The last two weeks should have made Windows XP Service Pack 2 users quite nervous. They sit on a vulnerable operating system that Microsoft has stop supporting. In doing so, they are left in a perpetually vulnerable state, especially as other XP vulnerabilities are discovered.
Initially there were reports of a simple registry hack that would identify your system as patched at Service Pack 3 and allow the patch to install. Granted because this was a registry hack there were a lot of disclaimers around the use of this approach. However at the end of last week, there was some reported information that there was a method to legitimately install patches on a SP2 machine.
The initial (unsubstantiated) rumors were that those who had a support contract with Microsoft had an inside line that provided them access to the patch. After some research, Dale Pearson of Security Active posted his findings. Apparently the published patch for XP embedded does work on SP2 systems. Since the only thing that kept the original patch from installing on a typical install is the single registry entry at HKLM\System\CurrentControlSet\Control\Windows\, one has to assume that this does not exist in the XP embedded patch or system (those who are familiar with XP embedded are more than welcome to correct me here).
Regardless, those who are still on Service Pack 2 must be there for a reason (if you aren’t, then please install SP3 and patch your system). Whatever that reason is, you will need to take extra care from this point forward in determining ways to keep your machine patched as well as possible (or again you can install SP3). So keep in mind that the patches for XP Embedded may be a work around for you (unless Microsoft catches on to this 🙂 ).
- Registry hack allows Windows XP SP2 patching (v3.co.uk)
- Thoughts on that XP SP2 reg hack that allows for .LNK patching (zdnet.com)
- Registry hack tricks Windows XP SP2 into installing security updates (infoworld.com)