A Hacker Found An Easy Trick To Get Security Fixes For Windows XP, And Microsoft Is Not Amused
It's not a perfect fix, but it's easy enough that anyone could do it, if they dare.
To recap: On April 8, Microsoft officially pulled the plug on Windows XP, the most popular version of Windows ever that launched more than 12 years ago. It had stopped selling XP back in 2010 and had been warning people for years that it would stop fixing security bugs found in the operating system.
Microsoft and many security vendors were treating the end of support as if it were some kind of PC Armageddon. But people and companies (particularly small businesses) have been reluctant to give up their perfectly functioning XP PCs and upgrade to new Windows machines running Windows 8 or even Windows 7. Even now, XP runs more than a quarter of the PCs on the Internet, 26%, according to Net Marketshare.
So Wayne Williams at Betanews showed people how to write a few lines of code and make Windows XP install updates anyway. This trick makes Windows Update think that the device is running a version of Windows XP that is still supported by Microsoft and will be for another five years. That's a version known as Windows Embedded POSReady.
All you have to do is following Williams' instructions below:
Create a text document, and call it XP.reg. You'll need to make sure .reg is the proper extension -- so not "XP.reg.txt". If it's not showing up as a registry file, open any folder, go to Tools > Folder Options, select View and uncheck 'Show hidden files and folders'. That should fix the problem.
Right-click the file, and select Edit. Paste in the following:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\WPA\PosReady]
"Installed"=dword:00000001
Save it, and then double-click the file. That will make that change to the registry. That's all you need to do. Windows will now automatically fetch updates designed for POSReady 2009, ensuring XP remains protected for the foreseeable future.
If you try this, whenever Microsoft fixes a security problem in XP embedded, your PC will get that update.
Of course, Microsoft is now aware of this hack so we'll see how long it lasts. The company isn't happy. It wants you to upgrade your Windows machine or buy a new one.
When ZDNet's Larry Seltzer verified that the hack worked, Microsoft sent him this statement, warning people not to try it.
We recently became aware of a hack that purportedly aims to provide security updates to Windows XP customers. The security updates that could be installed are intended for Windows Embedded and Windows Server 2003 customers and do not fully protect Windows XP customers. Windows XP customers also run a significant risk of functionality issues with their machines if they install these updates, as they are not tested against Windows XP. The best way for Windows XP customers to protect their systems is to upgrade to a more modern operating system, like Windows 7 or Windows 8.1.
And Microsoft has a point. The PC world has changed a lot in 12 years and newer versions of Windows are faster and more secure. But those who want to brave the risk of holding onto their Windows XP machines may be daring enough to give this hack a go, too.