Jump to content

Microsoft patches Windows XP to fight 'WannaCry' attacks


Jody Thornton
 Share

Recommended Posts

8 hours ago, sdfox7 said:

Similarly, it seems clear to me that Microsoft has not issued this as a goodwill patch to "help" XP users. XP remains popular, so Microsoft is just trying to make XP appear more vulnerable and discourage its use, and by issuing a new patch, it brings XP back into the news.

I don't think Microsoft would have needed to release a goodwill patch to do that, though. Like I'd mentioned earlier the media's been having a field day in reporting how Windows XP was especially vulnerable to WannaCry due to most versions not having access to the update that fixes the issue. "Windows XP" was trending on Twitter during all the havoc, before Microsoft released those patches. All of it was talk about how many companies/hospitals rely on the OS, and how they fell victim because XP's no longer supported.

That's why I think Microsoft released the patches, in fact. With the far-reaching effects of WannaCry, the media shining a spotlight on XP's state might've made them squirm a bit, given that lives were potentially at risk this time around.

Which would be ironic, given that in 2014 the tech news sites practically acted like a wing of Microsoft's PR machine, pumping out thinkpiece after thinkpiece about how awful and terrible it is to use XP, shaming XP users and enthusiasts and predicting doom and gloom the moment Microsoft pulls the plug.

Link to comment
Share on other sites


I feel we have let the tin-foil hat people out of this, so I am going to ask the following:  Though highly improbable, what are the chances that the XP patch cannot only patch the wanna cry worm/virus vulnerability, but also create a hidden window in XP making it more accessible for Official Snoops that find XP harder to access than Win 7, 8, and 10?  Has the code of the patch (can it be?) been studied by any experts knowledgeable enough and daring enough to divulge such info, if such is discoverable? Someone had to bring this up, if I've not missed it!

Link to comment
Share on other sites

48 minutes ago, cyberformer said:

I feel we have let the tin-foil hat people out of this, so I am going to ask the following:  Though highly improbable, what are the chances that the XP patch cannot only patch the wanna cry worm/virus vulnerability, but also create a hidden window in XP making it more accessible for Official Snoops that find XP harder to access than Win 7, 8, and 10?  Has the code of the patch (can it be?) been studied by any experts knowledgeable enough and daring enough to divulge such info, if such is discoverable? Someone had to bring this up, if I've not missed it!

what kinda snoop?

Link to comment
Share on other sites

Hi Dibya!  Any agency that has the legal authority, clout, to do so--for good or evil purposes.  Could such a two sided patch be coded such as to be UN-discoverable even by coding experts?  My knowledge of coding is nil.

Link to comment
Share on other sites

Though I know next to nothing about coding, sdfox7--The first thing I would do is to extract other kb patches, notice similiarities, and then look for something in the most recent patch to see if it was seemingly out of place, or placed there for no reasonable reason.  I would look for an odd order of configuration, construct, etc.

Link to comment
Share on other sites

To unzip an update for Windows XP, run the patch with the -x parameter.

WindowsXP-KB4012598-x86-ENU.exe -x

The binary delta compression does not work with conventional packers.

updunzipes93j7v5nx.jpg

The only difference I could find

patchdeltax4lynb3m57.jpg

When comparing the srv.sys and xpsp4res.dll files in the SP3QFE folder of both updates, there was no difference!

Current in May KB4012598 was replaced by KB4018466 (still additional security gap in SMB)!
(Current Version from srv.sys 5.1.2600.7238 and xpsp4res.dll 5.1.2600.7238)

kb4018466info1qtked6x4w.jpg

:)

Edited by heinoganda
  • Upvote 3
Link to comment
Share on other sites

That does not seem very encouraging heinoganda!  ---by additional security gap, I take that to mean that the possibility I posited is indeed possible?  I hope I've misconstrued the meaning of the info you offered!

Link to comment
Share on other sites

It means Home XP was provided with patch that blocks WannaCry spread via SMBv1 and not a bit more.

Home XP got update from march.

POSReady got new update in may, fixing another flaw.

  • Upvote 2
Link to comment
Share on other sites

10 hours ago, heinoganda said:

To unzip an update for Windows XP, run the patch with the -x parameter.


WindowsXP-KB4012598-x86-ENU.exe -x

The binary delta compression does not work with conventional packers.

updunzipes93j7v5nx.jpg

The only difference I could find

patchdeltax4lynb3m57.jpg

When comparing the srv.sys and xpsp4res.dll files in the SP3QFE folder of both updates, there was no difference!

Current in May KB4012598 was replaced by KB4018466 (still additional security gap in SMB)!
(Current Version from srv.sys 5.1.2600.7238 and xpsp4res.dll 5.1.2600.7238)

kb4018466info1qtked6x4w.jpg

:)

Heinoganda

I'd like to see this patch working on Windows 2000. Is editing the update_SP3QFE.inf all that is necessary? I would just have to figure out what entries need to be changed.

Link to comment
Share on other sites

5 hours ago, heinoganda said:

@sdfox7

In this regard, I would contact @blackwingcat, since here is rather the chance exists an adequate patch for Windows 2000 to get.

:)

that may be hard as the change is quite large on some functions when I comparing 6860(pre MS17-010) and 7208(MS17-010 March for POSReady)

%25E6%259C%25AA%25E5%2591%25BD%25E5%2590

Link to comment
Share on other sites

23 hours ago, cyberformer said:

Any agency that has the legal authority, clout, to do so--for good or evil purposes.

It's not the case for the this patch, but, for the records, if, let's say, the NSA wants to collect your data and access to your PC, you are not gonna be safe with XP, or any other Microsoft OS, nor Apple OS. Besides, I'm pretty sure they would find a way to get into a custom Arch Linux configuration as well, eventually. Anyway, that's on a completely different level, as average users - as we are - are concerned about being safe against normal viruses, spyware etc and we are still safe with XP + POSReady updates + antivirus + firewall.

Edited by FranceBB
  • Upvote 2
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.


×
×
  • Create New...