Microsoft warns against registry hack that allows Windows XP updates

Yesterday news came out that a registry hack would allow Windows XP users to still receive critical security updates, despite the OS being no longer supported. Now Microsoft is publicly warning folks against using this method to update their machines.

The registry hack would allow XP users to mask the fact their machines were using an unsupported OS. Microsoft’s update servers would register the machines as using Windows Embedded POS Ready 2009, a version supported until 2019. Users would then be able to download certain updates; however it’s not clear which updates would actually work or fix anything as the operating systems differ from one another.

On this note Microsoft has released a statement to ZDnet warning users to not use this hack. The company says this will likely do more harm than good.

The security updates that could be installed are intended for Windows Embedded and Windows Server 2003 customers and do not fully protect Windows XP customers. Windows XP customers also run a significant risk of functionality issues with their machines if they install these updates, as they are not tested against Windows XP.

It’s pretty obvious why Microsoft released this statement. After all, it’s not like they’d urge users to go on hacking their machines and misleading the company’s update servers. Then again, they do have a point in that these updates aren’t tested against XP which can create problems, and may not even offer any protection to those systems that employ it.

Windows XP, which is now well over twelve years old, stopped receiving updates over a month ago, though some institutions are paying Microsoft a lot of money to continue pushing out limited availability updates. For everyone else however, the best course of action would be upgrading to Windows 7 or 8. 

Source: ZDNet via: The Guardian | Image via ZDNet

Report a problem with article
Previous Story

Twitter is NOT releasing all of your data to every scientist on the planet

Next Story

Avast forums forced offline by weekend hack attack, 400,000 users affected

63 Comments

Commenting is disabled on this article.

With my customers, I use the car analogy, which goes like this (even an accountant can understand this one): You have a 15 year old car which still runs fine, most of the time. Occasionally you need to buy some spare parts to keeps it running that way. At somepoint the car manufacturer says No More Spare Parts, but you like the car, it serves you well and it still does what it is supposed to do for you. So you soldier on getting spare parts from scrap dealers and junk yards, until one day, a part in the seat belts breaks and you can't source it from anywhere. Leave aside the legalities of driving without a seat belt for the moment, but you are now driving an XP!

I'll be glad when they stop doing updates full stop, $$s or no-$$s.

Then perhaps XP can be finally put in a place where it rightly deserves to rest in peace, and not constantly dragged out by the weak few that, in their own worlds, refuse to upgrade due to the same old tired "business" reasons we hear again and again. Yawn.

This is quite funny really. Microsoft is still supporting XP, just not officially. By cutting off direct support for consumers while at the same time providing it for paying businesses and XP variations like Embedded, it just makes them look punitive and money grubbing.

simplezz said,
This is quite funny really. Microsoft is still supporting XP, just not officially. By cutting off direct support for consumers while at the same time providing it for paying businesses and XP variations like Embedded, it just makes them look punitive and money grubbing.

They should cut support completely, no paid support, no support for embedded versions, just end it. If companies are still so stupid that they won't upgrade that should be their problem.

simplezz said,
This is quite funny really. Microsoft is still supporting XP, just not officially. By cutting off direct support for consumers while at the same time providing it for paying businesses and XP variations like Embedded, it just makes them look punitive and money grubbing.

Embedded versions always receive longer support than their consumer counterparts.

Should be interesting to see how long it takes for XP systems using this to sink. Oh well, that is the risk you run while modifying the OS to use an update channel not intended for the OS.

I think i'm going to use this to do monthly updates on an XP VM and see if anything ever breaks :D .. I'm really doubting anything will.

It only took me 5 seconds to see this being the result after reading about the hack... Seriously, people need to let go of XP already... Even if you don't like Win8, Win7 is so much better than XP it's not even funny. People just need to bite the bullet already and upgrade (or get a new machine)... I mean, I could see people "not letting go" if they couldn't afford to upgrade... but seriously, if you can afford it, just suck it up and do it already. The world's not going to end because you have to learn to use something new. Why are people so afraid of such a miniscule change in their way of life as an OS upgrade?!

Easy for you to say. You do not run a business or have an anal cost accountant who knows jack about IT dictate your job and decide when to upgrade. You never worked for an owner whose wife shopping sprees and new trucks every other year always put your budget to the backseat.

Oh if it gets hacked it is still your fault you lazy no good cost center! Secure it or I will find someone else who will? This solution might be an idea for these users

sinetheo said,
Easy for you to say. You do not run a business or have an anal cost accountant who knows jack about IT dictate your job and decide when to upgrade. You never worked for an owner whose wife shopping sprees and new trucks every other year always put your budget to the backseat.

Oh if it gets hacked it is still your fault you lazy no good cost center! Secure it or I will find someone else who will? This solution might be an idea for these users

As I said above, Enterprise would never deploy this. Sorry. Upgrade or die.

sinetheo said,
.... anal cost accountant who knows jack about IT dictate your job and decide when to upgrade. You never worked for an owner whose wife shopping sprees and new trucks every other year always put your budget to the backseat.....

These folks deserve there comeuppance and you probably shouldn't work for them anyway.

Dot Matrix said,

As I said above, Enterprise would never deploy this. Sorry. Upgrade or die.

Many are not nor are they paying for support. The good ones yes but my county did not upgrade. Money just not there

Lord Method Man said,
People obsessively trying to keep Windows XP going are not unlike necrophiliacs. The basic principal is the same.

So continuing to use Windows XP is the same as having sex with dead people?

It makes me facepalm knowing there are organisations so behind that they are paying to have limited updates for them to keep functioning.

Actually it's not a different OS. Just another version of the same OS. Embedded is based on XP Pro - the core it's the same, but the system was optimized for it's real purpose. So it's possible that updates works perfect, or not.
I also believe that Microsoft may put some updates wich could intentionally affect system stabilty for those using the hack. Just use some extra code in the installer to detect the real version of the system - not based only on that key. And if detect this is not ok to install some bad code to kill the system. This is possible.
However, it's also possible even for enerprise to play with this - as it can be installed on one machine - tested each update and if ok to distribute to the others.

eiffel_g said,
Actually it's not a different OS. Just another version of the same OS. Embedded is based on XP Pro - the core it's the same, but the system was optimized for it's real purpose. So it's possible that updates works perfect, or not.
I also believe that Microsoft may put some updates wich could intentionally affect system stabilty for those using the hack. Just use some extra code in the installer to detect the real version of the system - not based only on that key. And if detect this is not ok to install some bad code to kill the system. This is possible.
However, it's also possible even for enerprise to play with this - as it can be installed on one machine - tested each update and if ok to distribute to the others.

Enterprise would be IDIOTS do deploy this, and they're not going to. Would you want to be the guy to walk up to the boss, and ask to apply the registry cheat to corporate systems, to receive updates for a separate OS, with the chance that things may break completely, and which they aren't even licensed to run?

Enterprises are used SA, and don't care about ancient OS. Only problems with old POS machines or ATM's. Mostly whinings comes from stupid users, still siting on XP.

If people want to do this hack let them run the risk. I doubt the common consumer would be smart enough to do this.

wv@gt said,
If people want to do this hack let them run the risk. I doubt the common consumer would be stupid enough to do this.

There, fixed that for you ;)

xdot.tk said,
It's just FUD from MS.

Sounds that way. They don't want people getting free updates when there's a ton of money to be made on `extended support`.

simplezz said,

Sounds that way. They don't want people getting free updates when there's a ton of money to be made on `extended support`.

You do realize the costs associated with maintaining older codebases plus keeping support analysts trained to support out of support products?

Plus consider the user base. I'm not certain there are a magnitude more users on workstations running XP, but definitely less POS variations than the infinite number of combos XP can go on.

I'm no advocate of forcing every human on this planet off XP, but I recognize that supporting outdated software is a costly expense. Support contracts on the *nix side isn't that different either for business critical flavours of *nix.

xdot.tk said,
It's just FUD from MS.

It's not just FUD, as I said on the previous article, XP embedded is a sub-section of all the XP components, that means if there's a bug with a part of XP that's not in XP embedded, a 'registry hacked' version will still remain vulnerable.

simplezz said,

Sounds that way. They don't want people getting free updates when there's a ton of money to be made on `extended support`.

Extended support already ended.

xdot.tk said,
It's just FUD from MS.

It's not FUD. POS 2009 != WinXP. They're two different systems. "Based off of" does not equal "same".

Denis W. said,

You do realize the costs associated with maintaining older codebases plus keeping support analysts trained to support out of support products?

Governments and businesses are already paying Microsoft to do that. The only thing stopping Microsoft sharing those patches with consumers is avarice and the desire to force users to buy new computers running metro.

xdot.tk said,
It's just FUD from MS.
It's just FUD from you.

Imagine you think you know more than Microsoft and think that the different XP editions are the exact same *facepalm*

simplezz said,
Governments and businesses are already paying Microsoft to do that. The only thing stopping Microsoft sharing those patches with consumers is avarice and the desire to force users to buy new computers running metro.

And like he mentioned it's also no different from other operating systems. Even Linux. Either upgrade to a newer version which may or may not run on your system and/or run the software, or pay through the nose for the extended updates. Look at RHEL for a good example, rather expensive.. depending on the hardware it can cost you 5 figures.. per system, per year. They want to recover the cost of their time and labor to support a product that they retired.. just like Microsoft. (Or any other business for that matter) Imagine that. And that's completely glossing over that they're not the same operating system.. "based on" is a big difference from "same thing."

xdot.tk said,
It's just FUD from MS.

Well not exactly FUD, it's true they have not tested it, but it probably doesn't matter that they tested it or not.
I don't really care if people use XP, they should just know that it is unsupported and if they still want to use it, it's fine.

Man, some of you peeps. Do you actually believe for one minute that MS started making different XP updates after May 1st? One set for CSA customers and a different set for POS systems?

I know that a lot of you cant stand the fact that XP will continue to get patched but please don't let it take away your common sense. It's just software folks. Nothing to get upset over.

xdot.tk said,
Man, some of you peeps. Do you actually believe for one minute that MS started making different XP updates after May 1st? One set for CSA customers and a different set for POS systems?

You're working under the assumption that the software is 100% identical. Chances are it's not. A lot of the guts, sure, it's common. But 100%? As you mentioned in your thread, you also claimed to have used 2K3 (also based on XP) on an actual XP installation. How do you think it'll react when say the kernel gets patched for a vulnerability when it's a different version entirely? Can you guarantee that each and every subsystem in the POS version is identical? Well, I guess you can since you claim to have the source.

xdot.tk said,
Man, some of you peeps. Do you actually believe for one minute that MS started making different XP updates after May 1st? One set for CSA customers and a different set for POS systems?

Actually, yes. Since XP is no longer supported, these patches are no longer QA'd to work on XP. Remember, you're not receiving Windows XP updates, you're receiving POS2009 updates now, because that is what you're telling the WU server you are running. As we described above, they are NOT the same operating systems.

Dot Matrix said,

Actually, yes. Since XP is no longer supported, these patches are no longer QA'd to work on XP. Remember, you're not receiving Windows XP updates, you're receiving POS2009 updates now, because that is what you're telling the WU server you are running. As we described above, they are NOT the same operating systems.


XP is still being supported. It's called CSAs. Look it up.

They are for all practical purposes the same OS.

xdot.tk said,

XP is still being supported. It's called CSAs. Look it up.

They are for all practical purposes the same OS.

CSAs don't count. XP is EoL'd, and nothing is going to change that. And no, they are two completely separate versions. Now, I know you don't have the source code for them, so to call them the same, would be incorrect.

Dot Matrix said,

CSAs don't count. XP is EoL'd, and nothing is going to change that. And no, they are two completely separate versions. Now, I know you don't have the source code for them, so to call them the same, would be incorrect.

CSAs do count in this content. We are talking about patches for XP. And yes, I have the source code in it's compiled format and can compare one against the other and see that they are identical...not counting things like removed Movie Maker, etc of course.

xdot.tk said,
And yes, I have the source code in it's compiled format

Uh-huh. In other words the same thing millions of other people have, which isn't source at all. Go Google up a facepalm image for me please, too lazy today.

n_K said,

It's not just FUD, as I said on the previous article, XP embedded is a sub-section of all the XP components, that means if there's a bug with a part of XP that's not in XP embedded, a 'registry hacked' version will still remain vulnerable.

Since there are no more regular updates anymore it would have still been vulnerable anyway.

xdot.tk said,

CSAs do count in this content. We are talking about patches for XP. And yes, I have the source code in it's compiled format and can compare one against the other and see that they are identical...not counting things like removed Movie Maker, etc of course.

Uh-huh. That's not source code.

xdot.tk said,
Man, some of you peeps. Do you actually believe for one minute that MS started making different XP updates after May 1st? One set for CSA customers and a different set for POS systems?

Yea, the only technical difference between the two is the check for embedded at the end of update_SP3QFE.inf.

Yuhong Bao said,

Yea, the only technical difference between the two is the check for embedded at the end of update_SP3QFE.inf.

It doesnt matter. They wont listen. I've been looking closely at patches closely since I started my Windows Updates site back in 2009. I've got both systems on my hard drives and compared each and every file in each system when I first got my hands on POSReady but these 2 have done nothing of sort and think they know better just because MS claims something. If they only knew how sloppy MS is and the constant mistakes they make with their security bulletins, etc. MS is NOT the end all and be all and it's in their best interest to get people to buy Windows 8. What else are they supposed to say? They're a business!

xdot.tk said,

It doesnt matter. They wont listen. I've been looking closely at patches closely since I started my Windows Updates site back in 2009. I've got both systems on my hard drives and compared each and every file in each system when I first got my hands on POSReady but these 2 have done nothing of sort and think they know better just because MS claims something. If they only knew how sloppy MS is and the constant mistakes they make with their security bulletins, etc. MS is NOT the end all and be all and it's in their best interest to get people to buy Windows 8. What else are they supposed to say? They're a business!


I've got XP embedded on an old toshiba laptop... To say XP embedded is full XP is a bit of a joke, my install is 200MB.

n_K said,

I've got XP embedded on an old toshiba laptop... To say XP embedded is full XP is a bit of a joke, my install is 200MB.

Will you people stop making things up. I never said it was 100% identical as you are implying and others have claimed on here. If your install is only 200MB then didn't chose OCs during setup. The image that follows is after removing everything that CCleaner can remove and with IE8 instead of the stock IE7. Both browsers take the same amount of space so it should be a pretty accurate representation.

http://s26.postimg.org/u6gyq0j...g_Oracle_VM_Virtual_Box.png


Windows Embedded POSReady 2009
Based on Windows XP Service Pack 3, this version offers more features over Windows Embedded for Point of Service V1 such as Full Localization and XPF Support if .NET Framework 3.5 or higher installed. It is the first version of Windows Embedded that can use the Windows Update Agent to update an installed and deployed image. Mainstream support ended in April 2014 and extended support ends in April 2019.

http://en.wikipedia.org/wiki/W...dded_POSReady_2009#Versions

It's effectively a Mini XP SP3 image from what I can tell. It clearly received the same updates that XP SP3 did.

xdot.tk said,

Busted! 200MB when a minimum install is 520MB?
http://s26.postimg.org/8y3a8l4...Ready2009_Minimum520_MB.png

In actuality it's just about 600MB right at first boot on a minimum install...
http://s26.postimg.org/65a2ok4..._Minimum520_MBInstalled.png


As I said, XP EMBEDDED, which POS 2009 is based, and no, the minimum XP EMBEDDED, NOT POS 2009 is about 150MB.
POS 2009 is created on XP embedded (as is Windows FLP) and is a fraction of what is in normal XP, as I've said countless times now.

OK Sorry. I missed that but why did you claim I said XP embedded is the same as XP when I never said such a thing?

"To say XP embedded is full XP is a bit of a joke"

MS will just say, you've been warned, and move on. If someone on XP wants to do this and then install some update for Server or Embedded that breaks something for them it's their fault.

Time to upgrade the OS, use a VM with XP on it if you have to run some old apps but at least upgrade your host OS.

I cant imagine a huge number of current XP users are those using home machines, I would expect the majority to be ATMS, system devices and industrial programming machines etc.

I cant imagine any of those admins would risk hacking registry on live systems.

Many corps are sticking with XP and IT needs to keep them secure and running somehow. Small governments and accountants won't let them upgrade as what they have continues to work and it is the IT departments fault, not their XP if they get hacked.

Many IT shops which work with small to medium sized business will keep supporting XP for years to come. If they won't support a competitor will etched

sinetheo said,
Many corps are sticking with XP and IT needs to keep them secure and running somehow. Small governments and accountants won't let them upgrade as what they have continues to work and it is the IT departments fault, not their XP if they get hacked.

Many IT shops which work with small to medium sized business will keep supporting XP for years to come. If they won't support a competitor will etched

I have yet to see any evidence of this. Enterprise running SA will NEVER resort to a cheat to keep XP alive, and I have never seen a small business running XP in the last year or so.

68k said,
Microsoft preferred commenting ZDNet over Neowin?

ZDNet is a really big company that has been around since the 90s and has had everything from web sites and print magazines to television channels. Neowin is just a tiny speck in comparison. ;)