Registry hack allows Windows XP SP2 patching

People still running Microsoft Corp.’s now-retired Windows XP Service Pack 2 (SP2) can trick the operating system into installing security updates, a researcher said Monday.

The hack requires an edit of a single key in the Windows registry, said Sean Sullivan, a security adviser with Helsinki-based antivirus vendor F-Secure Corp., who spelled out the tweak in a blog post .

“It turns out that an SP2 system will think it’s [Service Pack 3] if you edit this key: ‘HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Windows,’ and edit the DWORD value ‘CSDVersion’ from 200 to 300, [then] reboot,” said Sullivan.

According to Microsoft, CSDVersion specifies the name of the most recent service pack installed on the PC.

In other words, Sullivan’s hack disguises XP SP2 as SP3 when Microsoft’s security updates determine whether the PC is eligible for a patch.

With the hack, Sullivan was able to force a Windows XP SP2 system to install the emergency patch Microsoft issued last week for a critical vulnerability in Windows’ parsing of shortcut files.

That “out-of-band” update was officially denied to Windows XP SP2 PCs because the service pack was retired from support on July 13 . By Microsoft policy, retired products no longer receive security patches.

After hacking the registry, Sullivan installed the shortcut patch — which he had downloaded directly from Microsoft’s site rather than via the Windows Update patching service — and tested an exploit that has been used by attackers for several weeks to infect PCs.

“It did not infect the system after the patch,” said Sullivan. “Cool.”

The patch for the shortcut bug can be found on Microsoft’s Download Center site.

Sullivan cautioned users that the registry hack is risky.

“Remember, this update is not officially tested or supported by Microsoft for SP2,” Sullivan said. “Hacking the registry and applying updates is likely a very quick way to destabilize your system. You really should update to Service Pack 3 if at all possible.”

Most users, in fact, steer clear of the registry, since as Sullivan pointed out, an editing error can cripple the computer. “Do so at your own risk,” he added.

Sullivan admitted he had not come up with the registry tweak, but said he had remembered a similar hack touted by players of “Grand Theft Auto IV” a year and a half ago. A thread on the GTAForums.com site from December 2008 showed how the same hack could be used to fool the game into launching on a Windows XP SP2 system.

Microsoft has been pushing customers all year to upgrade from XP SP2 to SP3 — or to move to the new Windows 7 instead — and offers detailed instructions on how to get and install XP’s third service pack on its site.

 

 

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now