People still running the now-retired Windows XP Service Pack 2 (SP2) can trick the operating system into installing security updates, a researcher said Monday.
The hack requires an edit of a single key in the Windows registry, said Sean Sullivan, a security adviser with Helsinki, Finland-based antivirus vendor F-Secure, who spelled out the tweak in a blog post.
“It turns out that an SP2 system will think it’s [Service Pack 3] if you edit this key: ‘HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Windows,’ and edit the DWORD value ‘CSDVersion’ from 200 to 300, [then] reboot,” said Sullivan.
According to Microsoft, CSDVersion specifies the name of the most recent service pack installed on the PC.
In other words, Sullivan’s hack disguises XP SP2 as SP3 when Microsoft’s security updates determine whether the PC is eligible for a patch.
With the hack, Sullivan was able to force a Windows XP SP2 system to install the emergency patch Microsoft issued last week for a critical vulnerability in Windows’ parsing of shortcut files.
That “out-of-band” update was officially denied to Windows XP SP2 PCs because the service pack was retired from support on July 13 . By Microsoft policy, retired products no longer receive security patches.
After hacking the registry, Sullivan installed the shortcut patch — which he had downloaded directly from Microsoft’s site rather than via the Windows Update patching service — and tested an exploit that has been used by attackers for several weeks to infect PCs.
“It did not infect the system after the patch,” said Sullivan. “Cool.”
The patch for the shortcut bug can be found on Microsoft’s Download Center site.
Sullivan cautioned users that the registry hack is risky.
“Remember, this update is not officially tested or supported by Microsoft for SP2,” Sullivan said. “Hacking the registry and applying updates is likely a very quick way to destabilize your system. You really should update to Service Pack 3 if at all possible.”
Most users, in fact, steer clear of the registry, since as Sullivan pointed out, an editing error can cripple the computer. “Do so at your own risk,” he added.