XP Security Updates still available

[cabri]

http://www.businessinsider.com/hack-tricks-xp-into-security-updates-2014-5

Someone found a simple trick that forces Microsoft into sending security updates to Windows XP machines.

...

write a few lines of code and make Windows XP install updates anyway. This trick makes Windows Update think that the device is running a version of Windows XP that is still supported by Microsoft and will be for another five years. That's a version known as Windows Embedded POSReady

MS response

We recently became aware of a hack that purportedly aims to provide security updates to Windows XP customers. The security updates that could be installed are intended for Windows Embedded and Windows Server 2003 customers and do not fully protect Windows XP customers. Windows XP customers also run a significant risk of functionality issues with their machines if they install these updates, as they are not tested against Windows XP. The best way for Windows XP customers to protect their systems is to upgrade to a more modern operating system, like Windows 7 or Windows 8.1.

 

[nemesismk2]

I have used this information above with a new copy of windows xp, i first updated all of the microsoft patches and activated the copy of windows. i then did a full scan with malwarebytes premium to make sure that everything was 100% virus free which it was.

I then used the information above and made changes to the registery.

I then ran my windows update which downloaded the following:-

Windows XP Embedded Security Update for Internet Explorer 8 for WEPOS and POSReady 2009 (KB2953522) 29 May 2014 Microsoft Update

Windows XP Embedded Security Update for Microsoft .NET Framework 4 on Windows Server 2003, Vista, Windows 7, Server 2008 x86 (KB2931365) 29 May 2014 Microsoft Update

Windows XP Embedded Security Update for WEPOS and POSReady 2009 (KB2926765) 29 May 2014 Microsoft Update

Windows XP Embedded Security Update for Microsoft .NET Framework 2.0 SP2 on Windows Server 2003 (KB2932079) 29 May 2014 Microsoft Update

I then rebooted and i did another malwarebytes premium scan which didn't detect anything wrong.

 

[Ketchup]

Worked on my VM.

 

[WackyDan]

Point is...You won't get all the XP focused security patches and I'd dam well steer clear of the patches for XP embedded on an XP box.

I'm still running some XP virtual machines, but I've made them persistent. Don't care if they get infected as they reset on the next boot.

 

[nemesismk2]

just got the next patches for windows xp which are:-

Security Update for WEPOS and POSReady 2009 (KB2957509)
Security Update for WEPOS and POSReady 2009 (KB2939576)
Security Update for WEPOS and POSReady 2009 (KB2957503)
Cumulative Security Update for Internet Explorer 8 for WEPOS and POSReady 2009 (KB2957689)
Windows Malicious Software Removal Tool - June 2014 (KB890830)

 

[nemesismk2]

I wouldn't advise using these windows xp updates because they wrecked my copy of windows xp. i would use windows 7 instead because it's a very good operating system.

 

[corkyg]

XP that has MSE installed prior to the drop dead date will continue to get daily updates to malware definitions, and the monthly Malicious Software Removal scan.