users\Ian\Downloads\EMET Setup.msi
           ******* Action:
           ******* CommandLine: **********
MSI (c) (C4:04) [11:25:31:374]: Machine policy value 'DisableUserInstalls' is 0
MSI (c) (C4:04) [11:25:31:381]: SOFTWARE RESTRICTION POLICY: Verifying package --> 'C:\Users\Ian\Downloads\EMET Setup.msi' against software restriction policy
MSI (c) (C4:04) [11:25:31:381]: SOFTWARE RESTRICTION POLICY: C:\Users\Ian\Downloads\EMET Setup.msi has a digital signature
MSI (c) (C4:04) [11:25:31:427]: SOFTWARE RESTRICTION POLICY: C:\Users\Ian\Downloads\EMET Setup.msi is permitted to run at the 'unrestricted' authorization level.
MSI (c) (C4:04) [11:25:31:431]: Cloaking enabled.
MSI (c) (C4:04) [11:25:31:431]: Attempting to enable all disabled privileges before calling Install on Server
MSI (c) (C4:04) [11:25:31:433]: End dialog not enabled
MSI (c) (C4:04) [11:25:31:433]: Original package ==> C:\Users\Ian\Downloads\EMET Setup.msi
MSI (c) (C4:04) [11:25:31:433]: Package we're running from ==> C:\Users\Ian\Downloads\EMET Setup.msi
MSI (c) (C4:04) [11:25:31:435]: APPCOMPAT: Compatibility mode property overrides found.
MSI (c) (C4:04) [11:25:31:435]: APPCOMPAT: looking for appcompat database entry with ProductCode '{65BC2BDA-D828-4596-99E4-A8799C45C84C}'.
MSI (c) (C4:04) [11:25:31:435]: APPCOMPAT: no matching ProductCode found in database.
MSI (c) (C4:04) [11:25:31:440]: MSCOREE not loaded loading copy from system32
MSI (c) (C4:04) [11:25:31:443]: Machine policy value 'TransformsSecure' is 0
MSI (c) (C4:04) [11:25:31:443]: User policy value 'TransformsAtSource' is 0
MSI (c) (C4:04) [11:25:31:443]: Note: 1: 2262 2: MsiFileHash 3: -2147287038
MSI (c) (C4:04) [11:25:31:443]: Machine policy value 'DisablePatch' is 0
MSI (c) (C4:04) [11:25:31:443]: Machine policy value 'AllowLockdownPatch' is 0
MSI (c) (C4:04) [11:25:31:443]: Machine policy value 'DisableMsi' is 0
MSI (c) (C4:04) [11:25:31:443]: Machine policy value 'AlwaysInstallElevated' is 0
MSI (c) (C4:04) [11:25:31:443]: User policy value 'AlwaysInstallElevated' is 0
MSI (c) (C4:04) [11:25:31:443]: Running product '{65BC2BDA-D828-4596-99E4-A8799C45C84C}' with user privileges: It's not assigned.
MSI (c) (C4:04) [11:25:31:443]: Machine policy value 'DisableLUAPatching' is 0
MSI (c) (C4:04) [11:25:31:443]: Machine policy value 'DisableFlyWeightPatching' is 0
MSI (c) (C4:04) [11:25:31:443]: Enabling baseline caching for this transaction since all active patches are MSI 3.0 style MSPs or at least one MSI 3.0 minor update patch is active
MSI (c) (C4:04) [11:25:31:444]: APPCOMPAT: looking for appcompat database entry with ProductCode '{65BC2BDA-D828-4596-99E4-A8799C45C84C}'.
MSI (c) (C4:04) [11:25:31:444]: APPCOMPAT: no matching ProductCode found in database.
MSI (c) (C4:04) [11:25:31:444]: Transforms are not secure.
MSI (c) (C4:04) [11:25:31:444]: PROPERTY CHANGE: Adding MsiLogFileLocation property. Its value is 'C:\Users\Ian\AppData\Local\Temp\MSIc9f55.LOG'.
MSI (c) (C4:04) [11:25:31:444]: Command Line: CURRENTDIRECTORY=C:\Users\Ian\Downloads CLIENTUILEVEL=0 CLIENTPROCESSID=4548
MSI (c) (C4:04) [11:25:31:444]: PROPERTY CHANGE: Adding PackageCode property. Its value is '{69FDEBF8-3A1D-4011-AAB7-980DF90F569B}'.
MSI (c) (C4:04) [11:25:31:444]: Product Code passed to Engine.Initialize:           ''
MSI (c) (C4:04) [11:25:31:444]: Product Code from property table before transforms: '{65BC2BDA-D828-4596-99E4-A8799C45C84C}'
MSI (c) (C4:04) [11:25:31:444]: Product Code from property table after transforms: '{65BC2BDA-D828-4596-99E4-A8799C45C84C}'
MSI (c) (C4:04) [11:25:31:444]: Product not registered: beginning first-time install
MSI (c) (C4:04) [11:25:31:444]: PROPERTY CHANGE: Modifying ALLUSERS property. Its current value is '2'. Its new value: '1'.
MSI (c) (C4:04) [11:25:31:444]: PROPERTY CHANGE: Adding ProductState property. Its value is '-1'.
MSI (c) (C4:04) [11:25:31:444]: Entering CMsiConfigurationManager::SetLastUsedSource.
MSI (c) (C4:04) [11:25:31:444]: User policy value 'SearchOrder' is 'nmu'
MSI (c) (C4:04) [11:25:31:444]: Adding new sources is allowed.
MSI (c) (C4:04) [11:25:31:444]: PROPERTY CHANGE: Adding PackagecodeChanging property. Its value is '1'.
MSI (c) (C4:04) [11:25:31:444]: Package name extracted from package path: 'EMET Setup.msi'
MSI (c) (C4:04) [11:25:31:444]: Package to be registered: 'EMET Setup.msi'
MSI (c) (C4:04) [11:25:31:444]: Note: 1: 2262 2: Error 3: -2147287038
MSI (c) (C4:04) [11:25:31:445]: Note: 1: 2262 2: AdminProperties 3: -2147287038
MSI (c) (C4:04) [11:25:31:445]: Machine policy value 'AlwaysInstallElevated' is 0
MSI (c) (C4:04) [11:25:31:445]: User policy value 'AlwaysInstallElevated' is 0
MSI (c) (C4:04) [11:25:31:445]: Running product '{65BC2BDA-D828-4596-99E4-A8799C45C84C}' with user privileges: It's not assigned.
MSI (c) (C4:04) [11:25:31:445]: PROPERTY CHANGE: Adding CURRENTDIRECTORY property. Its value is 'C:\Users\Ian\Downloads'.
MSI (c) (C4:04) [11:25:31:445]: PROPERTY CHANGE: Adding CLIENTUILEVEL property. Its value is '0'.
MSI (c) (C4:04) [11:25:31:445]: PROPERTY CHANGE: Adding CLIENTPROCESSID property. Its value is '4548'.
MSI (c) (C4:04) [11:25:31:445]: TRANSFORMS property is now:
MSI (c) (C4:04) [11:25:31:445]: PROPERTY CHANGE: Adding VersionDatabase property. Its value is '200'.
MSI (c) (C4:04) [11:25:31:445]: SHELL32::SHGetFolderPath returned: C:\Users\Ian\AppData\Roaming
MSI (c) (C4:04) [11:25:31:446]: SHELL32::SHGetFolderPath returned: C:\Users\Ian\Favorites
MSI (c) (C4:04) [11:25:31:446]: SHELL32::SHGetFolderPath returned: C:\Users\Ian\AppData\Roaming\Microsoft\Windows\Network Shortcuts
MSI (c) (C4:04) [11:25:31:446]: SHELL32::SHGetFolderPath returned: C:\Users\Ian\Documents
MSI (c) (C4:04) [11:25:31:446]: SHELL32::SHGetFolderPath returned: C:\Users\Ian\AppData\Roaming\Microsoft\Windows\Printer Shortcuts
MSI (c) (C4:04) [11:25:31:446]: SHELL32::SHGetFolderPath returned: C:\Users\Ian\AppData\Roaming\Microsoft\Windows\Recent
MSI (c) (C4:04) [11:25:31:446]: SHELL32::SHGetFolderPath returned: C:\Users\Ian\AppData\Roaming\Microsoft\Windows\SendTo
MSI (c) (C4:04) [11:25:31:446]: SHELL32::SHGetFolderPath returned: C:\Users\Ian\AppData\Roaming\Microsoft\Windows\Templates
MSI (c) (C4:04) [11:25:31:447]: SHELL32::SHGetFolderPath returned: C:\ProgramData
MSI (c) (C4:04) [11:25:31:447]: SHELL32::SHGetFolderPath returned: C:\Users\Ian\AppData\Local
MSI (c) (C4:04) [11:25:31:447]: SHELL32::SHGetFolderPath returned: C:\Users\Ian\Pictures
MSI (c) (C4:04) [11:25:31:447]: SHELL32::SHGetFolderPath returned: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools
MSI (c) (C4:04) [11:25:31:447]: SHELL32::SHGetFolderPath returned: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
MSI (c) (C4:04) [11:25:31:447]: SHELL32::SHGetFolderPath returned: C:\ProgramData\Microsoft\Windows\Start Menu\Programs
MSI (c) (C4:04) [11:25:31:447]: SHELL32::SHGetFolderPath returned: C:\ProgramData\Microsoft\Windows\Start Menu
MSI (c) (C4:04) [11:25:31:448]: SHELL32::SHGetFolderPath returned: C:\Users\Public\Desktop
MSI (c) (C4:04) [11:25:31:448]: SHELL32::SHGetFolderPath returned: C:\Users\Ian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
MSI (c) (C4:04) [11:25:31:448]: SHELL32::SHGetFolderPath returned: C:\Users\Ian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
MSI (c) (C4:04) [11:25:31:448]: SHELL32::SHGetFolderPath returned: C:\Users\Ian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
MSI (c) (C4:04) [11:25:31:448]: SHELL32::SHGetFolderPath returned: C:\Users\Ian\AppData\Roaming\Microsoft\Windows\Start Menu
MSI (c) (C4:04) [11:25:31:448]: SHELL32::SHGetFolderPath returned: C:\Users\Ian\Desktop
MSI (c) (C4:04) [11:25:31:449]: SHELL32::SHGetFolderPath returned: C:\ProgramData\Microsoft\Windows\Templates
MSI (c) (C4:04) [11:25:31:449]: SHELL32::SHGetFolderPath returned: C:\WINDOWS\Fonts
MSI (c) (C4:04) [11:25:31:450]: Note: 1: 2898 2: MS Sans Serif 3: MS Sans Serif 4: 0 5: 16
MSI (c) (C4:04) [11:25:31:455]: MSI_LUA: Setting AdminUser property to 1 because this is the client or the user has already permitted elevation
MSI (c) (C4:04) [11:25:31:455]: PROPERTY CHANGE: Adding AdminUser property. Its value is '1'.
MSI (c) (C4:04) [11:25:31:455]: PROPERTY CHANGE: Adding Privileged property. Its value is '1'.
MSI (c) (C4:04) [11:25:31:455]: Note: 1: 1402 2: HKEY_CURRENT_USER\Software\Microsoft\MS Setup (ACME)\User Info 3: 2
MSI (c) (C4:04) [11:25:31:455]: PROPERTY CHANGE: Adding USERNAME property. Its value is 'Ian'.
MSI (c) (C4:04) [11:25:31:455]: Note: 1: 1402 2: HKEY_CURRENT_USER\Software\Microsoft\MS Setup (ACME)\User Info 3: 2
MSI (c) (C4:04) [11:25:31:455]: PROPERTY CHANGE: Adding DATABASE property. Its value is 'C:\Users\Ian\Downloads\EMET Setup.msi'.
MSI (c) (C4:04) [11:25:31:455]: PROPERTY CHANGE: Adding OriginalDatabase property. Its value is 'C:\Users\Ian\Downloads\EMET Setup.msi'.
MSI (c) (C4:04) [11:25:31:455]: Machine policy value 'MsiDisableEmbeddedUI' is 0
MSI (c) (C4:04) [11:25:31:455]: PROPERTY CHANGE: Adding SourceDir property. Its value is 'C:\Users\Ian\Downloads\'.
MSI (c) (C4:04) [11:25:31:455]: PROPERTY CHANGE: Adding SOURCEDIR property. Its value is 'C:\Users\Ian\Downloads\'.
MSI (c) (C4:6C) [11:25:31:456]: PROPERTY CHANGE: Adding VersionHandler property. Its value is '5.00'.
=== Logging started: 30/04/2014 11:25:31 ===
MSI (c) (C4:04) [11:25:31:459]: Note: 1: 2262 2: PatchPackage 3: -2147287038
MSI (c) (C4:04) [11:25:31:459]: Machine policy value 'DisableRollback' is 0
MSI (c) (C4:04) [11:25:31:459]: User policy value 'DisableRollback' is 0
MSI (c) (C4:04) [11:25:31:459]: PROPERTY CHANGE: Adding UILevel property. Its value is '5'.
MSI (c) (C4:04) [11:25:31:459]: Note: 1: 2262 2: Font 3: -2147287038
MSI (c) (C4:04) [11:25:31:460]: Note: 1: 2203 2: C:\WINDOWS\Installer\inprogressinstallinfo.ipi 3: -2147287038
MSI (c) (C4:04) [11:25:31:460]: Note: 1: 2262 2: LaunchCondition 3: -2147287038
MSI (c) (C4:04) [11:25:31:460]: APPCOMPAT: [DetectVersionLaunchCondition] Launch condition already passes.
MSI (c) (C4:04) [11:25:31:461]: PROPERTY CHANGE: Adding ACTION property. Its value is 'INSTALL'.
MSI (c) (C4:04) [11:25:31:461]: Doing action: INSTALL
MSI (c) (C4:04) [11:25:31:461]: Note: 1: 2262 2: ActionText 3: -2147287038
Action 11:25:31: INSTALL.
Action start 11:25:31: INSTALL.
MSI (c) (C4:04) [11:25:31:461]: UI Sequence table 'InstallUISequence' is present and populated.
MSI (c) (C4:04) [11:25:31:461]: Running UISequence
MSI (c) (C4:04) [11:25:31:461]: PROPERTY CHANGE: Adding EXECUTEACTION property. Its value is 'INSTALL'.
MSI (c) (C4:04) [11:25:31:461]: Doing action: DIRCA_CheckFX
Action 11:25:31: DIRCA_CheckFX.
Action start 11:25:31: DIRCA_CheckFX.
MSI (c) (C4:04) [11:25:31:462]: Note: 1: 2235 2: 3: ExtendedType 4: SELECT `Action`,`Type`,`Source`,`Target`, NULL, `ExtendedType` FROM `CustomAction` WHERE `Action` = 'DIRCA_CheckFX'
MSI (c) (C4:04) [11:25:31:463]: Creating MSIHANDLE (1) of type 790542 for thread 772
MSI (c) (C4:04) [11:25:31:463]: Invoking remote custom action. DLL: C:\Users\Ian\AppData\Local\Temp\MSI9FD2.tmp, Entrypoint: CheckFX
MSI (c) (C4:9C) [11:25:31:464]: Cloaking enabled.
MSI (c) (C4:9C) [11:25:31:464]: Attempting to enable all disabled privileges before calling Install on Server
MSI (c) (C4:9C) [11:25:31:464]: Connected to service for CA interface.
CustomAction DIRCA_CheckFX returned actual error code 1157 (note this may not be 100% accurate if translation happened inside sandbox)
MSI (c) (C4:04) [11:25:31:491]: Closing MSIHANDLE (1) of type 790542 for thread 772
MSI (c) (C4:04) [11:25:31:492]: Note: 1: 1723 2: DIRCA_CheckFX 3: CheckFX 4: C:\Users\Ian\AppData\Local\Temp\MSI9FD2.tmp
MSI (c) (C4:04) [11:25:31:492]: Note: 1: 2262 2: Error 3: -2147287038
MSI (c) (C4:6C) [11:25:31:493]: Note: 1: 2262 2: Error 3: -2147287038
Info 2898.For VSI_MS_Sans_Serif13.0_0_0 textstyle, the system created a 'MS Sans Serif' font, in 0 character set, of 13 pixels height.
MSI (c) (C4:6C) [11:25:31:494]: Note: 1: 2262 2: Error 3: -2147287038
DEBUG: Error 2835: The control ErrorIcon was not found on dialog ErrorDialog
The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2835. The arguments are: ErrorIcon, ErrorDialog,
Error 1723. There is a problem with this Windows Installer package. A DLL required for this install to complete could not be run. Contact your support personnel or package vendor. Action DIRCA_CheckFX, entry: CheckFX, library: C:\Users\Ian\AppData\Local\Temp\MSI9FD2.tmp
MSI (c) (C4:04) [11:25:32:678]: Note: 1: 2262 2: Error 3: -2147287038
MSI (c) (C4:04) [11:25:32:678]: Product: EMET 4.1 -- Error 1723. There is a problem with this Windows Installer package. A DLL required for this install to complete could not be run. Contact your support personnel or package vendor. Action DIRCA_CheckFX,
entry: CheckFX, library: C:\Users\Ian\AppData\Local\Temp\MSI9FD2.tmp
Action ended 11:25:32: DIRCA_CheckFX. Return value 3.
MSI (c) (C4:04) [11:25:32:679]: Doing action: FatalErrorForm
Action 11:25:32: FatalErrorForm.
Action start 11:25:32: FatalErrorForm.
MSI (c) (C4:04) [11:25:32:680]: Note: 1: 2235 2: 3: ExtendedType 4: SELECT `Action`,`Type`,`Source`,`Target`, NULL, `ExtendedType` FROM `CustomAction` WHERE `Action` = 'FatalErrorForm'
MSI (c) (C4:6C) [11:25:32:681]: Note: 1: 2262 2: Error 3: -2147287038
DEBUG: Error 2826: Control Line1 on dialog FatalErrorForm extends beyond the boundaries of the dialog to the right by 3 pixels
The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2826. The arguments are: FatalErrorForm, Line1, to the right
MSI (c) (C4:6C) [11:25:32:681]: Note: 1: 2262 2: Error 3: -2147287038
DEBUG: Error 2826: Control Line2 on dialog FatalErrorForm extends beyond the boundaries of the dialog to the right by 3 pixels
The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2826. The arguments are: FatalErrorForm, Line2, to the right
MSI (c) (C4:6C) [11:25:32:682]: Note: 1: 2262 2: Error 3: -2147287038
DEBUG: Error 2826: Control BannerBmp on dialog FatalErrorForm extends beyond the boundaries of the dialog to the right by 3 pixels
The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2826. The arguments are: FatalErrorForm, BannerBmp, to the right
MSI (c) (C4:6C) [11:25:32:687]: Note: 1: 2262 2: Error 3: -2147287038
Info 2898.For VsdDefaultUIFont.524F4245_5254_5341_4C45_534153783400 textstyle, the system created a 'MS Sans Serif' font, in 0 character set, of 13 pixels height.
MSI (c) (C4:6C) [11:25:32:687]: Note: 1: 2262 2: Error 3: -2147287038
Info 2898.For VSI_MS_Sans_Serif16.0_1_0 textstyle, the system created a 'MS Sans Serif' font, in 0 character set, of 20 pixels height.
Action 11:25:32: FatalErrorForm. Dialog created
MSI (c) (C4:08) [11:25:32:691]: Note: 1: 2731 2: 0
Action ended 11:25:35: FatalErrorForm. Return value 1.
Action ended 11:25:35: INSTALL. Return value 3.
MSI (c) (C4:04) [11:25:35:322]: Destroying RemoteAPI object.
MSI (c) (C4:9C) [11:25:35:324]: Custom Action Manager thread ending.
Property(C): UpgradeCode = {D12F7559-47B0-4D52-B302-737539A86620}
Property(C): WindowsFolder = C:\WINDOWS\
Property(C): ProgramMenuFolder = C:\ProgramData\Microsoft\Windows\Start Menu\Programs\
Property(C): DesktopFolder = C:\Users\Public\Desktop\
Property(C): SystemFolder = C:\WINDOWS\SysWOW64\
Property(C): SourceDir = C:\Users\Ian\Downloads\
Property(C): VSDFrameworkVersion = v4.0
Property(C): VSDAllowLaterFrameworkVersions = False
Property(C): ProductName = EMET 4.1
Property(C): ProductCode = {65BC2BDA-D828-4596-99E4-A8799C45C84C}
Property(C): ProductVersion = 4.1
Property(C): Manufacturer = Microsoft Corporation
Property(C): ARPHELPLINK = http://social.technet.microsoft.com/Forums/en/emet/threads
Property(C): ARPCONTACT = Microsoft Corporation
Property(C): ARPCOMMENTS = Enhanced Mitigation Experience Toolkit 4.1
Property(C): ARPURLINFOABOUT = http://www.microsoft.com/emet
Property(C): ProductLanguage = 1033
Property(C): ALLUSERS = 1
Property(C): ARPPRODUCTICON = _6FEFF9B68218417F98F549.exe
Property(C): SecureCustomProperties = PREVIOUSVERSIONSINSTALLED;NEWERPRODUCTFOUND
Property(C): RedirectedDllSupport = 2
Property(C): VersionNT = 603
Property(C): VSDNETURLMSG = This setup requires the .NET Framework version [1]. Please install the .NET Framework and run this setup again. The .NET Framework can be obtained from the web. Would you like to do this now?
Property(C): VSDIISMSG = This setup requires Internet Information Server 5.1 or higher and Windows XP or higher. This setup cannot be installed on Windows 2000. Please install Internet Information Server or a newer operating system and run this
setup again.
Property(C): VSDUIANDADVERTISED = This advertised application will not be installed because it might be unsafe. Contact your administrator to change the installation user interface option of the package to basic.
Property(C): VSDNETMSG = This setup requires the .NET Framework version [1]. Please install the .NET Framework and run this setup again.
Property(C): VSDINVALIDURLMSG = The specified path '[2]' is unavailable. The Internet Information Server might not be running or the path exists and is redirected to another machine. Please check the status of this virtual directory in the Internet Services
Manager.
Property(C): VSDVERSIONMSG = Unable to install because a newer version of this product is already installed.
Property(C): AdminMaintenanceForm_Action = Repair
Property(C): EulaForm_Property = No
Property(C): FolderForm_AllUsers = ME
Property(C): FolderForm_AllUsersVisible = 0
Property(C): ErrorDialog = ErrorDialog
Property(C): SFF_UpFldrBtn = UpFldrBtn
Property(C): SFF_NewFldrBtn = NewFldrBtn
Property(C): MaintenanceForm_Action = Repair
Property(C): DefaultUIFont = VsdDefaultUIFont.524F4245_5254_5341_4C45_534153783400
Property(C): AdminEulaForm_Property = No
Property(C): WelcomeForm_NextArgs = FolderForm
Property(C): FolderForm_PrevArgs = WelcomeForm
Property(C): FolderForm_NextArgs = EulaForm
Property(C): EulaForm_PrevArgs = FolderForm
Property(C): EulaForm_NextArgs = ConfirmInstallForm
Property(C): ConfirmInstallForm_PrevArgs = EulaForm
Property(C): AdminWelcomeForm_NextArgs = AdminFolderForm
Property(C): AdminFolderForm_PrevArgs = AdminWelcomeForm
Property(C): AdminFolderForm_NextArgs = AdminEulaForm
Property(C): AdminEulaForm_PrevArgs = AdminFolderForm
Property(C): AdminEulaForm_NextArgs = AdminConfirmInstallForm
Property(C): AdminConfirmInstallForm_PrevArgs = AdminEulaForm
Property(C): LAUNCHAPP = 1
Property(C): MsiLogFileLocation = C:\Users\Ian\AppData\Local\Temp\MSIc9f55.LOG
Property(C): PackageCode = {69FDEBF8-3A1D-4011-AAB7-980DF90F569B}
Property(C): ProductState = -1
Property(C): PackagecodeChanging = 1
Property(C): CURRENTDIRECTORY = C:\Users\Ian\Downloads
Property(C): CLIENTUILEVEL = 0
Property(C): CLIENTPROCESSID = 4548
Property(C): VersionDatabase = 200
Property(C): VersionMsi = 5.00
Property(C): VersionNT64 = 603
Property(C): WindowsBuild = 9600
Property(C): ServicePackLevel = 0
Property(C): ServicePackLevelMinor = 0
Property(C): MsiNTProductType = 1
Property(C): MsiNTSuitePersonal = 1
Property(C): WindowsVolume = C:\
Property(C): System64Folder = C:\WINDOWS\system32\
Property(C): RemoteAdminTS = 1
Property(C): TempFolder = C:\Users\Ian\AppData\Local\Temp\
Property(C): ProgramFilesFolder = C:\Program Files (x86)\
Property(C): CommonFilesFolder = C:\Program Files (x86)\Common Files\
Property(C): ProgramFiles64Folder = C:\Program Files\
Property(C): CommonFiles64Folder = C:\Program Files\Common Files\
Property(C): AppDataFolder = C:\Users\Ian\AppData\Roaming\
Property(C): FavoritesFolder = C:\Users\Ian\Favorites\
Property(C): NetHoodFolder = C:\Users\Ian\AppData\Roaming\Microsoft\Windows\Network Shortcuts\
Property(C): PersonalFolder = C:\Users\Ian\Documents\
Property(C): PrintHoodFolder = C:\Users\Ian\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\
Property(C): RecentFolder = C:\Users\Ian\AppData\Roaming\Microsoft\Windows\Recent\
Property(C): SendToFolder = C:\Users\Ian\AppData\Roaming\Microsoft\Windows\SendTo\
Property(C): TemplateFolder = C:\ProgramData\Microsoft\Windows\Templates\
Property(C): CommonAppDataFolder = C:\ProgramData\
Property(C): LocalAppDataFolder = C:\Users\Ian\AppData\Local\
Property(C): MyPicturesFolder = C:\Users\Ian\Pictures\
Property(C): AdminToolsFolder = C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\
Property(C): StartupFolder = C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Property(C): StartMenuFolder = C:\ProgramData\Microsoft\Windows\Start Menu\
Property(C): FontsFolder = C:\WINDOWS\Fonts\
Property(C): GPTSupport = 1
Property(C): OLEAdvtSupport = 1
Property(C): ShellAdvtSupport = 1
Property(C): MsiAMD64 = 6
Property(C): Msix64 = 6
Property(C): Intel = 6
Property(C): PhysicalMemory = 8052
Property(C): VirtualMemory = 5796
Property(C): LogonUser = Ian
Property(C): UserSID = S-1-5-21-48452953-3679128683-2660926274-1002
Property(C): UserLanguageID = 2057
Property(C): ComputerName = CYRIXINSTEAD
Property(C): SystemLanguageID = 2057
Property(C): ScreenX = 1920
Property(C): ScreenY = 1080
Property(C): CaptionHeight = 23
Property(C): BorderTop = 1
Property(C): BorderSide = 1
Property(C): TextHeight = 16
Property(C): TextInternalLeading = 3
Property(C): ColorBits = 32
Property(C): TTCSupport = 1
Property(C): Time = 11:25:35
Property(C): Date = 30/04/2014
Property(C): MsiNetAssemblySupport = 4.0.30319.33440
Property(C): MsiWin32AssemblySupport = 6.3.9600.16384
Property(C): AdminUser = 1
Property(C): Privileged = 1
Property(C): USERNAME = Ian
Property(C): DATABASE = C:\Users\Ian\Downloads\EMET Setup.msi
Property(C): OriginalDatabase = C:\Users\Ian\Downloads\EMET Setup.msi
Property(C): SOURCEDIR = C:\Users\Ian\Downloads\
Property(C): VersionHandler = 5.00
Property(C): UILevel = 5
Property(C): ACTION = INSTALL
Property(C): EXECUTEACTION = INSTALL
=== Logging stopped: 30/04/2014 11:25:35 ===
MSI (c) (C4:04) [11:25:35:331]: Windows Installer installed the product. Product Name: EMET 4.1. Product Version: 4.1. Product Language: 1033. Manufacturer: Microsoft Corporation. Installation success or error status: 1603.
MSI (c) (C4:04) [11:25:35:333]: Grabbed execution mutex.
MSI (c) (C4:04) [11:25:35:333]: Cleaning up uninstalled install packages, if any exist
MSI (c) (C4:04) [11:25:35:334]: MainEngineThread is returning 1603
=== Verbose logging stopped: 30/04/2014 11:25:35 ===

I uninstalled EMET notifier 3 to try out the new 5.0 tech preview. However when trying to install I get an error saying "There is a problem with this Windows Installer package. A DLL required for this install to complete could not be run. Contact your support
personnel or package vendor."
I tried installing 4.1 and get the same error. I am running Windows 8.1 Home Premium and have .Net 4 installed. I have turned on verbose logging, apologies for the massive amount of data but I didn't want anything to get missed.
The log file is below. Can anyone suggest what might be going wrong?
Many thanks,
Ian
I am having exactly the same problem. But I also can't even uninstall EMET 3.0 or EMET 4.0 both of which I have installed on my machine. I get the same error message when I try to uninstall them !! I need to uninstall them so that I can install EMET 4.1
or EMET 5.0.
I have been trying to do this for more than a month but without any luck. So any help will be much appreciated.
Thanks,
Mohamed

Validating digital signatures successfull on Win7 but fails on Vista/XP/W2K3

Microsoft has announced (Security Advisory 2880823: Recommendation to discontinue use of SHA-1) that
they will stop recognizing the validity of SHA-1 based certificates after 2016. Microsoft started to sign their files with digital signatures which use the stronger SHA-2 hashing algorithm. For the countersignatures (Time Stamping Authenticode Signatures)
they also use SHA-256. These certificates can be validated fine on Windows 7/8 but can't be validated on Windows Vista, Windows XP and Windows Server 2003R2. The status of certificates in the Certification Path are OK but on the older operating systems the
countersignature seem to be missing... See the forum thread
EMET 4.1 Update 1: 'The digital signature of the object did not verify.' on Vista/XP in the
Enhanced Mitigation Experience Toolkit (EMET) Support Forum for several screenshots.
Can someone explain this behavior and maybe provide a solution?
W. Spu

Hi,
It looks like it is related with this
https://technet.microsoft.com/library/security/2749655
This issue might be caused by a missing timestamp Enhanced Key Usage (EKU) extension during certificate generation and signing of Microsoft core components and software.
Microsoft is aware of an issue involving specific digital certificates that were generated by Microsoft without proper timestamp attributes. These digital certificates were later used to sign some Microsoft core components and software binaries. This
could cause compatibility issues between affected binaries and Microsoft Windows. While this is not a security issue, because the digital signature on files produced and signed by Microsoft will expire prematurely, this issue could adversely impact the ability
to properly install and uninstall affected Microsoft components and security updates.
So have you applied this update on XP\Vista\Server 2003?
http://support.microsoft.com/kb/2749655
This update will help to ensure the continued functionality of all software that was signed with a specific certificate that did not use a timestamp Enhanced Key Usage (EKU) extension. To extend their functionality, WinVerifyTrust will ignore the lack of
a timestamp EKU for these specific X.509 signatures.
Yolanda Zhu
TechNet Community Support

Is EMET Config XML the same as the GPO of EMET?

Hi,
I deployed EMET to our environment and used GPO to deploy settings. I can see that the GPO are applied and is protecting the computer by going to the registry of the computer. Ex. regedit --> HKLM --> Software --> Policies --> Microsoft
-> EMET.
Then I read on the link below that I have to import the XML, but the XML looks quite similar as the what was set on the GPO. My question is, do I still need to import the XML file if I am already implementing something via GPO?
If that is the case, then if I implement the XML and if something went wrong, I could not globally manage unlike the GPO.
http://blogs.technet.com/b/configmgrteam/archive/2012/05/15/deploying-and-configuring-the-enhanced-mitigation-experience-toolkit.aspx
On the other hand, what I noticed though is with the GPO enabled, I don't see a list of programs being protected under "configure apps". Instead I see what are being protected by going here regedit --> HKLM --> Software --> Policies -->
Microsoft -> EMET.
Am I configuring it correctly or do I need to do both?

Starting with EMET 5.0, EMET installs a service which imports group policy.
http://blogs.technet.com/b/srd/archive/2014/07/31/announcing-emet-v5.aspx - "We have added a new service, called EMET Service, which is taking in charge many duties that EMET Agent used to do in previous versions. The EMET Service, among other
things, takes care of evaluating the Certificate Trust rules, appropriately dispatching EMET Agents in every user’s instance, and automatically applying Group Policy settings pushed through the network. Also, a service offers more resiliency and better ability
to being monitored."
EMET does not currently have the ability to show the group policy application settings in the GUI. You can use the command line to see group policy settings however: emet_conf --list. Microsoft has indicated they are planning on adding that feature
to the GUI in future versions:
https://connect.microsoft.com/emet/Feedback/Details/905794.
You do not need to apply both the group policy and the local xml settings, just one or the other. You can also verify that the group policy settings are applied by looking in the GUI at the list of running applications and noting the green check mark
circle next to the ones that are configured for EMET.

EMET 5.0 - explorer.exe - INVALID_POINTER_WRITE_EXPLOITABLE

[v] Deep Hooks
[v] Anti Detour
[v] Banned Function
[x] Stop on expoit
All options for explorer.exe checked
=> Crash
WinDbg as the postmortem debugger:
0:024> !analyze -v
* Exception Analysis *
FAULTING_IP:
EMET64!EMETSendCert+2442
000007fe`f2704ece 48832300 and qword ptr [rbx],0
EXCEPTION_RECORD: ffffffffffffffff -- (.exr 0xffffffffffffffff)
ExceptionAddress: 000007fef2704ece (EMET64!EMETSendCert+0x0000000000002442)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 0000000000000001
Parameter[1]: 0000000000120800
Attempt to write to address 0000000000120800
CONTEXT: 0000000000000000 -- (.cxr 0x0;r)
rax=00000000003a7c70 rbx=0000000000120800 rcx=0000000000000038
rdx=00000000aa1a1088 rsi=00000000001220b4 rdi=00000000003a7c70
rip=000007fef2704ece rsp=000000000736e940 rbp=000000000736eab0
r8=000000000736e8f8 r9=000000000736eab0 r10=0000000000000000
r11=0000000000000286 r12=0000000000000000 r13=0000000000000033
r14=0000000000000033 r15=0000000000000000
iopl=0 nv up ei pl nz na po nc
cs=0033 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00010204
EMET64!EMETSendCert+0x2442:
000007fe`f2704ece 48832300 and qword ptr [rbx],0 ds:00000000`00120800=0000000004a90000
FAULTING_THREAD: 0000000000000b74
PROCESS_NAME: Explorer.EXE
ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
EXCEPTION_PARAMETER1: 0000000000000001
EXCEPTION_PARAMETER2: 0000000000120800
WRITE_ADDRESS: 0000000000120800
FOLLOWUP_IP:
EMET64!EMETSendCert+2442
000007fe`f2704ece 48832300 and qword ptr [rbx],0
NTGLOBALFLAG: 400
APPLICATION_VERIFIER_FLAGS: 0
APP: explorer.exe
ANALYSIS_VERSION: 6.3.9600.17029 (debuggers(dbg).140219-1702) amd64fre
BUGCHECK_STR: APPLICATION_FAULT_INVALID_POINTER_WRITE_EXPLOITABLE
PRIMARY_PROBLEM_CLASS: INVALID_POINTER_WRITE_EXPLOITABLE
DEFAULT_BUCKET_ID: INVALID_POINTER_WRITE_EXPLOITABLE
LAST_CONTROL_TRANSFER: from 000007fef2705215 to 000007fef2704ece
STACK_TEXT:
00000000`0736e940 000007fe`f2705215 : 00000000`0736eb00 00000000`00000010 00000000`00000010 00000000`00010000 : EMET64!EMETSendCert+0x2442
00000000`0736e9a0 000007fe`f2703871 : 00000000`00300002 00000000`aa1a1088 00000000`c00b0007 00000000`000000c9 : EMET64!EMETSendCert+0x2789
00000000`0736ea30 000007fe`f26fa004 : 00000000`00000000 00000000`00000000 00000000`04a90000 000007ff`fff9c000 : EMET64!EMETSendCert+0xde5
00000000`0736eae0 000007fe`fd46403e : ffffffff`ffffffff 00000000`04a90000 00000000`00000001 00000000`02dd7790 : EMET64!GetHookAPIs+0x4c0
00000000`0736ebf0 00000000`770e2edf : 00000000`04a90002 00000000`00000000 00000000`00000022 00000000`0736ecfa : KERNELBASE!FreeLibrary+0xa4
00000000`0736ec20 000007fe`fea17414 : 00000000`08c808c8 00000000`04c1fbf0 00000000`02080052 00000000`0736f4a0 : USER32!PrivateExtractIconsW+0x34b
00000000`0736f140 000007fe`fea233a9 : 00000000`00331dec 00000000`00000000 00000000`00000000 00000000`00000000 : SHELL32!SHPrivateExtractIcons+0x393
00000000`0736f410 000007fe`fe8d2a8c : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : SHELL32!SHDefExtractIconW+0x157
00000000`0736f700 000007fe`fe8d28a8 : 00000000`003e3d60 000007fe`fd4d44e7 00000000`0641c4d0 00000000`003e3d60 : SHELL32!CIconCache::ExtractIconW+0x1d8
00000000`0736f7a0 000007fe`fbb19570 : 00000000`003e3d60 00000000`00000001 00000000`003e3d60 00000000`000000d8 : SHELL32!CSparseCallback::ForceImagePresent+0x48
00000000`0736f810 000007fe`fbb1968e : 00000000`0736f900 000007fe`fbb1d7de 00000000`003e3d60 00000000`00000001 : comctl32!CSparseImageList::_Callback_ForceImagePresent+0x74
00000000`0736f860 000007fe`fbb1b14f : 00000000`00000001 00000000`00000000 00000000`000000d8 00000000`06402c30 : comctl32!CSparseImageList::_Virt2Real+0xc6
00000000`0736f890 000007fe`fe9db1cc : 00000000`064059b0 00000000`04e031a0 00000000`064059b0 00000000`0643b6c0 : comctl32!CSparseImageList::ForceImagePresent+0x57
00000000`0736f8d0 000007fe`fe8dc54c : 00000000`0641e660 00000000`06402c30 00000000`00000000 00000000`00000000 : SHELL32!CLoadSystemIconTask::InternalResumeRT+0x164
00000000`0736f960 000007fe`fe90efcb : 80000000`01000000 00000000`0736f9f0 00000000`0641e660 00000000`0000000a : SHELL32!CRunnableTask::Run+0xda
00000000`0736f990 000007fe`fe912b56 : 00000000`0641e660 00000000`00000000 00000000`0641e660 00000000`00000002 : SHELL32!CShellTask::TT_Run+0x124
00000000`0736f9c0 000007fe`fe912cb2 : 00000000`04f7c8f0 00000000`04f7c8f0 00000000`00000000 00000000`003e1a28 : SHELL32!CShellTaskThread::ThreadProc+0x1d2
00000000`0736fa60 000007fe`fd4d3843 : 000007ff`fff9c000 00000000`02e9a890 00000000`02df0d70 00000000`003e1a28 : SHELL32!CShellTaskThread::s_ThreadProc+0x22
00000000`0736fa90 00000000`773115db : 00000000`04e805e0 00000000`04e805e0 00000000`00000001 00000000`00000006 : SHLWAPI!ExecuteWorkItemThreadProc+0xf
00000000`0736fac0 00000000`77310c56 : 00000000`00000000 00000000`04f7c910 00000000`02df0d70 00000000`02e9fef8 : ntdll!RtlpTpWorkCallback+0x16b
00000000`0736fba0 00000000`771e59ed : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!TppWorkerThread+0x5ff
00000000`0736fea0 00000000`7731c541 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : kernel32!BaseThreadInitThunk+0xd
00000000`0736fed0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!RtlUserThreadStart+0x1d
STACK_COMMAND: .cxr 0x0 ; kb
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: emet64!EMETSendCert+2442
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: EMET64
IMAGE_NAME: EMET64.dll
DEBUG_FLR_IMAGE_TIMESTAMP: 53d99f01
FAILURE_BUCKET_ID: INVALID_POINTER_WRITE_EXPLOITABLE_c0000005_EMET64.dll!EMETSendCert
BUCKET_ID: X64_APPLICATION_FAULT_INVALID_POINTER_WRITE_EXPLOITABLE_emet64!EMETSendCert+2442
ANALYSIS_SOURCE: UM
FAILURE_ID_HASH_STRING: um:invalid_pointer_write_exploitable_c0000005_emet64.dll!emetsendcert
FAILURE_ID_HASH: {f7d2108f-d68f-6bd5-d4b8-073af5241c2e}
Followup: MachineOwner
0:024> lm vm EMET64
start end module name
000007fe`f26d0000 000007fe`f279f000 EMET64 (export symbols) C:\Windows\AppPatch\AppPatch64\EMET64.dll
Loaded symbol image file: C:\Windows\AppPatch\AppPatch64\EMET64.dll
Image path: C:\Windows\AppPatch\AppPatch64\EMET64.dll
Image name: EMET64.dll
Timestamp: Thu Jul 31 05:42:25 2014 (53D99F01)
CheckSum: 000CE0A3
ImageSize: 000CF000
File version: 5.0.0.0
Product version: 5.0.0.0
File flags: 0 (Mask 0)
File OS: 40004 NT Win32
File type: 2.0 Dll
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Enhanced Mitigation Experience Toolkit
ProductVersion: 5.0.0.0
FileVersion: 5.0.0.0
FileDescription: EMET SHIM
LegalCopyright: © Microsoft Corporation. All rights reserved.
0:024> lm vm explorer
start end module name
00000000`ff220000 00000000`ff4e0000 Explorer (pdb symbols) x:\symbols\explorer.pdb\A1D0A380BD3C489DB80F0E8273C9719A2\explorer.pdb
Loaded symbol image file: C:\Windows\Explorer.EXE
Image path: C:\Windows\Explorer.EXE
Image name: Explorer.EXE
Timestamp: Fri Feb 25 08:24:04 2011 (4D672EE4)
CheckSum: 002C8AF6
ImageSize: 002C0000
File version: 6.1.7601.17567
Product version: 6.1.7601.17567
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 1.0 App
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: explorer
OriginalFilename: EXPLORER.EXE
ProductVersion: 6.1.7601.17567
FileVersion: 6.1.7601.17567 (win7sp1_gdr.110224-1502)
FileDescription: Windows Explorer
LegalCopyright: © Microsoft Corporation. All rights reserved.
0:024> vertarget
Windows 7 Version 7601 (Service Pack 1) MP (8 procs) Free x64
Product: Server, suite: Enterprise TerminalServer SingleUserTS
kernel32.dll version: 6.1.7601.18409 (win7sp1_gdr.140303-2144)
Debug session time: Tue Sep 2 14:36:19.923 2014 (UTC + 4:00)
System Uptime: 0 days 0:15:08.322
Process Uptime: 0 days 0:13:53.826
Kernel time: 0 days 0:00:03.385
User time: 0 days 0:00:04.290

Again:
FAULTING_IP:
EMET64!EMETSendCert+2442
000007fe`f3604ece 48832300 and qword ptr [rbx],0
EXCEPTION_RECORD: ffffffffffffffff -- (.exr 0xffffffffffffffff)
ExceptionAddress: 000007fef3604ece (EMET64!EMETSendCert+0x0000000000002442)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 0000000000000001
Parameter[1]: 0000000000120800
Attempt to write to address 0000000000120800
CONTEXT: 0000000000000000 -- (.cxr 0x0;r)
rax=0000000000427c70 rbx=0000000000120800 rcx=0000000000000021
rdx=0000000064efbd5f rsi=00000000001220b4 rdi=0000000000427c70
rip=000007fef3604ece rsp=000000000723ced0 rbp=000000000723d040
r8=000000000723ce88 r9=000000000723d040 r10=0000000000000000
r11=0000000000000286 r12=0000000000000000 r13=0000000000000033
r14=0000000000000033 r15=0000000000000000
iopl=0 nv up ei pl nz na po nc
cs=0033 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00010204
EMET64!EMETSendCert+0x2442:
000007fe`f3604ece 48832300 and qword ptr [rbx],0 ds:00000000`00120800=0000000003d60000
DEFAULT_BUCKET_ID: INVALID_POINTER_WRITE
PROCESS_NAME: explorer.exe
ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
EXCEPTION_PARAMETER1: 0000000000000001
EXCEPTION_PARAMETER2: 0000000000120800
WRITE_ADDRESS: 0000000000120800
FOLLOWUP_IP:
EMET64!EMETSendCert+2442
000007fe`f3604ece 48832300 and qword ptr [rbx],0
NTGLOBALFLAG: 400
APPLICATION_VERIFIER_FLAGS: 0
APP: explorer.exe
ANALYSIS_VERSION: 6.3.9600.17029 (debuggers(dbg).140219-1702) amd64fre
FAULTING_THREAD: 00000000000003b8
PRIMARY_PROBLEM_CLASS: INVALID_POINTER_WRITE
BUGCHECK_STR: APPLICATION_FAULT_INVALID_POINTER_WRITE
LAST_CONTROL_TRANSFER: from 000007fef3605215 to 000007fef3604ece
STACK_TEXT:
00000000`0723ced0 000007fe`f3605215 : 00000000`0723d090 00000000`77b0f6b8 00000000`03d600e0 00000000`0723cfd8 : EMET64!EMETSendCert+0x2442
00000000`0723cf30 000007fe`f3603871 : 00000000`00300002 00000000`64efbd5f 00000000`c000008a 00000000`00000000 : EMET64!EMETSendCert+0x2789
00000000`0723cfc0 000007fe`f35fa004 : 00000000`00000000 00000000`00000000 00000000`03d60000 000007ff`fff9a000 : EMET64!EMETSendCert+0xde5
00000000`0723d070 000007fe`fd9b403e : ffffffff`ffffffff 00000000`03d60000 00000000`00000005 00000000`02cf7790 : EMET64!GetHookAPIs+0x4c0
00000000`0723d180 00000000`778c2edf : 00000000`03d60002 00000000`00000000 00000000`00000022 00000000`0723d28c : KERNELBASE!FreeLibrary+0xa4
00000000`0723d1b0 000007fe`fe79aab3 : 00000000`08c808c8 00000000`0bee0320 00000000`02080050 00000000`0723da30 : user32!PrivateExtractIconsW+0x34b
00000000`0723d6d0 000007fe`fe79ac28 : 00000000`0723d9f0 00000000`00000040 00000000`0ba595d0 00000000`0723df54 : shell32!SHPrivateExtractIcons+0x50a
00000000`0723d9a0 000007fe`fe8ce4ca : 00000000`00000004 00000000`00000000 00000000`0bca5110 000007fe`fe7a8186 : shell32!SHDefExtractIconW+0x254
00000000`0723dc90 000007fe`fe7a3435 : 00000000`00000282 000007fe`fe8cc874 00000000`0bc26c20 00000000`0bc26c20 : shell32!CFSFolderExtractIcon::_ExtractW+0x37
00000000`0723dcd0 000007fe`fe8cd7db : 00000000`0723df50 00000000`0bca5110 00000000`03d96178 00000000`0723df60 : shell32!CExtractIconBase::Extract+0x21
00000000`0723dd10 000007fe`fe7a36cd : 00000000`00000000 00000000`0723f2d0 00000000`ffffffff 0000c769`4dc5ef38 : shell32!CShellLink::Extract+0xc2
00000000`0723dea0 000007fe`fe8cd529 : 00000000`0000020a 000007fe`fe7a8186 00000000`ffffffff 00000000`ffffffff : shell32!CIconAndThumbnailOplockWrapper::Extract+0x21
00000000`0723dee0 000007fe`fe8cd2da : 00000000`ffffffff 00000000`0723e3f0 00000000`8000000a 00000000`00000000 : shell32!IExtractIcon_Extract+0x43
00000000`0723df20 000007fe`fe79fff0 : 00000000`00000202 00000000`08d4099e 00000000`00000000 00000000`08d4099e : shell32!_GetILIndexGivenPXIcon+0x22e
00000000`0723e3c0 000007fe`fe863307 : 00000000`00000000 00000000`00000001 00000000`0723f2d0 00000000`00000002 : shell32!_GetILIndexFromItem+0x87
00000000`0723e460 000007fe`fe7cfaaf : 00000000`00000000 00000000`0ba59600 00000000`00000000 00000000`778c62e0 : shell32!CFSFolder::GetIconOf+0x41d
00000000`0723f200 000007fe`fe7a29df : 00000000`00000000 00000000`08d4099e 00000000`0ba59600 0000c769`4dc5c358 : shell32!SHGetIconIndexFromPIDL+0x3f
00000000`0723f230 000007fe`fe7a2925 : 00000000`00464f80 00000000`0beb3120 00000000`00000000 00000000`00000000 : shell32!SHMapIDListToSystemImageListIndex+0x87
00000000`0723f2a0 000007fe`fe79c54c : 00000000`08734ee0 00000000`02d93890 00000000`00000000 000007fe`fe7cf07c : shell32!CGetIconTask::InternalResumeRT+0x7d
00000000`0723f300 000007fe`fe7cefcb : 80000000`01000000 00000000`0723f390 00000000`08734ee0 00000000`0000000c : shell32!CRunnableTask::Run+0xda
00000000`0723f330 000007fe`fe7d2b56 : 00000000`08734ee0 00000000`00000000 00000000`08734ee0 00000000`00000002 : shell32!CShellTask::TT_Run+0x124
00000000`0723f360 000007fe`fe7d2cb2 : 00000000`0894dd20 00000000`0894dd20 00000000`00000000 00000000`00000000 : shell32!CShellTaskThread::ThreadProc+0x1d2
00000000`0723f400 000007fe`fdd93843 : 000007ff`fff9a000 00000000`02db51e0 00000000`02d10d70 00000000`00000000 : shell32!CShellTaskThread::s_ThreadProc+0x22
00000000`0723f430 00000000`77af15db : 00000000`0b755110 00000000`0b755110 00000000`00000000 00000000`00000003 : shlwapi!ExecuteWorkItemThreadProc+0xf
00000000`0723f460 00000000`77af0c56 : 00000000`00000000 00000000`0894dd60 00000000`02d10d70 00000000`08b8f7b8 : ntdll!RtlpTpWorkCallback+0x16b
00000000`0723f540 00000000`779c59ed : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!TppWorkerThread+0x5ff
00000000`0723f840 00000000`77afc541 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : kernel32!BaseThreadInitThunk+0xd
00000000`0723f870 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!RtlUserThreadStart+0x1d
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: emet64!EMETSendCert+2442
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: EMET64
IMAGE_NAME: EMET64.dll
DEBUG_FLR_IMAGE_TIMESTAMP: 53d99f01
STACK_COMMAND: ~27s; .ecxr ; kb
FAILURE_BUCKET_ID: INVALID_POINTER_WRITE_c0000005_EMET64.dll!EMETSendCert
BUCKET_ID: X64_APPLICATION_FAULT_INVALID_POINTER_WRITE_emet64!EMETSendCert+2442
ANALYSIS_SOURCE: UM
FAILURE_ID_HASH_STRING: um:invalid_pointer_write_c0000005_emet64.dll!emetsendcert
FAILURE_ID_HASH: {6fa53035-3ddf-2da0-e167-d0eae56d2591}
Followup: MachineOwner
I can provide the user mini dump with full memory (or any other assistance in testing this issue)

EMET 5 StackPivot incompatible with 7-zip File Manager 7zFM.exe ?

Can anyone reproduce this issue?
With StackPivot mitigation enabled for 7zFM.exe we can't open the 7-zip File Manager.
We can produce the issue with Windows 7 x86, using EMET 5.0.5324.31804 and 7-Zip 9.20
There is no EMET notification via the taskbar agent or the Event Log. However, simply unchecking StackPivot for 7zFM.exe allows it to work.
Application log does contain Event ID 1000, fauling application name 7zFM.exe, faulting module name: KERNELBASE.dll

Yes I can reproduce this issue. I wrote about my findings in an earlier post:
https://social.technet.microsoft.com/Forums/security/en-US/be56b6f7-a33a-49ac-a61c-4d4f295ca50b/experiences-with-the-enhanced-mitigation-experience-toolkit-emet-50-final-version-was-released?forum=emet#5d7b7ee6-3526-463f-b5c9-fb6208683800
Later on I also found out that stackpivot was the culprit but I never posted it on that thread or created a feedback item om the EMET feedback portal.
W. Spu

ITunes 12 incompatible with Windows Vista Data Execution Prevention FIX

I have been getting a "Vista Data
Execution Prevention" error message whenever I closed iTunes for months
now, and after reading through a few forums, I have found a solution
that works. It only takes two minutes. Long story short:
1) Start iTunes
2) Open the Windows Task Manager
3) Go to the "Proccess" Tab
4) Find "AppleMobileDeviceHelper.exe *32" and right click on it.
5) Select "Properties" from the drop down menu
6) Go to the "Compatibility" Tab
7) Check the Box next to "Run this program in compatibility mode for:"
8) If "Windows XP (Service Pack 2)" is not in the field below, click on the down arrow and select said option.
9) Click on "OK" to close the window.
10) Close the iTunes application
11) Reopen the iTunes application
12) Close the iTunes application again.
At this point you should not see anymore "Vista Data Execution Prevention" error messages when you close iTunes!
P.S.
If you want to go back and de-select running
"AppleMobileDeviceHelper.exe *32" in Windows XP Compatibility mode, you
can. Though this part is totally optional. The next time you close
iTunes, you will get one last "Vista Data Execution Prevention" error
message, but don't worry, it will be the last one. Try opening iTunes
again and then closing it, and TaDa, no more error messages. I don't
know why running AppleMobileDeviceHelper.exe *32 in compatibility mode
JUST ONCE solves the problem, but it worked for me.
Happy new year \o/

Welcome tocguy. If I may ask you a question: How much memory does your Vista x64 PC have? I have 3 GB, which is the maximum that 32-bit Vista can recognize, but I seem to recall that 64-bit Vista can utilize much more than that, and wonder if that might be why 64-bit users are scarce in the 11.2 thread.
I have now also done a truly clean reinstall, deleting Apple folders in ProgramData and each user account's AppData folder, and even the iTunes folders in each user's Music folder. Of course I moved my iTunes Media folder to a safe location first, and one iTunes Library backup file suitable for version 11.1.5. I also cleaned the registry. The most I can say is that I sometimes don't get a BEX upon closing iTunes now, but usually I do. I deselected one default setting during installation, "Use iTunes as the default player for audio files." (If an audio file can be opened by Media Player 11, why would I want to open it in a program that gives me a BEX nearly every time I use it? Too bad my AAC files purchased at iTunes Store can't be opened by WMP, but I certainly won't be buying any more of those now.) My advice to other Vista users: Don't waste your time reinstalling, it won't solve the DEP problem.
Ran the Program Compatibility Wizard to run iTunes in XP SP2 compatibility mode, but abandoned that idea after the first BEX.
Thought I was onto something when I tried the registry fix at http://blogs.technet.com/b/askperf/archive/2008/06/17/to-dep-or-not-to-dep.aspx. Johnny DEP thought he was so slick when he saw iTunes listed as an exception in his DEP tab, but there was one minor problem (yes I did reboot):
Oh well, it's probably a bad idea to allow buffer overruns anyway. The fact that this didn't work causes me to think that Enhanced Mitigation Experience Toolkit or Application Compatibility Toolkit would also be a waste of time. Vista users who wish to avoid BEX errors can either downgrade their iTunes (free) or upgrade their Windows (not free).

What are the suggested and preferred ways to apply EMET 4 GPO configuration changes?

Logon Scripts with emet_conf.exe don't work because admin privileges are required and startup scripts lag in time. It should be somewhat "event driven".
Thanks and best regards.

You can also copy and paste this into a group policy object as described manually in http://blogs.technet.com/b/kfalde/archive/2014/03/13/automatically-refreshing-emet-gpo-s.aspx:
<?xml version="1.0"?>
<TaskV2 clsid="{D8896631-B747-47a7-84A6-C155337F3BC8}" name="EMET CONFIG REFRESH" image="2" userContext="0" removePolicy="0" changed="2014-03-17 06:53:16" uid="{E34CB2AC-2D17-4098-8E4E-504B1DA618EB}">
<Properties action="U" name="EMET CONFIG REFRESH" runAs="NTAUTHORITY\SYSTEM" logonType="InteractiveToken">
<Task version="1.2">
<RegistrationInfo>
<Author>MANSERV\peschelf</Author>
<Description>Enhanced Mitigation Experience Toolkit Configuration Update on Group Policy Update</Description>
</RegistrationInfo>
<Principals>
<Principal id="Author">
<UserId>NTAUTHORITY\SYSTEM</UserId>
<LogonType>InteractiveToken</LogonType>
<RunLevel>HighestAvailable</RunLevel>
</Principal>
</Principals>
<Settings>
<IdleSettings>
<Duration>PT5M</Duration>
<WaitTimeout>PT1H</WaitTimeout>
<StopOnIdleEnd>false</StopOnIdleEnd>
<RestartOnIdle>false</RestartOnIdle>
</IdleSettings>
<MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>
<DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>
<StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>
<AllowHardTerminate>true</AllowHardTerminate>
<AllowStartOnDemand>true</AllowStartOnDemand>
<Enabled>true</Enabled>
<Hidden>false</Hidden>
<ExecutionTimeLimit>PT1H</ExecutionTimeLimit>
<Priority>7</Priority>
</Settings>
<Triggers>
<EventTrigger>
<Enabled>true</Enabled>
<Subscription><QueryList><Query Id="0" Path="Application"><Select Path="Application">*[System[Provider[@Name='SceCli'] and EventID=1704]]</Select></Query></QueryList></Subscription>
<ExecutionTimeLimit>PT30M</ExecutionTimeLimit>
</EventTrigger>
</Triggers>
<Actions>
<Exec>
<Command>"C:\Program Files (x86)\EMET 4.0\EMET_Conf.exe"</Command>
<Arguments>--refresh</Arguments>
</Exec>
</Actions>
</Task>
</Properties>
</TaskV2>

When will EMET be patched to address the Offensive Security vuln?

http://www.offensive-security.com/vulndev/disarming-enhanced-mitigation-experience-toolkit-emet/
When will it be patched.
born to learn!

Something went wrong with the update and you are in Recovery Mode.
Follow the instructions below to recover your iPad.
http://support.apple.com/kb/ht4097

Skype updated, Now i can't log in

Skype just updated on my computer and now I get a Skype is not working error
I got this from my event viewer.
Faulting application name: Skype.exe, version: 6.22.81.104, time stamp: 0x54491226
Faulting module name: KERNELBASE.dll, version: 6.3.9600.17278, time stamp: 0x53eeb460
Exception code: 0xe06d7363
Fault offset: 0x00012f71
Faulting process id: 0x1af0
Faulting application start time: 0x01cff9992af8cd6e
Faulting application path: C:\Program Files (x86)\Skype\Phone\Skype.exe
Faulting module path: C:\windows\SYSTEM32\KERNELBASE.dll
Report Id: 726d4ef0-658c-11e4-825b-a0886946ec12
Faulting package full name:
Faulting package-relative application ID:
Solved!
Go to Solution.

Skype 6.21 version was crashing with exactly the same error message as the latest 6.22 version.
However, it looks like that also your Internet Explorer (IE11) was crashing too. The crash report indicates problems with emet.dll component, which belongs to Enhanced Mitigation Experience Toolkit. Try to disable mitigation options for Internet Explorer and Skype.
http://community.skype.com/t5/Windows-desktop-client/Skype-Stopped-Working/m-p/3708617#M309009
http://community.skype.com/t5/Windows-desktop-client/quot-Skype-has-stopped-working-quot/m-p/3708653...

After doing a system recovery, I am unable to do the microsoft updates. How do I continue to update

I have a media center m1070n with windows XP. After completing a system recovery, I try to get all the windows updates but it won' let me. How do I continue to get all the proper updates so I can download my Norton?

xray_amy wrote:
The only things I have done are the ones that automatically start after recovery. This is a desktop computer not a notebook so do I need "enhancements and QFEs" you mentioned?
There is a topic in the HP Web support page that is titled "things to do after a recovery". I will edit this and link to it . A recovery to "factory state" actually does not do everything. That is why after a recovery or restore of any kind it is wise to take a lookmin the device manager to see if all of the devices you desktop PC was delivered with have their drivers installed and are enabled.
Notebooks and desktop PCs have operating systems and the operating systems can be identical. That is one thing in which they do not differ. Notebooks have far less of an "open architecture" that desktop pcs have.
Yes.. enhancements and QFEs (quick fix engineering) are needed as they are created by Microsoft and HP to correct and enhance the operating system and installed hardware. You should install them as they are specifically for your desktop PC and its operating system. Once you install them you should be able to update to SP2 and then SP3. Here is an important document from HP on updating to Winpows XP SP2. Be certain that you create a restore point before updating to SP3. Here is a document from Microsoft on what to do before udating to Windows XP SP3.
You may also find this document on updating drivers and Windows with Windows update interesting and useful.
Best regards,
erico
****Please click on Accept As Solution if a suggestion solves your problem. It helps others facing the same problem to find a solution easily****
2015 Microsoft MVP - Windows Experience Consumer

Microsoft Enhanced Mitigation Experience Toolkit

Similar Messages

Maybe you are looking for