- Jan 24, 2011
- 9,378
The "fixes" won't address all XP flaws and leaves users wide open.
A new hack that tricks Microsoft update servers into sending security patches to outdated XP machines is a dangerous path to go down, the Redmond giant is warning.
Microsoft discontinued support for the 13-year-old Windows XP back in April, leaving millions of machines open to zero-days that will never be fixed. Despite months of warnings about an oncoming hacker apocalypse for XP users and ongoing, high-profile articles in news outlets like this one, users are persisting in sticking with XP as an operating system, either out of budget constraints or a fear of change.
The “hack” is a small change within Windows XP registry that makes it look like Windows versions that are still supported until 2019. The folks at BetaNews figured it out and detailed how to accomplish it.
There’s only one issue: the updates that Microsoft will be pushing out won’t be addressing any flaws that are specific to XP itself.
“The security updates that could be installed are intended for Windows Embedded and Windows Server 2003 customers and do not fully protect Windows XP customers,” Microsoft said in a statement released to ZDnet. “Windows XP customers also run a significant risk of functionality issues with their machines if they install these updates, as they are not tested against Windows XP.”
Explaining the issue in more detail, Jerome Segura, senior security researcher for Malwarebytes told Infosecurity that users are getting more than they bargained for – in a bad way.
“This hack is remarkably simple because it only takes adding one registry key and then, all of a sudden, Windows Updates thinks you are running an XP subversion,” he said. “Users that apply the hack will see patches that are not going to be released for the XP mainstream version, such as an important security update for IE8. While it may be tempting to use this hack, users should bear in mind that Microsoft did not intend for those upcoming updates to be applied on regular XP. In other words, you are entering into an unfamiliar territory at your own risk.”
Read more: http://www.infosecurity-magazine.com/view/38612/microsoft-warns-against-xp-hack-for-updates/
A new hack that tricks Microsoft update servers into sending security patches to outdated XP machines is a dangerous path to go down, the Redmond giant is warning.
Microsoft discontinued support for the 13-year-old Windows XP back in April, leaving millions of machines open to zero-days that will never be fixed. Despite months of warnings about an oncoming hacker apocalypse for XP users and ongoing, high-profile articles in news outlets like this one, users are persisting in sticking with XP as an operating system, either out of budget constraints or a fear of change.
The “hack” is a small change within Windows XP registry that makes it look like Windows versions that are still supported until 2019. The folks at BetaNews figured it out and detailed how to accomplish it.
There’s only one issue: the updates that Microsoft will be pushing out won’t be addressing any flaws that are specific to XP itself.
“The security updates that could be installed are intended for Windows Embedded and Windows Server 2003 customers and do not fully protect Windows XP customers,” Microsoft said in a statement released to ZDnet. “Windows XP customers also run a significant risk of functionality issues with their machines if they install these updates, as they are not tested against Windows XP.”
Explaining the issue in more detail, Jerome Segura, senior security researcher for Malwarebytes told Infosecurity that users are getting more than they bargained for – in a bad way.
“This hack is remarkably simple because it only takes adding one registry key and then, all of a sudden, Windows Updates thinks you are running an XP subversion,” he said. “Users that apply the hack will see patches that are not going to be released for the XP mainstream version, such as an important security update for IE8. While it may be tempting to use this hack, users should bear in mind that Microsoft did not intend for those upcoming updates to be applied on regular XP. In other words, you are entering into an unfamiliar territory at your own risk.”
Read more: http://www.infosecurity-magazine.com/view/38612/microsoft-warns-against-xp-hack-for-updates/