Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Windows XP hack resurrects patches for retired OS

Gregg Keizer | May 29, 2014
But security researcher who tried the hack isn't sure the fixes will actually keep exploits at bay.

That last sentence was puzzling. While Microsoft would almost certainly not test POSReady 2009's patches on a Windows XP system, it would have tested the XP patches it crafted for its post-retirement support clients. And from all the evidence, POSReady 2009 is, at its heart, Windows XP SP3.

"The core of [Embedded POSReady 2009] is pretty much the same as Windows XP," said Segura.

Microsoft itself makes that plain on its own website. In one document, Microsoft stated that POSReady 2009 offers "full Win32 compatibility" with Windows applications.

While Microsoft urged XP users to steer clear of the hack and instead ditch the old OS for "a more modern operating system, like Windows 7 or Windows 8.1" -- Segura pointed out that wasn't always possible, often for financial reasons. "If someone is going to stick with XP [the hack] is better than doing nothing, better than not having any patches," Segura said.

"But there are better alternatives," he continued. "Don't use IE for one thing. Use an alternate browser -- Chrome are Firefox are going to still support XP -- and there are security products, including our anti-exploit products, that still run on XP. Those would be much better than the hack."

The POSReady 2009 hack wasn't the first end-around Windows XP users have found for patching their PCs. In August 2010, after Microsoft required customers to upgrade from XP SP2 to SP3 to continue to receive security updates, a security adviser with antivirus vendor F-Secure revealed a Windows registry hack that tricked Windows Update into "seeing" an XP SP2 PC as an XP SP3 system.

Segura was curious how Microsoft would deal with the hack. "It's so easy to get the patches," he said. "Did Microsoft miss something? Will they do additional validation [to block the hack]? Can they?"

Instructions on how to apply the hack can be found on the Web, including this piece by Martin Brinkman on his Ghacks blog last Saturday.

 

Previous Page  1  2 

Sign up for Computerworld eNewsletters.