@rem Build a Bootable Windows XP disk with Service Pack 3 and all critical post-SP3 hotfixes slipstreamed in @rem Copyright (c) 2003-2009, Ross Smith. All rights reserved. :: ChangeLog: :: Added jun-sep 08 releases :: Added oct 08 releases :: Added nov-jan 09 releases: thanks to cavd and cubanric! :: Added feb 09-mar 09 releases :: Added apr 09 releases @rem $Id$ @if "%debug%" == "" echo off @if not "%debug%" == "" echo on :: the full directory path containing the original Windows XP installation CD files :: do not include trailing backslash set sourcedir=D: set builddir= set hotfixdir= :: options for hotfixes set options=/passive /norestart if exist local.cmd call local.cmd :: the full directory path to copy the CD files, to enable them to be slipstreamed :: do not include trailing backslash :: if left blank, you will be asked to enter it if not "%~2" == "" set builddir=%2 :: the relative directory containing the SP3 and all hotfixes :: do not include trailing backslash :: if left blank, the current directory will be used if not "%~3" == "" set hotfixdir=%3 verify other 2>nul setlocal enableextensions setlocal enabledelayedexpansion if not "%~1" == "" set sourcedir=%1 if not defined hotfixdir set hotfixdir=%cd% if exist "%sourcedir%\WIN51" goto source_ok :get_source echo This script will copy files from a Windows XP installation CD to a directory echo you choose, and download and slipstream Service Pack 3 and all Post-SP3 echo security hotfixes into it. echo. echo Enter the directory containing the Windows XP installation CD files :: echo (If it's the root directory, do not enter a trailing backslash) set REPLY= set /p REPLY=or press [Enter] for '%sourcedir%' or enter Q to quit : if "%reply%" == "" set reply=%sourcedir% if /i "%reply%" == "Q" goto :eof if not exist "%reply%\" ( echo. echo The directory '%reply%' does not exist. echo. goto get_source ) if not exist "%reply%\WIN51" ( echo. echo The directory '%reply%' does not contain a Windows XP installation CD. echo. goto get_source ) set sourcedir=%reply% :source_ok if defined builddir goto builddir_ok set _bs=%sourcedir:~-1% if "%_bs%" == "\" set sourcedir=%sourcedir:~0,-1% if "%builddir%" == "" ( set vol= for /f "usebackq tokens=6" %%a in (`vol %sourcedir%`) do set vol=%%a if "!vol!" == "" set vol=xpsp3_cd set builddir=%cd%\!vol! ) :get_builddir echo. echo Enter the full directory name to copy the Windows XP Installation files to set REPLY= set /p REPLY="or press [Enter] for '%builddir%' or enter Q to quit: " if "%reply%" == "" set reply=%builddir% if /i "%reply%" == "Q" goto :eof set _colon=%reply:~1,1% if not "%_colon%" == ":" ( echo. echo "%_colon%"Please enter an absolute path [e.g., C:\ex] goto get_builddir ) mkdir "%reply%" if not exist "%reply%\" ( echo. echo Unable to create directory '%reply%' goto get_builddir ) set builddir=%reply% :builddir_ok set svcpackdir=%builddir%\i386\svcpack if exist "%hotfixdir%" goto hotfix_ok :get_hotfix echo. echo Enter the directory path to contain Service Pack 3 and the hotfixes set /p REPLY="or press [Enter] for '%hotfixdir%' or enter Q to quit: " if /i "%reply%" == "Q" goto :eof if not exist "%reply%\" ( echo. echo The directory '%reply%' does not exist echo. goto get_hotfix ) set hotfixdir=%reply% :hotfix_ok if not exist "%builddir%\I386\" ( echo. echo Copying "%sourcedir%" to "%builddir%"... echo. if not exist "%builddir%\*.*" mkdir "%builddir%" xcopy "%sourcedir%\." "%builddir%" /e/r/y if errorlevel 1 ( echo The copy did not complete successfully. goto :eof ) ) echo Please save all files in the directory '%hotfixdir%' if not "%DOWNLOADER%" == "" goto start_downloads wget --version >nul 2>nul if not errorlevel 9009 ( set DOWNLOADER=wget -nd -N goto start_downloads ) curl --version >nul 2>nul if not errorlevel 9009 ( set DOWNLOADER=curl -k -L -O -R goto start_downloads ) set DOWNLOADER=start /D"%hotfixdir%" /wait /b :start_downloads :: jul 08: none :: aug 08: del /f *KB950759* >nul 2>nul :: sep 08: none :: oct 08: del /f *KB953838* >nul 2>nul :: nov 08: none :: dec 08: none :: jan 09: del /f *KB957095* >nul 2>nul :: feb 09: none :: mar 09: del /f *KB954211* >nul 2>nul :: apr 09: del /f *KB951698* >nul 2>nul del /f *KB956841* >nul 2>nul del /f *KB958215* >nul 2>nul del /f *KB960714* >nul 2>nul :: Jun 08: :: MS08-030 – Critical :: Vulnerability in Bluetooth Stack Could Allow Remote Code Execution (951376) :: SP2: replaces none :: SP3: replaces none call :download http://download.microsoft.com/download/a/6/5/a65308a2-7ede-4219-981a-20feb38bfd0e/WindowsXP-KB951376-v2-x86-ENU.exe :: MS08-031 - Critical :: Cumulative Security Update for Internet Explorer (950759) :: SP2: replaces MS08-024 :: SP3: replaces none :: replaced by MS08-45 :: call :download http://download.microsoft.com/download/2/2/5/2255ad65-47ba-44f1-9e88-feba8f019c55/WindowsXP-KB950759-x86-ENU.exe :: MS08-032 - Moderate :: Cumulative Security Update of ActiveX Kill Bits (950760) :: SP2: replaces MS08-023 :: SP3: replaces none call :download http://download.microsoft.com/download/c/6/e/c6e4b3e0-0af6-4ac8-92f7-5f7e8d471fb2/WindowsXP-KB950760-x86-ENU.exe :: MS08-033 – Critical :: Vulnerabilities in DirectX Could Allow Remote Code Execution (951698) :: SP2: replaces MS07-064 :: SP3: replaces none :: replaced by MS09-011 :: call :download http://download.microsoft.com/download/3/1/5/315c86ba-2910-47f0-9f02-b5616511536d/WindowsXP-KB951698-x86-ENU.exe :: MS08-035 – Important :: Vulnerability in Active Directory Could Allow Denial of Service (953235) :: SP2: replaces MS08-003 :: SP3: replaces none call :download http://download.microsoft.com/download/5/f/a/5fa7006d-023f-496f-9c85-796fb82dfd16/WindowsXP-KB949269-x86-ENU.exe :: MS08-036 – Important :: Vulnerabilities in Pragmatic General Multicast (PGM) Could Allow Denial of Service (950762) :: SP2: replaces MS06-052 :: SP3: replaces none call :download http://download.microsoft.com/download/1/4/3/1438b520-8200-466d-9daf-4de18bd4dc0f/WindowsXP-KB950762-x86-ENU.exe :: Jul 08: :: MS08-037 – Important :: Vulnerabilities in DNS Could Allow Spoofing (953230) :: SP2: replaces MS06-064, MS08-001 :: SP3: replaces none call :download http://download.microsoft.com/download/f/5/f/f5f31962-0215-44e6-be41-02818b4373f3/WindowsXP-KB951748-x86-ENU.exe :: Aug 08: :: MS08-045 - Critical :: Cumulative Security Update for Internet Explorer (953838) :: SP2: replaces MS08-031 :: SP3: replaces MS08-031 :: replaced by MS08-058 :: call :download http://download.microsoft.com/download/3/9/3/3933471e-a08e-4640-8980-d3d3eb5b3c34/WindowsXP-KB953838-x86-ENU.exe :: MS08-046 – Critical :: Vulnerability in Microsoft Windows Image Color Management System Could Allow Remote Code Execution (952954) :: SP2: replaces none :: SP3: replaces none call :download http://download.microsoft.com/download/a/1/9/a19c9aff-bd94-4fc1-98ff-db432358f902/WindowsXP-KB952954-x86-ENU.exe :: MS08-048 - Important :: Security Update for Outlook Express and Windows Mail (951066) :: SP2: replaces none :: SP3: replaces none call :download http://download.microsoft.com/download/3/a/f/3afd84f3-729c-4f54-9d38-e77c5112ae0d/WindowsXP-KB951066-x86-ENU.exe :: MS08-049 – Important :: Vulnerabilities in Event System Could Allow Remote Code Execution (950974) :: SP2: replaces none :: SP3: replaces none call :download http://download.microsoft.com/download/5/d/d/5dd0ab05-b357-4175-bd93-894903f07579/WindowsXP-KB950974-x86-ENU.exe :: MS08-050 – Important :: Vulnerability in Windows Messenger Could Allow Information Disclosure (955702) :: SP2: replaces none :: SP3: replaces none call :download http://download.microsoft.com/download/4/d/8/4d84fd95-9124-461a-95eb-6b5908b6fe62/WindowsXP-KB946648-x86-ENU.exe :: Sep 08: :: MS08-052 - Critical :: Vulnerabilities in GDI+ Could Allow Remote Code Execution (9545::93) :: SP2: replaces none :: SP3: replaces none call :download http://download.microsoft.com/download/7/8/1/78141DC7-3B1D-42F3-9AA2-4DCA79AD739B/WindowsXP-KB938464-v2-x86-ENU.exe :: MS08-053 - Critical :: Vulnerability in Windows Media Encoder 9 Could Allow Remote Code Execution (954156) :: SP2: replaces none :: SP3: replaces none call :download http://download.microsoft.com/download/2/b/2/2b252ed6-39fe-423d-a74e-d48c85d24c2a/WindowsMedia9-KB954156-x86-ENU.exe :: MS08-054 - Critical :: Vulnerability in Windows Media Player Could Allow Remote Code Execution (954154) :: SP2: replaces none :: SP3: replaces none call :download http://download.microsoft.com/download/b/6/6/b662a844-9aa2-4b80-8713-27a6c0da16d8/WindowsMedia11-KB954154-x86-ENU.exe :: Oct 08: :: MS08-058 - Critical :: Cumulative Security Update for Internet Explorer (956390) :: SP2: replaces MS08-045 :: SP3: replaces MS08-045 :: replaced by MS08-073 :: call :download http://download.microsoft.com/download/4/c/f/4cf3fd3b-a024-494a-b285-49f5920016e8/WindowsXP-KB956390-x86-ENU.exe :: http://download.microsoft.com/download/f/5/3/f53a9daf-3d2a-4743-a8a3-7a92ba0e2638/IE7-WindowsXP-KB956390-x86-ENU.exe :: MS08-061 – Important :: Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (954211) :: SP2: replaces MS08-025 :: SP3: replaces none :: replaced by MS09-006 :: call :download http://download.microsoft.com/download/2/5/3/25324004-a2df-4163-95f5-ae9127b0f3ad/WindowsXP-KB954211-x86-ENU.exe :: MS08-062 - Important :: Vulnerability in Windows Internet Printing Service Could Allow Remote Code Execution (953155) :: SP2: replaces none :: SP3: replaces none call :download http://download.microsoft.com/download/d/7/f/d7f097e0-f290-4ff6-98ea-edaf8e78140f/WindowsXP-KB953155-x86-ENU.exe :: MS08-063 – Important :: Vulnerability in SMB Could Allow Remote Code Execution (957095) :: SP2: replaces MS06-063 :: SP3: replaces none ;: replaced by MS09-001 :: call :download http://download.microsoft.com/download/3/3/f/33f997d5-b567-4ee9-82aa-3868629a1ec5/WindowsXP-KB957095-x86-ENU.exe :: MS08-064 – Important :: Vulnerability in Virtual Address Descriptor Manipulation Could Allow Elevation of Privilege (956841) :: SP2: replaces MS07-022 :: SP3: replaces none ;: replaced by MS09-012 :: call :download http://download.microsoft.com/download/0/0/9/009cb4f8-9a59-412b-8811-f9f0b7703ee6/WindowsXP-KB956841-x86-ENU.exe :: MS08-066 – Important :: Vulnerability in the Microsoft Ancillary Function Driver Could Allow Elevation of Privilege (956803) :: SP2: replaces none :: SP3: replaces none call :download http://download.microsoft.com/download/4/0/5/405222d0-5171-4ffb-a86e-7889e1161c1d/WindowsXP-KB956803-x86-ENU.exe :: MS08-067 – Critical :: Vulnerability in Server Service Could Allow Remote Code Execution (958644) :: SP2: replaces MS06-040 :: SP3: replaces none call :download http://download.microsoft.com/download/4/f/a/4fabe08e-5358-418b-81dd-d5038730b324/WindowsXP-KB958644-x86-ENU.exe :: Nov 08: :: MS08-068 | Important :: Vulnerability in SMB Could Allow Remote Code Execution (957097) :: SP2: replaces MS05-011 :: SP3: replaces none call :download http://download.microsoft.com/download/4/b/c/4bcfd71b-1f5a-4f9c-8c57-0b7ba2aae684/WindowsXP-KB957097-x86-ENU.exe :: MS08-069 | Critical :: Vulnerabilities in Microsoft XML Core Services Could Allow Remote Code Execution (955218) :: SP2: replaces MS06-042 :: SP3: replaces none call :download http://download.microsoft.com/download/d/6/5/d65961a2-d09b-4560-af78-1e4f97b77359/WindowsXP-KB955069-x86-ENU.exe :: these won't slipstream, but they can be run after windows is installed: call :download http://download.microsoft.com/download/9/7/1/971f55c8-d512-494f-9c5e-7cc3f9b190ee/msxml4-KB954430-enu.exe call :download http://download.microsoft.com/download/2/7/5/2753aabc-24de-41be-a05b-d41fc76f3aad/msxml6-KB954459-enu-x86.exe :: Dec 08 :: MS08-071 – Critical :: Vulnerabilities in GDI Could Allow Remote Code Execution (956802) :: SP2: replaces MS08-021 :: SP3: replaces none call :download http://download.microsoft.com/download/0/0/D/00DBCA9D-B3CF-4F9E-A671-6CD79FC1DC4C/WindowsXP-KB956802-x86-ENU.exe :: MS08-073 - Critical :: Cumulative Security Update for Internet Explorer (958215) :: SP2: replaces MS08-058 :: SP3: replaces MS08-058 :: cavd - 22-jan-09 - changed from ie7 to ie6 - baseline xp doesn't have ie7! :: call :download http://download.microsoft.com/download/0/2/9/0297FF58-CEFC-48DB-9CED-97796B754137/IE7-WindowsXP-KB958215-x86-ENU.exe :: replaced by MS09-011 :: call :download http://download.microsoft.com/download/6/D/8/6D8C124A-CFC2-43D7-A2DA-9411DA0D3CB5/WindowsXP-KB958215-x86-ENU.exe :: MS08-076 – Important :: Vulnerabilities in Windows Media Components Could Allow Remote Code Execution (959807) :: SP2: replaces none :: SP3: replaces none :: cavd - 22-jan-09 :: there is now a v2 of 952069 :: the dox also suggest that for baseline XP is 954600 :: call :download http://download.microsoft.com/download/8/8/2/8822FCC3-55EB-4B37-B448-51FBE65DDC39/WindowsXP-WindowsMedia-KB952069-x86-ENU.exe call :download http://download.microsoft.com/download/8/8/2/8822FCC3-55EB-4B37-B448-51FBE65DDC39/WindowsXP-WindowsMedia-KB952069-v2-x86-ENU.exe call :download http://download.microsoft.com/download/E/C/7/EC7B6956-2C13-4196-9E35-375C828ACB6C/WindowsXP-KB954600-x86-ENU.exe :: MS08-078 - Critical :: Security Update for Internet Explorer (960714) :: SP2: replaces none :: SP3: replaces none :: cavd - 22-jan-09 - changed from ie7 to ie6 - baseline xp doesn't have ie7! :: call :download http://download.microsoft.com/download/6/C/3/6C3F5EB1-846B-4E59-8346-6A380A77125C/IE7-WindowsXP-KB960714-x86-ENU.exe :: replaced by MS09-011 :: call :download http://download.microsoft.com/download/F/2/7/F27B3516-F7FD-4B84-919F-9B8CEC4BC4A5/WindowsXP-KB960714-x86-ENU.exe :: Jan 09 :: MS09-001 – Critical :: Vulnerabilities in SMB Could Allow Remote Code Execution (958687) :: SP2: replaces MS08-063 :: SP3: replaces MS08-063 call :download http://download.microsoft.com/download/B/9/7/B9798068-1B3B-4EE7-BC2A-2371C54B0ADD/WindowsXP-KB958687-x86-ENU.exe :: Feb 09 :: baseline xp doesn't have ie7! :: http://download.microsoft.com/download/0/C/6/0C629D20-9FDC-4D29-B71F-BA4F2461C634/IE7-WindowsXP-KB961260-x86-ENU.exe :: Mar 09 :: MS09-006 – Critical :: Vulnerabilities in Windows Kernel Could Allow Remote Code Execution (958690) :: SP2: replaces MS08-061 :: SP3: replaces MS08-061 call :download http://download.microsoft.com/download/9/5/D/95DB5691-545D-4D50-81FF-D7D002601CE6/WindowsXP-KB958690-x86-ENU.exe :: MS09-007 - Important :: Vulnerability in SChannel Could Allow Spoofing (960225) :: SP2: replaces MS07-031 :: SP3: replaces none call :download http://download.microsoft.com/download/8/2/3/8233E377-3D72-42C2-827E-7F7A7B7A9B19/WindowsXP-KB960225-x86-ENU.exe :: apr 09 :: MS09-010 - Critical :: Vulnerabilities in WordPad and Office Text Converters Could Allow Remote Code Execution (960477) :: KB923561 :: SP2: replaces none :: SP3: replaces none call :download http://download.microsoft.com/download/7/0/B/70B97A4C-2D61-44F1-B8F7-EAFF9C07B172/WindowsXP-KB923561-x86-ENU.exe :: MS09-013 - Critical :: Vulnerabilities in Windows HTTP Services Could Allow Remote Code Execution (960803) :: SP2: replaces none :: SP3: replaces none call :download http://download.microsoft.com/download/3/C/A/3CA5C5CF-7752-4401-A5C3-42AE64C1C754/WindowsXP-KB960803-x86-ENU.exe :: MS09-011 - Critical :: Vulnerability in Microsoft DirectShow Could Allow Remote Code Execution (961373) :: SP2: replaces MS08-033 :: SP3: replaces MS08-033 call :download http://download.microsoft.com/download/3/1/4/31488E52-F4E1-43EB-9745-5D0D1F156685/WindowsXP-KB961373-x86-ENU.exe :: MS09-014 - Critical :: Cumulative Security Update for Internet Explorer (963027) :: SP2: replaces MS08-073, MS08-078 :: SP3: replaces MS08-073, MS08-078 call :download http://download.microsoft.com/download/6/8/3/683EF04C-F675-4A52-A2E4-86B01C484F22/WindowsXP-KB963027-x86-ENU.exe :: MS09-012 - Important :: Vulnerabilities in Windows Could Allow Elevation of Privilege (959454) :: SP2: replaces MS07-022, MS08-002, MS08-064 :: SP3: replaces MS08-064 call :download http://download.microsoft.com/download/1/7/8/17850352-F46F-46C9-97DF-14CB73461B16/WindowsXP-KB952004-x86-ENU.exe call :download http://download.microsoft.com/download/F/E/3/FE3F2F03-8128-4912-B079-7EF283013BD9/WindowsXP-KB956572-x86-ENU.exe :: MS09-015 – Moderate :: Blended Threat Vulnerability in SearchPath Could Allow Elevation of Privilege (959426) :: SP2: replaces MS07-035 :: SP2: replaces MS07-035 call :download http://download.microsoft.com/download/4/D/0/4D0E640D-5297-4F86-BB59-06350DF73AA8/WindowsXP-KB959426-x86-ENU.exe if not exist "%builddir%\I386\sp3.cab" ( :: http://support.microsoft.com/kb/936929 : Windows XP Service Pack 3 call :download http://download.microsoft.com/download/d/3/0/d30e32d8-418a-469d-b600-f32ce3edf42d/WindowsXP-KB936929-SP3-x86-ENU.exe set KB936929=!rv! if "!KB936929!" == "" ( echo Unable to determine SP3's filename goto :eof ) if not exist "%hotfixdir%\!KB936929!" ( echo File not found: '%hotfixdir%\!KB936929!' goto :eof ) echo Integrating !KB936929!... ::echo start "%hotfixdir%\!KB936929!" /wait "%hotfixdir%\!KB936929!" /integrate:"%builddir%" %options% start "Integrating !KB936929!..." /wait "%hotfixdir%\!KB936929!" /integrate:"%builddir%" %options% set e=%errorlevel% :: 3010 = reboot required if not "!e!" == "3010" ( if errorlevel 1 ( echo !KB936929! returned error %e% goto :eof ) ) ) for %%a in ("%hotfixdir%"\Windows*.exe) do ( for /f "delims=- tokens=2" %%b in ("%%a") do ( set kb=%%b ) if /i not "!kb!" == "KB936929" ( if not exist "%svcpackdir%\!kb!.cat" ( echo Integrating %%a... ::echo start "%%a" /wait "%%a" /integrate:"%builddir%" %options% start "Integrating %%a..." /wait "%%a" /integrate:"%builddir%" %options% set e=%errorlevel% :: 3010 = reboot required if not "!e!" == "3010" ( if errorlevel 1 ( echo %%a returned error %e% goto :eof ) ) ) ) ) echo. echo The directory '%builddir%' has been successfully updated. echo. goto :eof :download for /f "delims=/ tokens=8" %%a in ("%1") do set exe=%%a set rv=%exe% if "%rv%" == "" ( echo Unable to parse the filename from "%1" goto :eof ) if exist "%hotfixdir%\%rv%" goto :eof %DOWNLOADER% %1 :loop cls echo.|time|find "current" echo Waiting for "%hotfixdir%\%rv%" to appear echo or press [Ctrl]-[Break] to abort... ping -w 1000 -n 2 127.0.0.1 >nul 2>nul if not exist "%hotfixdir%\%rv%" goto :loop cacls "%hotfixdir%\%rv%" /T /E /C /G "%USERNAME%":F goto :eof