Microsoft Warns Against XP Hack for Updates

Photo credit: 360b/
Photo credit: 360b/

A new hack that tricks Microsoft update servers into sending security patches to outdated XP machines is a dangerous path to go down, the Redmond giant is warning.

Microsoft discontinued support for the 13-year-old Windows XP back in April, leaving millions of machines open to zero-days that will never be fixed. Despite months of warnings about an oncoming hacker apocalypse for XP users and ongoing, high-profile articles in news outlets like this one, users are persisting in sticking with XP as an operating system, either out of budget constraints or a fear of change.

The “hack” is a small change within Windows XP registry that makes it look like Windows versions that are still supported until 2019. The folks at BetaNews figured it out and detailed how to accomplish it.

There’s only one issue: the updates that Microsoft will be pushing out won’t be addressing any flaws that are specific to XP itself.

“The security updates that could be installed are intended for Windows Embedded and Windows Server 2003 customers and do not fully protect Windows XP customers,” Microsoft said in a statement released to ZDnet. “Windows XP customers also run a significant risk of functionality issues with their machines if they install these updates, as they are not tested against Windows XP.”

Explaining the issue in more detail, Jerome Segura, senior security researcher for Malwarebytes told Infosecurity that users are getting more than they bargained for – in a bad way.

“This hack is remarkably simple because it only takes adding one registry key and then, all of a sudden, Windows Updates thinks you are running an XP subversion,” he said. “Users that apply the hack will see patches that are not going to be released for the XP mainstream version, such as an important security update for IE8. While it may be tempting to use this hack, users should bear in mind that Microsoft did not intend for those upcoming updates to be applied on regular XP. In other words, you are entering into an unfamiliar territory at your own risk.”

He continued: “The hack is interesting and certainly people will try it out for fun, but it should not be considered a viable option for businesses or consumers. Instead, you should plan on migrating to a newer, and supported, platform.”

Although Microsoft officially discontinued support for XP as of April 8, it appears to be considering patches as needed. For instance, a zero-day affecting Internet Explorer and more than a quarter of internet users prompted Microsoft to release an out-of-band security patch in May – including an auto-update for Windows XP users. The threat would seem to be too great for it to take a hard line on not issuing a patch, as it was found that the attackers are specifically targeting XP users running IE8.

Obviously, the best way for Windows XP customers to protect their systems is to upgrade to a more modern operating system, like Windows 7 or Windows 8.1. But it’s estimated that a significant chunk of PCs could still be using the XP platform. Trend Micro pegged it to be 32% of PCs in early April; Net Applications, which tracks use patterns in the PC market, put the number at a relatively similar 27.69% as of March 2014. Those percentages are sure to have come down a bit by now, but it’s a sure bet that the platform is not yet uncommon.

Bearing out that unwillingness to change, the hack will surely appeal, despite Microsoft’s warning.

“The fundamental issue here is looking backwards at technology that feels comfortable” Steve Hultquist, CIO and vice president of customer success for RedSeal Networks told Infosecurity. “Windows XP was released to manufacturing in August, 2001, when a T1 (1.5Mbps) was considered high-speed – and technology has accelerated rapidly in the past 15 years. Similarly, it's simpler to focus on the historically understood aspects of security such as firewalls, but the complexity of the internet and enterprise networks mean that you must have systems to analyze your overall, end-to-end network to know what you have and know the potential for attack. Don't compromise. Use the current tools to stay safe and get the job done effectively.”

What’s Hot on Infosecurity Magazine?