Hacking Windows XP to get security patches is a really bad idea

By now, you probably know about the registry hack trick to get updates for Windows XP. I shouldn’t have to tell you this, but that’s a really bad idea, one you should not do, and both Microsoft and at least one security firm are saying not to do it.

Initially, I thought they were enabling XP to use Windows 7 updates, which wouldn’t be that far-fetched. XP and 7 have considerable overlap and common code. But I learned these are not Windows 7 patches, they are in fact for Windows Point of Service (Windows Embedded) machines, which run a custom version of the regular XP.

Because many businesses are still transitioning off XP due to the high cost of replacing the hardware, Microsoft will support that version of XP 2019. A replacement Embedded OS is already out there, based on Windows 7.

“Regular XP and POSready XP are so similar, which is why you can apply these updates,” Jerome Segura, senior security researcher for Malwarebytes tells me.

Naturally, Microsoft thinks this is a really bad idea.

“We recently became aware of a hack that purportedly aims to provide security updates to Windows XP customers. The security updates that could be installed are intended for Windows Embedded and Windows Server 2003 customers and do not fully protect Windows XP customers. Windows XP customers also run a significant risk of functionality issues with their machines if they install these updates, as they are not tested against Windows XP. The best way for Windows XP customers to protect their systems is to upgrade to a more modern operating system, like Windows 7 or Windows 8.1,” the company said in a statement to the media.

Segura also warned against this.

“This hack is remarkably simple because it only takes adding one registry key and then, all of a sudden, Windows updates thinks you are running an XP subversion. Users that apply the hack will see patches that are not going to be released for the XP mainstream version, such as an important security update for IE8. While it may be tempting to use this hack, users should bear in mind that Microsoft did not intend for those upcoming updates to be applied on regular XP. In other words, you are entering into an unfamiliar territory at your own risk.”

He added, “the hack is interesting and certainly people will try it out for fun, but it should not be considered a viable option for businesses or consumers. Instead, you should plan on migrating to a newer, and supported, platform.”

I don’t fault the hackers who want to try it for fun, but anyone who does this on a business/production machine deserves whatever happens next.

More Microsoft news:

• Microsoft settles cloud complaint for $22M to avoid EU antitrust probe
• US lawmakers raise a red flag over Microsoft’s $1.5B investment in G42
• Microsoft Build 2024: Cloud infra updates include Cobalt 100-based VMs, access to Copilot in Azure
• Microsoft’s AI ambitions fuel $3.3 billion bet on Wisconsin data center
• Microsoft Azure removes exit fee as EU regulations kick in