Philipitous

You could disable the "webclient" service, but that would mean never using your browser (or anything else that allows for text). As all an attacker has to do is get you to visit a webpage where they control the text, so an XSS, or other attack on a website you visit is enough. They then control your systems core component, the kernel. That means they control your Firewall too (this only requires administrative access) so they can open, close, bind ports however they want. A firewall will do nothing here. In fact any security at or above ring 0 will be completely bypassed. The best solution here is a patch. Mmm ... There's a lot of Vulnerability Information in connection with this potential exploit and I've looked again at all the "Mitigating Factors" and "Workarounds" which can be studied here: http://technet.microsoft.com/en-gb/security/bulletin/ms13-053. I agree the best solution is a patch, but I also believe that all these "Vulnerabilities" (except one) are manageable with basic security - which if correct is the good news for those intending to use XP beyond April 2014, but certainly not a reason not to continue installing MS updates while available. I'm surprised at the lack of interest in this topic. Where are those who contributed here - http://www.msfn.org/board/topic/162134-how-can-we-keep-xp-alive/ There is one recently-discovered vulnerability, that can't be mitigated, stemming from 20 year old code! and quite an interesting article here: http://www.computerworld.com/s/article/9239477/Google_engineer_bashes_Microsoft_s_handling_of_security_researchers_discloses_Windows_zero_day However, it looks tangential to the exploit under discussion as the article says "... the bug cannot be exploited remotely -- by sneaking attack code onto a compromised website, for example ... "

Thanks for that. I hadn't read that deep into the document, but doing so was certainly worth it. In this case, the "workarounds" that will prevent an attack are that the webclient service is disabled and/or that TCP ports 139 and 445 are firewalled. On my system that service has been disabled for years without a problem, and those ports are not just stealthed they are closed. So I guess I was safe after all. There are still pages on the internet written by XP security gurus pre SP3 insisting that automatic updates must be on and real-time virus protection installed. And new pages of doom appearing now telling us after April 2014 it will be open season on XP and our systems will die. So folk sat there behind their paid-for Norton security, letting MS update their systems, and a few years later they find their computers are riddled with malware. I think my contention is that good security is about more than MS updates - which I'm certainly not against as my OP states. Yes, okay, maybe I got it wrong about remote access in this case. OTOH, the document says: "An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full administrative rights", which sounds a lot like something to do with remote access to me. I'm an interested amateur, not an expert.

I've seen comments about MS updates disabling mature systems and even a suggestion that there's a conspiracy at MS to render old XP systems unusable to encourage upgrades. So the following may help. I recently made a fresh install of XP Home original SP3 slipstreamed and then set about a custom update on MS's site using the supplied IE6 . I selected all but 3 of the critical updates (I didn't want Malicious SRT, IE8, and browser choice) and 3 non-critical (root certs, KB2492386, KB2808679). In due course, I restarted and went into MS updates once more to grab 2 that didn't take first time. All this updating took less than an hour, not closely attended, and the system is stable. I conclude no conspiracy. So while MS updates are available, I'll continue to update manually and selectively. If something goes wrong I have my system drive backed up. But how necessary, really, are these updates on a 12 year old OS that you would think by now had had most of the gliches removed? One of the the lastest is this: "Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2850851) Published: Tuesday, July 09, 2013". Problems with the kernel, sounds serious, but digging a little deeper we read: "The most severe vulnerability could allow remote code execution if a user views shared content that embeds TrueType font files..." (my bold) So if we can prevent remote access of shared content the threat is empty? I hope I'm right, because to me that seems achievable, and should be the basis of security now, and going forward from April 2014.

Hi there. Long time XP Home user here. When I set up my system in summer 2008 I looked hard at security issues. I've kept it updated but haven't thought too much about security since. (BTW in all this time I've never had a malware infection.) With support for XP due to end soon I decided to look at security again. What a minefield of information (and misinformation!). I've read enough to convince me that XP won't be dead from next April. I for one intend to continue using it until either there's some hardware incompatiblity, or everything just gets too slow. One ambition I have is to keep a system motherboard in continuous use long enough for it to actually break down!