Jump to content

[Solved] Windows 7 Pro with all current updates


Recommended Posts

Posted

Hi to all,

I want to create a current Windows 7 x64 Professional DVD (in german).

Here is what I did (all with Win Toolkit):

1. Download of the iso (X17-59885.iso) Windows 7 x64 Professional german

2. unpack with 7Zip

3. Download Update Catalog -> McRip Windows 7 x64 (Are there really 480+ updates?)

4. All-in-one Integrator -> browse extracted DVD

4.1 select Windows 7 PROFESSIONAL x64 (the only green one)

4.2 no presets selected (skip)

4.3 Updates + Languages -> Add Updates + Subfolders -> select the folder from 3.

4.4 hit Start

now the Updates are getting "installed", but quite a few are getting red (not installed I guess)

5. ISO Maker -> ...

Nothing extraordinary so far. Now I tested the ISO in a VM with the VMWarePlayer. -> BUM Install of Windows fails.

The errormessage: Windows could not configure one or more system components.

Then it goes into constant reboot claiminig error during last boot.

My guess is, what there are way to many updates put into the DVD.

Prevoiusliy I used www.wsusoffline.net to update Windows after install, but I want to save the time. This tool just has 100+ updates that are installed.

Any help what I do wrong?

Thanks Atlan

Posted (edited)

Finally I came around to more testing.

Correct me if I'm wrong, but for making it work I had to select all versions at the beginning (from HOME to ULTIMATE). I also deleted the "ei.cfg".

So far so good.

That in mind I started integrating more stuff.

- wallpapers -> work

- gadgets -> not working (I can't find them anywhere)

- tweaks -> work

Edited by Atlan
Posted (edited)
- gadgets -> not working (I can't find them anywhere)

I believe that MS has removed all gadgets and the Windows sidebar from any of their websites citing the possibility of nefarious code to compromise your system through them.

http://www.theregist...says_microsoft/

Microsoft has advised Vista and Windows 7 users to put Gadgets and the Windows Sidebar to the sword, following the revelation of yet-to-be-detailed remote code execution vulnerabilities in the features.

Redmond issued this advisory ahead of an upcoming Black Hat presentation by Mickey Shkatov and Toby Kohlenberg. The two have promised to reveal “interesting attack vectors” in a presentation called“We Have You By The Gadgets”.

Microsoft hasn’t provided any further information about the vulnerability, other than to say that users could install insecure Gadgets that enable remote code execution.

“Gadgets installed from untrusted sources can harm your computer and can access your computer’s files, show you objectionable content, or change their behavior at any time,” Microsoft notes.

Since Gadgets run with the rights of the current user, the vulnerability could allow exploits all the way up to administrative level.

The Microsoft fix disables the Windows Sidebar and Gadgets on all supported Vista and Windows 7 editions.

The unloved Sidebar feature for Gadgets was killed off in Windows 8, as was the Windows Live Gallery used to access Gadgets from the desktop.

http://technet.micro...dvisory/2719662

Vulnerabilities in Gadgets Could Allow Remote Code Execution

Published: Tuesday, July 10, 2012

Version: 1.0

General Information

Executive Summary

Microsoft is announcing the availability of an automated Microsoft Fix it solution that disables the Windows Sidebar and Gadgets on supported editions of Windows Vista and Windows 7. Disabling the Windows Sidebar and Gadgets can help protect customers from vulnerabilities that involve the execution of arbitrary code by the Windows Sidebar when running insecure Gadgets. In addition, Gadgets installed from untrusted sources can harm your computer and can access your computer's files, show you objectionable content, or change their behavior at any time.

An attacker who successfully exploited a Gadget vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take complete control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Applying the automated Microsoft Fix It solution described in Microsoft Knowledge Base Article 2719662 disables the Windows Sidebar experience and all Gadget functionality.

Recommendation. Customers who are concerned about vulnerable or malicious Gadgets should apply the automated Fix It solution as soon as possible. For more information, see theSuggested Actions section of this advisory.

Cheers and Regards

Edited by bphlpt
Posted

I've made the 'Gadgets' download button link to 'http://technet.microsoft.com/en-us/security/advisory/2719662'.

What do you think i should so with gadget integration?

Posted

I don't think many would mind if you remove any gadgets related capabilities / mentions from your app, since Microsoft is abandoning them and consideres them a vulnerability they can't ''patch'' anymore. And that link to the msdn link is very useful. :)

Posted (edited)

Good question. Gadgets, widgets, or whatever you want to call them, have been been around since Vista was in development and used internally at MS since 2000, according to Wikipedia. I don't usually use them, but some people like the convenience of having things like weather reports, stock info, email or IM notifications, PC system info, etc handy at a glance. I would hate to see those go unless there was an alternative way to get that info for the folks that wanted it. Even if MS no longer supports their use, if people have gadgets that they trust and use already downloaded, then maybe Win Toolkit should allow their use with a warning notice as to the possible danger? Anything that can be done to make their use as safe as possible should be done, and if there is a safer alternative that should be encouraged. But Win Toolkit is all about giving people options.

Also, I question some of the motives of MS. While I don't doubt that there is some danger of there being code vulnerabilities in some Gadgets, that is true in any piece of software from the OS to any app. I personally think that this is one more way that MS is trying to force the switch to "Metro" apps.

http://en.wikipedia....Desktop_Gadgets

Originally, Microsoft provided a link to a web site called Windows Live Gallery where additional Sidebar gadgets that have been created by third party clients could be downloaded. The site was officially retired on October 1, 2011.

[--< snip >--]

As of Q4 of 2011, Microsoft retired the Windows Live Widget Gallery stating: "In order to focus support on the much richer set of opportunities available for the newest version of Windows, Microsoft is no longer supporting development or uploading of new Gadgets."

I could be wrong, but...

I have also found that all of the old gadgets that used to be hosted at http://gallery.live.com/, are now hosted at http://gallery-live.com/, and are available for download. My interpretation of info on their home page is that they are using the words of the MS service agreement to prove that MS has inadvertently allowed this behavior:

http://gallery-live.com/

The Windows Live Gallery has been retired in order to focus development on Windows 8. It was available at gallery.live.com, if you would like to access it now, a site like it is depicted on the left is shown. A large number of 11,835 Windows Sidebar Gadgets were available, also 222 SideShow Gadgets. All these programs with a total size of 2.1 GB are now stored on another server, which is not operated or in any way related to Microsoft. According to the Microsoft Service Agreement which was also valid for the gadget gallery, the content is now hosted here:

You control who may access your content. If you share content in public areas of the service or in shared areas available to others you've chosen, then you agree that anyone you've shared content with may use that content. When you give others access to your content on the service, you grant them free, nonexclusive permission to use, reproduce, distribute, display, transmit, and communicate to the public the content solely in connection with the service and other products and services made available by Microsoft. If you don't want others to have those rights, don't use the service to share your content.

Excerpt from the Microsoft Service Agreement, January 1, 2012

So maybe just change the Win Toolkit links to the gadgets, but still with a warning since they are not officially supported? Just a thought.

Cheers and Regards

Edited by bphlpt
Posted

On the same page as the download gadget link, a warning note to be careful, with a link to the msdn page, should satisfy everyone, since they are not officially supported by MS any more. On the http://gallery-live.com/ home page is still a link to the old http://gallery.live.com/ page which then has a link to the msdn page http://technet.microsoft.com/en-us/security/advisory/2719662 so people can't say they weren't warned. But thank you very much for the redirect to the new page. As I said, I think that Win Toolkit should be all about options.

Cheers and Regards

Posted (edited)

You don't have to integrate the 480+ updates from McRip, instead use Windows Updates Downloader with these updates list.

The only things not included in these updates lists are Windows update update (3 cabs that can be found on McRip repository) and lang pack for IE9.

With that you will have an up to date Windows 7 x86/X64

thanks for the list. curious about something though. do i need to download .net framework 3.5.1 updates (5) if i am also going to download .net 4.5 under optional updates?

oh and something else, the link goes to "post sp1 updates" but when i am looking at the available updates in the windows updates downloader there is one listed as "service packs (1)" windows servie pack 1 kb976932

not sure what that is for

Edited by ccl0
Posted (edited)

Yes, I believe you still need .NET3.5.1 updates even if you are installing .NET 4.5. The only thing that .NET 4.5 replaces is .NET 4.0, nothing else.

kb976932 IS SP1, for installation on a live system running Win 7 RTM, not for use in Win Toolkit on an SP1 WIM image.

Cheers and Regards

Edited by bphlpt
Posted

The discussion I kicked off was unintentional, but good if it helps improving the programm.

What I ment was that I added my gadgets to the DVD and they get not installed. That works now. I must have missed one check.

I am almost here I want to be. I just have a few questions:

1. Do I have to select all versions of windows from the wim. Otherwise my DVD is not working at all.

2. The lang pack for IE9 will not integrate, why?

3. I tried "[slim] .NET Framework 4.5 Full x86/x64" from the member section, but no install :(.

Thanks and keep up the exelent work

Atlan

Posted

1. You can select one image but you will only see the changes if you select that image during install, all of the other images will be an original install.

2. Is it showing up red? Sometimes it shows up red even if it integrated fine. You can either check the 'Integrated' tab after it finishes or check if it's there after install.

3. That might of been the issue from v76. It should be working now with v77.

Posted

1. I have a Pro Image. I only select Pro at the beginning, do not remove the ei.cfg and then integrate everything. During the test with VMWare the install fails an the VM goes into rebootcycle.

2. I manage to get rid of all the red lines. The Languagepack shows up as a normal update on the Windows update. I will do some more test on monday.

3. I will try thatone to, again. I did the LP Incorporation Instructions but when the get installed in the VM one KB is missing????

Thanks again

Posted

kb976932 IS SP1, for installation on a live system running Win 7 RTM, not for use in Win Toolkit on an SP1 WIM image.

Cheers and Regards

thanks i figured thats what it was, but really confused me b/c the link was to "post sp1 updates" so that really threw me.. could not figure out why that would be there if the assumption was w7+ sp1 source was already being used :dizzy:

  • 1 month later...
Posted (edited)

If your system is not having any issues, then I don't think it's important, or necessary, at all. But if you are having troubles adding some updates, then according to this source:

What is the System Update Readiness Tool?

The System Update Readiness Tool can help fix problems that might prevent Windows updates and service packs from installing. For example, an update might not install if a damaged system file prevents the update from recognizing the version of Windows that's running on your computer.

If your computer is having problems installing an update or a service pack, download and install the tool, which runs automatically. Then, try installing the update or service pack again.

You can install it at system build/install, or it would probably be just fine to go ahead and download it and store it where you can get access to it if you need it, but only install and run it if you start having problems installing updates. But that's just my opinion.

Cheers and Regards

Edited by bphlpt
Posted (edited)

edit: after more investigation windows update cant update my audio driver for some reason. the recommended solution from Microsoft was to download the system update readiness tool

Edited by ccl0
  • 2 weeks later...
Posted

You don't have to integrate the 480+ updates from McRip, instead use Windows Updates Downloader with these updates list.

The only things not included in these updates lists are Windows update update (3 cabs that can be found on McRip repository) and lang pack for IE9.

With that you will have an up to date Windows 7 x86/X64

Most of the updates in the list are OLD or supressed updates.Most of them show a not applicable error message

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...