Registry Hack Allows Windows XP SP2 Patching

Wednesday, August 11, 2010

People still running the now-retired Windows XP Service Pack 2 (SP2) can trick the operating system into installing security updates, a researcher said Monday.

The hack requires an edit of a single key in the Windows registry, said Sean Sullivan, a security adviser with Helsinki, Finland-based antivirus vendor F-Secure, who spelled out the tweak in a blog post.

"It turns out that an SP2 system will think it's [Service Pack 3] if you edit this key: 'HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Windows,' and edit the DWORD value 'CSDVersion' from 200 to 300, [then] reboot," said Sullivan.

According to Microsoft, CSDVersion specifies the name of the most recent service pack installed on the PC.

Windows XP lives

  • Registry hack allows Windows XP SP2 patching

  • R.I.P. Windows XP SP2

  • Microsoft extends Windows XP downgrade rights until 2020

  • How to keep Windows XP SP2 safer after Microsoft stops patching

  • Most firms face security 'red alert' as XP SP2's retirement looms

  • Windows XP SP2 retirement looms, puts users in tough spot

  • Windows 7 SP1 means end of XP downgrade rights

  • Microsoft pushes users to ditch XP with IE9 plans, says analyst

  • New Microsoft support service offers XP users Windows 7 goodies

  • Microsoft wins Windows XP downgrade lawsuit


More on Windows

In other words, Sullivan's hack disguises XP SP2 as SP3 when Microsoft's security updates determine whether the PC is eligible for a patch.

With the hack, Sullivan was able to force a Windows XP SP2 system to install the emergency patch Microsoft issued last week for a critical vulnerability in Windows' parsing of shortcut files.

That "out-of-band" update was officially denied to Windows XP SP2 PCs because the service pack was retired from support on July 13. By Microsoft policy, retired products no longer receive security patches.

After hacking the registry, Sullivan installed the shortcut patch -- which he had downloaded directly from Microsoft's site rather than via the Windows Update patching service -- and tested an exploit that has been used by attackers for several weeks to infect PCs.

"It did not infect the system after the patch," said Sullivan. "Cool."

The patch for the shortcut bug can be found on Microsoft's Download Center site.

Sullivan cautioned users that the registry hack is risky.

"Remember, this update is not officially tested or supported by Microsoft for SP2," Sullivan said. "Hacking the registry and applying updates is likely a very quick way to destabilize your system. You really should update to Service Pack 3 if at all possible."

Most users, in fact, steer clear of the registry, since as Sullivan pointed out, an editing error can cripple the computer. "Do so at your own risk," he added.

Sullivan admitted he had not come up with the registry tweak, but said he had remembered a similar hack touted by players of "Grand Theft Auto IV" a year and a half ago. A thread on the GTAForums.com site from December 2008 showed how the same hack could be used to fool the game into launching on a Windows XP SP2 system.

Microsoft has been pushing customers all year to upgrade from XP SP2 to SP3 -- or to move to the new Windows 7 instead -- and offers detailed instructions on how to get and install XP's third service pack on its site.

Source: computerworld.com

0 comments