Release Date: June 2009
Architecture: x86 (32-bit)
Language: PTB (Portuguese - Brazil)
Classification: Critical Security Update
The Core Issue
Users reported that after installing certain security updates or running specific JavaScript-heavy web applications (often legacy corporate intranet portals or old banking sites), Internet Explorer would exhibit one of the following symptoms: windows xp kb 968730 x86 ptb hotfix
Faulty display of PNG images with alpha transparency – Images would appear with black or checkered backgrounds instead of proper transparency.
GDI object leaks – The Graphics Device Interface (GDI) would fail to release handles for certain web controls, leading to a gradual system slowdown.
Application hangs when printing – Attempting to print a webpage containing complex tables or nested frames would cause IE to freeze, requiring a process kill.
Win32k.sys (a kernel-mode driver for window management and GDI)
Uninstallation / Rollback
If the hotfix includes an uninstaller, use Add/Remove Programs to uninstall it.
If not, restore the system from the System Restore point or your full backup.
If files were replaced, manual replacement from backups may be necessary.
What is KB968730? A Technical Breakdown
Prerequisites
Windows XP Service Pack 2 or 3 (SP3 recommended). The hotfix checks your winver build.
Brazilian Portuguese system locale – Go to Control Panel > Regional and Language Options > Advanced. Ensure "Portuguese (Brazil)" is selected.
Administrator privileges – You must be logged in as an admin.
Backup – Create a System Restore point or image the drive.
Windows XP KB968730 x86 PTB Hotfix: A Deep Dive into a Forgotten Patch
The Core Problem It Solved
According to archived Microsoft documentation, KB968730 addressed a rendering and input issue specific to the Brazilian Portuguese version of Windows XP. The bug manifested when users performed the following actions: Faulty display of PNG images with alpha transparency
Using the Brazilian Portuguese keyboard layout (ABNT2) in specific legacy applications (e.g., DOS-based shells or early .NET Framework 1.1 apps).
Attempting to save files with special characters like ç, ã, õ, â, ê, ô in system paths or registry keys.
Running system utilities (e.g., Regedit, Event Viewer) where the user interface would display garbled text instead of proper Portuguese diacritics.
The root cause lay in the Unicode conversion layer between Windows XP’s core (which uses UTF-16) and the ANSI code page 1252 (Western) that many older apps still relied on. Brazil uses Code Page 860 (MS-DOS Portuguese) and 1252, but the hotfix corrected a mismatch in the multibyte-to-wide-character translation routines within kernel32.dll and user32.dll for PTB locales.
7. Recommendation
Do not seek this hotfix unless you are running a legacy, air-gapped XP system that cannot be updated or replaced.
If you are experiencing the described MSI dynamic property bug on XP, consider migrating the installation logic to a more modern OS (e.g., Windows Embedded POSReady 7 or Windows 10 LTSC) instead.
Security Warning: Installing an unverified copy from a third-party site risks malware infection. Always verify the digital signature of msi.dll after installation.
2. Technical Details
The core issue addressed by KB968730 is identified under the security bulletin MS09-028. The vulnerability is specifically located within the Microsoft DirectShow component, which handles media streaming and rendering.
Vulnerability Name: Microsoft DirectShow Video Control Vulnerability (CVE-2009-1537).
Mechanism: The vulnerability exists due to the way DirectShow handles certain media format headers. When processing a malformed video file (such as an AVI or ASF file), the software performs insufficient validation of data structures. This can lead to a buffer overflow condition.
Impact: An attacker who successfully exploits this vulnerability can execute arbitrary code with the privileges of the logged-in user. If the user is logged in with administrative rights, the attacker could take complete control of the system.