cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

General Discussions

kingfish
MVP
‎05-20-2019 03:32 PM

Not Dead Yet: Microsoft Issues Critical Security Patch for Windows XP

The incredible success of Windows XP has been something of a double-edged sword for Microsoft. On one hand, it dominated the desktop PC space for years with that OS, but it also struggled to move beyond XP. After trying for years to end update support, Microsoft finally retired XP five years ago. And yet, Microsoft just found a bug so severe that it has issued another patch for the aging operating system. The remaining Windows XP users out there might never know it exists, though.

Microsoft has only provided vague details of the vulnerability, saying that it affects the Remote Desktop component of Windows. The Remote Desktop Protocol (RDP) Microsoft uses isn’t vulnerable, but the flaw lies in the underlying implementation of remote desktop functionality. Thus, it’s “pre-authentication” and requires no user interaction. Microsoft says that makes the vulnerability “wormable,” meaning it could spread from one vulnerable computer to the next as the WannaCry malware did in 2017.

The vulnerability affects several Windows products including Windows 7, Windows Server 2008, Windows Server 2003, and Windows XP. Of those, only Server 2003 and XP are completely out of support. Windows 8 and newer are not affected. Systems that currently get updates will have the patch routed through Windows Update. Windows XP and Server 2003 users will need to manually download and install it, which very few of them are likely to do. Microsoft advises XP users to upgrade, but anyone still using XP probably has a reason even if that reason is just extreme laziness.

Microsoft headquarters

Even though Microsoft has not disclosed the exact flaw, even pointing people to the remote desktop functionality all but ensures that someone will devise an attack in the coming days. Security experts expect to see fully automated attacks based on this vulnerability that could spread any kind of malware imaginable.

It would be much worse for Microsoft if the remote desktop vulnerability existed in modern versions of Windows, but it’s still not great news that Windows XP has such a flaw. The global market share of the 2001 operating system still hovers between three and four percent. That means tens of millions of PCsSEEAMAZON_ET_135 See Amazon ET commerce still run XP, and most of them are in industrial facilities, hospitals, and businesses where they control vital applications that don’t work on newer systems. Anyone running outdated versions of Windows can head to the Microsoft website to install the patch, which clocks in around half a megabyte in size.

Not Dead Yet: Microsoft Issues Critical Security Patch for Windows XP - ExtremeTech 

2 Replies
black_zion
MVP
‎05-20-2019 06:27 PM

The scary thing is that most of these devices are in hospitals and businesses, carrying all our personal data. Honestly the US and the EU should declare XP a national security emergency and require Microsoft to maintain it.

pokester
In response to black_zion
MVP
‎05-28-2019 03:58 PM

Especially since Windows for embedded systems was the same as XP ans was supported for several years after XP. You can actually download the unofficial service pack 4 for XP which are the security updates that were for the other os that patch XP just fine. This is also a great time to make sure that you had also patched the WannaCry vulnerability from a couple years ago if you didn't on XP.

0 Likes