2 min read

How to trick Microsoft into updating Windows XP

Security & PrivacySoftware

Microsoft Corp. has officially stopped issuing security patches for Windows XP, but it appears that hackers bent of keeping the 13-year-old operating system alive have found a way to extend support to it at least until 2019.

The hack tricks Microsoft’s update service to port to XP certain patches intended for Windows Embedded POSReady 2009, an OS which is closely related to XP but was designed for use in devices like cash registers, point-of-sales systems and automated teller machines.

Windows Embedded POSReady 2009 is supported by Microsoft until April 9, 2019. Although patches for the OS will support some XP components, it is still not certain if this can keep XP users safe from cyber exploits.

Existence of the hack was made known last week in a German language discussion forum Sebijk.com.

The discussion involved a query about the possibility of using POSReady 2009 updates for XP since the former is based on the Windows XP kernel. The person asking for advice appeared to have encountered some difficulty.

The query was answered with a simple solution that involves creating a text file that will allow the installation of POSReady 2009 updates to XP.

However, the poster issued this warning. “Attention: No warranty. Although POSReady 2009 is based on XP and thus is binary compatible, the updates are not tested under XP and can potentially create unwanted side effects, as well as the EULA could potentially be hurt by Microsoft. Use at your own risk! “

A report on the online technology publication Computerworld.com, however, quoted a senior security researcher as saying he was impressed with the hack.

Jerome Segura, of antivirus firm Malwarebytes, told the publication that he was able to resurrect a Windows XP virtual machine with the hack. According to Segura the core of POSReady 2009 is pretty much the same as XP.

The system is stable, no crashes, no blue screens,” he told Computerworld. “I saw no warning signs or error messages when I applied patches for .Net and Internet Explorer 8,” he said.

While Segura has been running the hacked XP for several days now, he still has some doubts.

He said it is still not certain if the patches fully protect XP.

These concerns were echoed by an email from Microsoft to Computerworld. A spokesperson said the company has become aware of the hack. The spokesperson said that although the updates can be ported to XP “customers run a significant risk of functionality issues with their machines.”

However, if you are really dead set in using XP for as long as possible, there are other alternatives.

For instance, you can ditch IE and use an alternate browser such as Chrome and Firefox which still support XP.

There are other security products and third party vendors that have said they will continue to support XP.