Microsoft patches Windows XP to fight 'WannaCry' attacks

[TrevMUN]

8 hours ago, sdfox7 said:

Similarly, it seems clear to me that Microsoft has not issued this as a goodwill patch to "help" XP users. XP remains popular, so Microsoft is just trying to make XP appear more vulnerable and discourage its use, and by issuing a new patch, it brings XP back into the news.

I don't think Microsoft would have needed to release a goodwill patch to do that, though. Like I'd mentioned earlier the media's been having a field day in reporting how Windows XP was especially vulnerable to WannaCry due to most versions not having access to the update that fixes the issue. "Windows XP" was trending on Twitter during all the havoc, before Microsoft released those patches. All of it was talk about how many companies/hospitals rely on the OS, and how they fell victim because XP's no longer supported.

That's why I think Microsoft released the patches, in fact. With the far-reaching effects of WannaCry, the media shining a spotlight on XP's state might've made them squirm a bit, given that lives were potentially at risk this time around.

Which would be ironic, given that in 2014 the tech news sites practically acted like a wing of Microsoft's PR machine, pumping out thinkpiece after thinkpiece about how awful and terrible it is to use XP, shaming XP users and enthusiasts and predicting doom and gloom the moment Microsoft pulls the plug.

[cyberformer]

I feel we have let the tin-foil hat people out of this, so I am going to ask the following:  Though highly improbable, what are the chances that the XP patch cannot only patch the wanna cry worm/virus vulnerability, but also create a hidden window in XP making it more accessible for Official Snoops that find XP harder to access than Win 7, 8, and 10?  Has the code of the patch (can it be?) been studied by any experts knowledgeable enough and daring enough to divulge such info, if such is discoverable? Someone had to bring this up, if I've not missed it!

[Dibya]

48 minutes ago, cyberformer said:

I feel we have let the tin-foil hat people out of this, so I am going to ask the following:  Though highly improbable, what are the chances that the XP patch cannot only patch the wanna cry worm/virus vulnerability, but also create a hidden window in XP making it more accessible for Official Snoops that find XP harder to access than Win 7, 8, and 10?  Has the code of the patch (can it be?) been studied by any experts knowledgeable enough and daring enough to divulge such info, if such is discoverable? Someone had to bring this up, if I've not missed it!

what kinda snoop?

[cyberformer]

Hi Dibya!  Any agency that has the legal authority, clout, to do so--for good or evil purposes.  Could such a two sided patch be coded such as to be UN-discoverable even by coding experts?  My knowledge of coding is nil.

[Dibya]

may be done

[sdfox7]

I was able to easily extract the KB4012598 using WinRAR. Only problem is, I don't know how to "read" the files.

[cyberformer]

Though I know next to nothing about coding, sdfox7--The first thing I would do is to extract other kb patches, notice similiarities, and then look for something in the most recent patch to see if it was seemingly out of place, or placed there for no reasonable reason.  I would look for an odd order of configuration, construct, etc.

[heinoganda]

To unzip an update for Windows XP, run the patch with the -x parameter.

WindowsXP-KB4012598-x86-ENU.exe -x

The binary delta compression does not work with conventional packers.

The only difference I could find

When comparing the srv.sys and xpsp4res.dll files in the SP3QFE folder of both updates, there was no difference!

Current in May KB4012598 was replaced by KB4018466 (still additional security gap in SMB)!
(Current Version from srv.sys 5.1.2600.7238 and xpsp4res.dll 5.1.2600.7238)

Edited May 16, 2017 by heinoganda

[cyberformer]

That does not seem very encouraging heinoganda!  ---by additional security gap, I take that to mean that the possibility I posited is indeed possible?  I hope I've misconstrued the meaning of the info you offered!

[Mcinwwl]

It means Home XP was provided with patch that blocks WannaCry spread via SMBv1 and not a bit more.

Home XP got update from march.

POSReady got new update in may, fixing another flaw.

[sdfox7]

10 hours ago, heinoganda said:

To unzip an update for Windows XP, run the patch with the -x parameter.

WindowsXP-KB4012598-x86-ENU.exe -x

The binary delta compression does not work with conventional packers.

The only difference I could find

When comparing the srv.sys and xpsp4res.dll files in the SP3QFE folder of both updates, there was no difference!

Current in May KB4012598 was replaced by KB4018466 (still additional security gap in SMB)!
(Current Version from srv.sys 5.1.2600.7238 and xpsp4res.dll 5.1.2600.7238)

Heinoganda

I'd like to see this patch working on Windows 2000. Is editing the update_SP3QFE.inf all that is necessary? I would just have to figure out what entries need to be changed.

[heinoganda]

@sdfox7

In this regard, I would contact @blackwingcat, since here is rather the chance exists an adequate patch for Windows 2000 to get.

[roytam1]

5 hours ago, heinoganda said:

@sdfox7

In this regard, I would contact @blackwingcat, since here is rather the chance exists an adequate patch for Windows 2000 to get.

that may be hard as the change is quite large on some functions when I comparing 6860(pre MS17-010) and 7208(MS17-010 March for POSReady)

[dencorso]

Or not... It seems 2k is immune to WannaCry... read this...

[FranceBB]

23 hours ago, cyberformer said:

Any agency that has the legal authority, clout, to do so--for good or evil purposes.

It's not the case for the this patch, but, for the records, if, let's say, the NSA wants to collect your data and access to your PC, you are not gonna be safe with XP, or any other Microsoft OS, nor Apple OS. Besides, I'm pretty sure they would find a way to get into a custom Arch Linux configuration as well, eventually. Anyway, that's on a completely different level, as average users - as we are - are concerned about being safe against normal viruses, spyware etc and we are still safe with XP + POSReady updates + antivirus + firewall.

Edited May 17, 2017 by FranceBB