09.21.09

Gemini version available ♊︎

Microsoft Confirms Windows XP is Not — and Never Will be — Secure

Posted in Microsoft, Security, Windows at 2:21 pm by Dr. Roy Schestowitz

Is XP EOL?

Windows XP wallpaper style

Summary: With Windows Server 2003 and Windows Server 2000 near the dumpster, Microsoft takes a huge risk by not patching the most ubiquitous desktop operating system

MICROSOFT HAS stopped issuing patches for security flaws in Windows XP, which makes XP unsuitable (and maybe illegal) for use on the Internet.

This very bizarre stance (if not illegal because Microsoft advertised XP as supported for years to come) is more or less being ratified now that Microsoft offers radical advice for ‘removing’ the security risk:

Microsoft says turn off Windows feature to protect Windows

[...]

There’s no real reason for SMB2, (Server Message Block 2), a Microsoft network file and print-sharing protocol that ships with Windows Vista, Windows Server 2008 and Windows 7, to exist. All it does is duplicate the basic network file and print functionality that Windows has provided for over a decade. But, SMB2 is in there, it is broken, and, now it can be used to take over PCs.

Microsoft admits that the problem is real. Mark Wodrich and Jonathan Ness, part of the MSRC (Microsoft Security Response Center) engineering team wrote that an experimental exploit is already out and that it can gain “complete control of the targeted system and can be launched by an unauthenticated user.” Just what you didn’t need.

There is a way to fix it. Well, sort of. You have to turn SMB2 off.

This stuff cannot be made up. Microsoft is also neglecting Windows Server 2003 and is officially ending support for Server 2000 at the moment. This is a huge strategic risk for the company. Now is the time to advance GNU/Linux for domestic and commercial use.

Share in other sites/networks: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Reddit
  • email

Decor ᶃ Gemini Space

Below is a Web proxy. We recommend getting a Gemini client/browser.

Black/white/grey bullet button This post is also available in Gemini over at this address (requires a Gemini client/browser to open).

Decor ✐ Cross-references

Black/white/grey bullet button Pages that cross-reference this one, if any exist, are listed below or will be listed below over time.

Decor ▢ Respond and Discuss

Black/white/grey bullet button If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

9 Comments

  1. Yuhong Bao said,

    September 21, 2009 at 3:43 pm

    Gravatar

    “Microsoft Confirms Windows XP is Not — and Never Will be — Secure”
    Against this particular vulnerability only! Besides, this isn’t unusual. Look at the last months of security bulletins before MS discontinued NT 4 support in the end of 2004, some of them say NT 4 will be never be patched for the same reason.

    Roy Schestowitz Reply:

    NT 4…

    Microsoft is not a basis of comparison for Microsoft. :-p

    Yuhong Bao Reply:

    “Against this particular vulnerability only!”
    To clarify, I mean that, yes, MS will not patch this vulnerability, but that do not change the fact that MS will still try their best to patch XP against new security holes until the end of Extended Support in 2014, just like how MS did with NT 4 until end of 2004 and 98/ME until mid-2006.

  2. Yuhong Bao said,

    September 21, 2009 at 5:54 pm

    Gravatar

    “There’s no real reason for SMB2, (Server Message Block 2), a Microsoft network file and print-sharing protocol that ships with Windows Vista, Windows Server 2008 and Windows 7, to exist.”
    Well, I would not go that far, but the merits and disadvantages of the SMB 2.0 protocol itself is another topic altogether.

    twitter Reply:

    Ah Boa, you never “go that far.”

    Anyway, what’s a softie to do? They no longer even have the illusion of network security now. If XP is never patched again and Vista is knocked off the M$ network, where does that leave the Enterprise? None of them bothered to run Vista and won’t bother running Windows 7 either. So they are left with a very broken M$ infrastructure.

    Yuhong Bao Reply:

    I was specifically talking about the SMB 2.0 protocol, not Vista in general.
    “XP is never patched again”
    Not true, see my previous comment.

  3. Needs Sunlight said,

    September 22, 2009 at 5:58 am

    Gravatar

    Q: When is Windows exactly like Windows?
    A: When the $NEXT_VERSION is for sale.

    Q: When is Windows not like Windows?
    A: When the $NEXT_VERSION is for sale.

    M$ always allows criticism of it’s oldest supported version when trying to drum up sales of the $NEXT_VERSION. In this case it’s trying to peddle Vista7 and stem of further upgrades to Ubuntu.

    Of course it is different now than in the past. In the past, M$ embarrassed its executives and its programmers by releasing terribly poor, insecure and unstable software. But this time, honest, they’ve learned there lesson and the company will recover its reputation with
    Windows 3.0
    Windows 3.1
    Windows 3.11
    Windows NT
    Windows 95
    Windows 98
    Windows NT 4.0
    Windows 2000 (NT5)
    Windows Millennium Edition (Me)
    Windows XP
    Windows XP SP2
    Windows Server 2003
    Windows Home Server
    Windows Vista
    Windows Server 2008
    Windows Vista 7
    Windows Vista 8
    Windows Vista ng

    … Not!

    http://linuxlock.blogspot.com/2009/08/windows-users-charlie-browns-of.html

    Needs Sunlight Reply:

    Forgot overpriced in the description above.

    http://www.law.com/jsp/article.jsp?id=1088699765289

    There are 49 other states not counting the UK. :P

  4. Roy Schestowitz said,

    September 22, 2009 at 6:14 am

    Gravatar

    Watch this video from 2007 (when Vista was released). Around the 5th minute Linus speaks about how Vista is mostly hype.

DecorWhat Else is New


  1. [Meme] Microsoft Has Always Been About Control Over Others

    Hosting by Microsoft means subjugation or a slavery-like relationship; contrary to the current media narrative, Microsoft has long been censoring LinkedIn for China’s autocratic regime; and over at GitHub, as we shall show for months to come, there’s a war on information, a war on women, and gross violations of the law



  2. EFF Pushes for Users to Install DuckDuckGo Software After Being Paid to Kill HTTPS Everywhere

    Guest post by Ryan, reprinted with permission



  3. The Reign in Spain

    Discussion about the role of Spain in the EPO‘s autocratic regime which violates the rights of EPO staff, including Spanish workers



  4. [Meme] Spanish Inquisition

    Let it be widely known that Spain played a role in crushing the basic rights of all EPO workers, including hundreds of Spaniards



  5. Why You Shouldn’t Use SteamOS, a Really Incompetent GNU/Linux Distribution With Security Pitfalls (Lutris is a Great Alternative)

    Guest post by Ryan, reprinted with permission



  6. IRC Proceedings: Friday, October 15, 2021

    IRC logs for Friday, October 15, 2021



  7. Links 16/10/2021: Xubuntu 21.10 and DearPyGui 1.0.0

    Links for the day



  8. DuckDuckGo’s HQ is Smaller Than My Apartment

    Guest post by Ryan, reprinted with permission



  9. Post About Whether Vivaldi is a GPL violation Was Quietly Knifed by the Mods of /r/uBlockOrigin in Reddit

    Guest post by Ryan, reprinted with permission



  10. The EPO’s Overseer/Overseen Collusion — Part XIII: Battistelli's Iberian Facilitators - Spain

    The EPO‘s António Campinos is an ‘Academy’ of overt nepotism; what Benoît Battistelli did mostly in France Campinos does in Spain and Portugal, severely harming the international image of these countries



  11. From Competitive (Top-Level, High-Calibre, Well-Paid) Jobs to 2,000 Euros a Month -- How the EPO is Becoming a Sweatshop by Patent Examiners' Standards

    A longish video about the dreadful situation at the EPO, where staff is being ‘robbed’ and EPO funds get funnelled into some dodgy stock market investments (a clear violation of the institution’s charter)



  12. [Meme] Protecting European Patent Courts From EPO 'Mafia'

    With flagrant disregard for court rulings (or workarounds to dodge actual compliance) it seems clear that today's EPO management is allergic to justice and to judges; European Patents perish at unprecedented levels in national European courts and it should be kept that way



  13. Links 15/10/2021: Pine64's New PinePhone Pro and Ubuntu 22.04 LTS Codename

    Links for the day



  14. [Meme] GitHub Isn't Free Hosting, It's All About Control by Microsoft

    Deleting GitHub isn’t a political statement but a pragmatic decision, seeing how Microsoft routinely misuses its control over GitHub to manipulate the market



  15. With EPO 'Strike Regulations' Belatedly Ruled Unlawful, EPO Management May be Lowering the Salary Even Further by Introducing Outside 'Temps' or Casual Workers

    Institutional capture by an 'IP' (litigation) Mafia is nearly complete; with illegal so-called (anti) 'Strike Regulations' out the door, they're quickly moving on to another plan, or so it seems on the surface



  16. Links 15/10/2021: 95% of Ransomware Targets Windows

    Links for the day



  17. IRC Proceedings: Thursday, October 14, 2021

    IRC logs for Thursday, October 14, 2021



  18. The EPO’s Overseer/Overseen Collusion — Part XII: The French Connection

    The EPO‘s presidency (led by Frenchmen for nearly 15 years out of the past 18 years; Benoît Battistelli and António Campinos are both French despite their somewhat misleading surnames) is extremely unlikely to even be mildly scrutinised by the French delegates because of a web of nepotism and protectionism



  19. [Meme] Another Maladministration Meeting Comes to an End

    Did the EPO‘s overseeing body properly tackle Benoît Battistelli‘s illegal acts, authorised by that very same overseeing body? Don’t hold your breath as António Campinos continues to crack down on staff (maybe ILOAT will rule on it in 2030)



  20. Links 14/10/2021: LibreOffice 7.2.2, Happy Birthday to Jolla, Ubuntu 21.10, Devuan GNU+Linux 4.0, OpenBSD 7.0

    Links for the day



  21. [Teaser] What Miguel de Icaza Really Thinks of the CEO of Microsoft GitHub

    Following the opening of a new series about Microsoft GitHub we drop a little teaser today; we expect dozens of parts to be released in the coming weeks/months as facts are being validated and organised



  22. Splitting the Time to Cover More Leaks and Exposés

    We take stock of Part 11 of the ongoing EPO series (“EPO’s Overseer/Overseen Collusion”) and explain what caused various delays yesterday; we may have to up our pace a little in order to keep up with an influx of leaks and whistleblowers



  23. [Meme] Destroying the Workplace

    The working conditions at the EPO continue to worsen under the António Campinos regime, perpetuating the decade-long 'demolition project' of Benoît Battistelli and his cohorts in the complicit Administrative CouncilThe working conditions at the EPO continue to worsen under the António Campinos regime, perpetuating the decade-long 'demolition project' of Benoît Battistelli and his cohorts in the complicit Administrative Council



  24. Microsoft GitHub Exposé — Part I — Inside a Den of Corruption and Misogynists

    Today we commence a new series that implicates Microsoft, GitHub, Copilot, and Team Mono



  25. EPO Management Tricks EPO Staff Into Taking More Paycuts

    “Education and childcare reform” [sic] is an António Campinos "reform" in the same sense regressive salary reductions are just “adjustments” (euphemism); Electronic opt-in gaffes, according to staff representatives, show that the tradition of Benoît Battistelli carries on at the Office, taking away from staff for a few corrupt officials to milk the institution to death



  26. Links 14/10/2021: Whisker Menu 2.6.1 and KDE's Birthday

    Links for the day



  27. Links 14/10/2021: DragonFly 6.0.1 Released and Red Hat Loses Another Top Executive

    Links for the day



  28. IRC Proceedings: Wednesday, October 13, 2021

    IRC logs for Wednesday, October 13, 2021



  29. Süddeutsche Zeitung Became a Propaganda Arm of EPO Management (and by Extension Software Patents/Patent Lobbyists)

    EPO ‘genius’ António Campinos enjoys shallow press coverage, which echoes or resembles Benoît Battistelli‘s corruption of the media (paid-for fluff)



  30. GNOME (and Debian) Infringe Human Rights by Shipping Parental Control Software (Internally Called “Malcontent”)

    Guest post by Ryan, reprinted with permission


RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

Recent Posts