All the latest UK technology news, reviews and analysis
|
|
|
12 Aug 2010
Users of Windows XP Service Pack 2 (SP2) may still be able to get security updates, despite the lack of Microsoft support, thanks to a hack rediscovered by researchers at F-Secure.
SP2 users trying to upload security updates now get an error message, but the team at F-Secure remembered an old hack that gamers used to run Grand Theft Auto on older Windows systems.
Altering the registry code by one digit fools Microsoft's servers into accepting the host system as running SP3, and allows the installation of current security patches.
"It turns out that an SP2 system will think it's SP3 if you edit this key: HKLM\System\CurrentControlSet\ Control\Windows, and edit the DWORD value CSDVersion from 200 to 300 (and reboot)," said F-Secure in a blog post.
"It worked for Grand Theft Auto IV, so we decided to test it with KB2286198 and our test worked. WindowsXP-KB2286198-x86-ENU.exe installed on our SP2 test system once we tweaked the registry. We also tested an LNK exploit, and it did not infect the system after the patch."
Microsoft is urging users of older versions of XP to upgrade, but many are proving slow to do so.
Security consultant Dale Pearson said that, while the hack seems to work, users should not expect such easy fixes in the future.
"I recommend people carry out their own testing and then, if appropriate, look to apply this patch as an interim measure," he said.
"However, it is still important to update your systems to XP Service Pack 3 or to Windows 7, as this issue will continue and you may not be so lucky next time."
Latest stories from Operating Systems
Related articles
Related jobs
Poll
Are you confident that the UK's IT infrastructure is secure from attack in the wake of the Flame malware revelations?
V3 examines the key strengths and weaknesses of Samsung's latest iPhone killer
Connect with V3.co.uk
Social networking is almost ubiquitous. This white paper examines the benefits and risks and it looks at the different ways companies can reconcile them
The importance of understanding your infrastructure
Lead PHP Developer - Technical Architect - Ecommerce...
C# Software Engineers required to join rapidly expanding...
Java / J2EE Software Engineers required to join rapidly...
Developer (MIS / Business Systems - SQL / T-SQL, HTML...
Keep up to date with the latest products, services and technologies from the world's leading IT companies. IThound.com brings you over 2,000 white papers, case studies and analyst reports.
Do you agree?
So many dependent patches
What about the patches that depend on file versions "fixed" or "modified" by SP3. The only person that will be fooled is the person that tries using the SP4 registry key.(XP puts all patches to the OS dependant on SP3 under the SP4 key. Yes I know there won't be an SP4 for XP, only in my dreams. - F -
Posted by: FDunn 13 Aug 2010
These workarounds must absolutely only be viewed as a temporary fix
Dale hits the nail on the head here ? at the very best this kind of workaround is an interim measure. If organisations are to ensure their systems and applications are protected on an ongoing basis, the only long-term solution is to migrate to a supported OS. Given the number of security patches issued by Microsoft this week and the fact the eight of them were rated as critical, it?s clear that the security vulnerabilities of Windows 2000 and XP SP2 are only going to become more evident as time goes on. By avoiding the issue with this kind of hack and putting off a necessary migration, it could open up new and unforeseen vulnerabilities that, in the long term, could prove extremely costly. This kind of hack is not efficient or effective in the mid or long-term and given the benefits of migrating to Windows 7 in terms of security, functionality and enhanced browser capabilities, such workarounds must absolutely only be viewed as a temporary fix. Greg Lambert, ChangeBASE
Posted by: Greg Lambert, ChangeBASE 12 Aug 2010