Tag Archives: Operating system

Microsoft

Windows XP hack resurrects patches for retired OS

Leave a comment

But security researcher who tried the hack isn’t sure the fixes will actually keep exploits at bay

A simple hack of Windows XP tricks Microsoft’s update service into delivering patches intended for a close cousin of the aged OS, potentially extending support for some components until 2019, a security researcher confirmed today.

What’s unclear is whether those patches actually protect a Windows XP PC against cyber criminals’ exploits.

The hack, which has circulated since last week — first on a German-language discussion forum, then elsewhere as word spread — fools Microsoft’s Windows Update service into believing that the PC is actually running a close relation of XP, called “Windows Embedded POSReady 2009.”

Unlike Windows XP, which was retired from security support April 8 and no longer receives patches, Embedded POSReady 2009 is due patches until April 9, 2019.

As its name implies, POSReady 2009 is used as the OS for devices such as cash registers — aka point-of-sale systems — and ATMs. Because it’s based on Windows XP Service Pack 3 (SP3), the last supported version of the 13-year-old OS, its security patches are a superset of those that would have been shipped to XP users if support was still in place. Many of POSReady 2009’s patches are similar, if not identical, to those still offered to enterprises and governments that have paid Microsoft for post-retirement XP support.

Jerome Segura, a senior security researcher at Malwarebytes, an anti-malware software vendor, tried out the hack and came away impressed.

“The system is stable, no crashes, no blue screens,” Segura said in an interview, talking about the Windows XP virtual machine whose updates he resurrected with the hack. “I saw no warnings or error messages when I applied patches for .Net and Internet Explorer 8.”

The Internet Explorer 8 (IE8) update Segura applied appeared to be the same one Microsoft released May 13 for other versions of Windows, including POSReady 2009, but did not deliver to Windows XP.

But although he has run the hacked XP for several days now without any noticeable problems, he wasn’t willing to give the trick a passing grade.

“[POSReady 2009] is not Windows XP, so we don’t know if its patches fully protect XP customers,” Segura said. “From an exploit point of view, when those vulnerabilities are exploited in the wild, will this patch protect PCs or will they be infected? That would be the ultimate proof.”

Microsoft, not surprisingly, took a dim view of the hack.

“We recently became aware of a hack that purportedly aims to provide security updates to Windows XP customers,” a company spokesperson said in an email. “The security updates that could be installed are intended for Windows Embedded and Windows Server 2003 customers and do not fully protect Windows XP customers. Windows XP customers also run a significant risk of functionality issues with their machines if they install these updates, as they are not tested against Windows XP.”

 

Best Microsoft MCTS Training – Microsoft MCITP Training at Certkingdom.com

 

Microsoft, Tech, Windows XP

Windows 8 Update: Operating system is cooked, sent to manufacturers

Also, Microsoft knows Surface is ticking off the OEMs, Windows Store is open to third-party apps

Businesses seriously considering Windows 8 can get a copy of the final version starting Aug. 15 so long as they have a subscription to TechNet, Microsoft’s resource for technical information.

This means they can test and evaluate the product in order to make decisions about when and if to migrate to the new platform, which officially launches Oct. 26.

 

Cisco CCNA Training, Cisco CCNA Certification
Best Microsoft MCTS Certification, Microsoft MCITP Training at certkingdom.com

Businesses without a TechNet subscription can get the final Windows 8 version Aug. 16 if they have a current Microsoft Software Assurance contract. The software will be accessible via the Microsoft Volume License Service Center. On the same day, the software will become available to Microsoft Partner Network members.

On Aug. 20, Windows 8 access is given to Microsoft Action Pack Providers who build services and products around Microsoft products. On Sept. 1, volume license customers that don’t have Software Assurance contracts can get Windows 8 via Microsoft Volume License Resellers.

Beyond all these upcoming deadlines, Microsoft this week officially released the final Windows 8 build to manufacturers, meaning they can start installing it on Windows 8 hardware, prepping for the official launch when devices with the operating system loaded go on sale.

This is just the start of a potentially busy time for Microsoft customers. Also released to manufacturer this week were Windows Server 2012 and Internet Explorer 10, both of which are also of interest to Microsoft shops. Server 2012 launches Sept. 4 and anchors what Microsoft describes as a cloud operating system. This is a tight integration between Server 2012 and Microsoft’s Azure cloud services, making it simpler to set up flexible data centers using traditional corporate infrastructure, private clouds and public clouds.

In a filing with the Security and Exchange Commission Microsoft stated the obvious — that selling its own Surface laptop/tablets will make its OEMs very unhappy.

“Our PC hardware products face competition from computer and other hardware manufacturers, many of which are also current or potential partners,” the Form 10-K says. “In addition, our Surface devices will compete with products made by our OEM partners, which may affect their commitment to our platform.”

That sounds like Microsoft expects the OEMs to be less than enthusiastic about slapping Microsoft operating systems on the hardware they make — not a good frame of mind for them to have if you’re launching a new operating system that depends in large part on OEMs licensing a lot of the software.
Windows Store opens for apps

Along with the release of the final version of Windows 8, the Windows Store is now accepting Metro-style applications from developers. There is a vetting process by Microsoft to approve any app that is accepted for sale in the store with the idea that if properly written, Metro apps will work well on Windows 8 machines, won’t slow them down and will be less likely to contain malware.

Note: In order to submit to the store, developers must have the release to manufacturer version of Windows 8.
iPad may be the default holiday gift

The excitement over Windows 8 on tablets may do more to confuse customers than it will do to actually sell the devices, according to an IDC report on the sale of iPads in Q2 of this year.

iPads crushed the competition, scoring 68.2% of all tablet shipments, the research firm says. With the iPad, Kindle Fire and Nook Tablet already available, and then Windows 8 and Windows RT devices going on sale in October, consumers may become confused.

“If anything, there’s a real risk that people will have too many options from which to choose this holiday season,” says Bob O’Donnell, IDC’s program vice president for clients and displays. “Consumers baffled by the differences between Amazon and Google versions of Android, or Windows 8 and Windows RT, may well default to market leader Apple. Or they may simply choose to remain on the sideline for another cycle.”

Cisco CCNA Training, Cisco CCNA Certification
Best Microsoft MCTS Certification, Microsoft MCITP Training at certkingdom.com