09.21.09

Microsoft Confirms Windows XP is Not — and Never Will be — Secure

Posted in Microsoft, Security, Windows at 2:21 pm by Dr. Roy Schestowitz

Is XP EOL?

Windows XP wallpaper style

Summary: With Windows Server 2003 and Windows Server 2000 near the dumpster, Microsoft takes a huge risk by not patching the most ubiquitous desktop operating system

MICROSOFT HAS stopped issuing patches for security flaws in Windows XP, which makes XP unsuitable (and maybe illegal) for use on the Internet.

This very bizarre stance (if not illegal because Microsoft advertised XP as supported for years to come) is more or less being ratified now that Microsoft offers radical advice for ‘removing’ the security risk:

Microsoft says turn off Windows feature to protect Windows

[...]

There’s no real reason for SMB2, (Server Message Block 2), a Microsoft network file and print-sharing protocol that ships with Windows Vista, Windows Server 2008 and Windows 7, to exist. All it does is duplicate the basic network file and print functionality that Windows has provided for over a decade. But, SMB2 is in there, it is broken, and, now it can be used to take over PCs.

Microsoft admits that the problem is real. Mark Wodrich and Jonathan Ness, part of the MSRC (Microsoft Security Response Center) engineering team wrote that an experimental exploit is already out and that it can gain “complete control of the targeted system and can be launched by an unauthenticated user.” Just what you didn’t need.

There is a way to fix it. Well, sort of. You have to turn SMB2 off.

This stuff cannot be made up. Microsoft is also neglecting Windows Server 2003 and is officially ending support for Server 2000 at the moment. This is a huge strategic risk for the company. Now is the time to advance GNU/Linux for domestic and commercial use.

Share in other sites/networks: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Reddit
  • email

This post is also available in Gemini over at:

gemini://gemini.techrights.org/2009/09/21/windows-xp-security-eol/

If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

Pages that cross-reference this one

9 Comments

  1. Yuhong Bao said,

    September 21, 2009 at 3:43 pm

    Gravatar

    “Microsoft Confirms Windows XP is Not — and Never Will be — Secure”
    Against this particular vulnerability only! Besides, this isn’t unusual. Look at the last months of security bulletins before MS discontinued NT 4 support in the end of 2004, some of them say NT 4 will be never be patched for the same reason.

    Roy Schestowitz Reply:

    NT 4…

    Microsoft is not a basis of comparison for Microsoft. :-p

    Yuhong Bao Reply:

    “Against this particular vulnerability only!”
    To clarify, I mean that, yes, MS will not patch this vulnerability, but that do not change the fact that MS will still try their best to patch XP against new security holes until the end of Extended Support in 2014, just like how MS did with NT 4 until end of 2004 and 98/ME until mid-2006.

  2. Yuhong Bao said,

    September 21, 2009 at 5:54 pm

    Gravatar

    “There’s no real reason for SMB2, (Server Message Block 2), a Microsoft network file and print-sharing protocol that ships with Windows Vista, Windows Server 2008 and Windows 7, to exist.”
    Well, I would not go that far, but the merits and disadvantages of the SMB 2.0 protocol itself is another topic altogether.

    twitter Reply:

    Ah Boa, you never “go that far.”

    Anyway, what’s a softie to do? They no longer even have the illusion of network security now. If XP is never patched again and Vista is knocked off the M$ network, where does that leave the Enterprise? None of them bothered to run Vista and won’t bother running Windows 7 either. So they are left with a very broken M$ infrastructure.

    Yuhong Bao Reply:

    I was specifically talking about the SMB 2.0 protocol, not Vista in general.
    “XP is never patched again”
    Not true, see my previous comment.

  3. Needs Sunlight said,

    September 22, 2009 at 5:58 am

    Gravatar

    Q: When is Windows exactly like Windows?
    A: When the $NEXT_VERSION is for sale.

    Q: When is Windows not like Windows?
    A: When the $NEXT_VERSION is for sale.

    M$ always allows criticism of it’s oldest supported version when trying to drum up sales of the $NEXT_VERSION. In this case it’s trying to peddle Vista7 and stem of further upgrades to Ubuntu.

    Of course it is different now than in the past. In the past, M$ embarrassed its executives and its programmers by releasing terribly poor, insecure and unstable software. But this time, honest, they’ve learned there lesson and the company will recover its reputation with
    Windows 3.0
    Windows 3.1
    Windows 3.11
    Windows NT
    Windows 95
    Windows 98
    Windows NT 4.0
    Windows 2000 (NT5)
    Windows Millennium Edition (Me)
    Windows XP
    Windows XP SP2
    Windows Server 2003
    Windows Home Server
    Windows Vista
    Windows Server 2008
    Windows Vista 7
    Windows Vista 8
    Windows Vista ng

    … Not!

    http://linuxlock.blogspot.com/2009/08/windows-users-charlie-browns-of.html

    Needs Sunlight Reply:

    Forgot overpriced in the description above.

    http://www.law.com/jsp/article.jsp?id=1088699765289

    There are 49 other states not counting the UK. :P

  4. Roy Schestowitz said,

    September 22, 2009 at 6:14 am

    Gravatar

    Watch this video from 2007 (when Vista was released). Around the 5th minute Linus speaks about how Vista is mostly hype.

What Else is New


  1. Links 23/6/2021: TeXmacs 2.1 and Blender LTS Support

    Links for the day



  2. How to Install and Then Use NetSurf as a Web Browser for the User-Centric Web, Not 'GAFAMNet'

    Today we take a quick look at what it's like to actually install NetSurf (some distros, like some Xfce-based ones, are bundled with it); we then take it for a spin



  3. Shifting Back to Fundamentals and Basics of the World Wide Web (and Gemini)

    Gemini protocol or simplified Web might be the way to go; it's easier to maintain, secure, and it's vastly better in terms of performance



  4. First I Came

    Time after time people will be reminded — or learn the hard way — that self reliance and avoidance of disappointment typically requires self-hosting, proper standards, free software, and simplicity, not outsourcing, large frameworks, and other kinds of unnecessary complexity



  5. IRC Proceedings: Tuesday, June 22, 2021

    IRC logs for Tuesday, June 22, 2021



  6. Time for Linus Torvalds to Enforce and Protect His Brand From Misuse by His Employer, the So-called 'Linux' Foundation

    The gross misuse or misapplication of the brand "Linux" is being highlighted in this video about the latest examples. It has gone too far; whether Linus Torvalds wishes to rock the boat that’s the so-called ‘Linux’ Foundation is totally up to him, but it might help if people contact him directly, especially longtime users and proponents of GNU/Linux.



  7. Links 23/6/2021: WordPress 5.8 Beta 3 and More Openwashing by LF

    Links for the day



  8. Links 22/6/2021: KDE Plasma 5.22.2, FreeBSD 13.0 Compared to DragonFlyBSD 6.0

    Links for the day



  9. “Linux Foundation Partners With Microsoft” Again

    Jim "Open Source Loves Microsoft" Zemlin shows (or rears) his face again, and as usual it’s just more promotion of marketing rubbish and openwashing of Microsoft (several new partnerships with Microsoft announced just hours ago)



  10. Links 21/6/2021: NVIDIA’s DLSS and Most Beautiful GNU/Linux Distributions

    Links for the day



  11. Neil's Misgovernment

    The GNOME Foundation has one member of staff fewer; the attack on the founder/father of Free/libre software activism and GNU (the "G" in GNOME) failed and backfired spectacularly



  12. IRC Proceedings: Monday, June 21, 2021

    IRC logs for Monday, June 21, 2021



  13. Virtual Injustice -- Part 14: How Mandatory ViCo Became the “New Normal”

    How mandatory ViCo hearings gradually became the "New Normal" at the EPO



  14. Links 21/6/2021: Rocky Linux 8.4, IPFire 2.25 - Core Update 157, and SUSE Linux Enterprise 15 SP3

    Links for the day



  15. There Are Bigger Scandals Than Revisionism and Brand Dilution at the Linux Foundation

    There are some misconceptions that need tackling; back in February (more than 4 months ago) the so-called 'Linux' Foundation decided to associate with yet another controversial drive that has nothing to do with Linux; some people think it's a new thing and leap to conclusions



  16. Techrights Video Gallery Without JavaScript

    Some of the improvements made this morning to the gallery of recent videos



  17. IRC Proceedings: Sunday, June 20, 2021

    IRC logs for Sunday, June 20, 2021



  18. Links 21/6/2021: Linux 5.13 RC7, IRC.com by Freenode

    Links for the day



  19. Virtual Injustice -- Part 13: Let the Games Continue…

    "It would be nice to think that the events of 28 May have given the Enlarged Board pause for thought."



  20. Links 20/6/2021: Akademy 2021 Underway and Linux Foundation Blasted

    Links for the day



  21. EPO: Fake Patents, Fake (Paid-for) Patent Coverage, and Fake Awards for Public Relations Purposes

    The media has been thoroughly corrupted, patent legitimacy has been severely damaged (far too many European Patents aren't in compliance with the EPC anymore), and Team UPC is trying to undermine the EPC and turn Europe into another Texas



  22. Changes in IRC and New Features Over Gemini Protocol or the World Wide Web

    We examine more closely some of the latest changes in the site and the capsule (Web and Gemini, respectively); we show that it’s possible to keep abreast of IRC using nothing but a text editor, a Gemini client… or even the command line alone



  23. IRC Proceedings: Saturday, June 19, 2021

    IRC logs for Saturday, June 19, 2021



  24. We Need and Deserve a Saner Patent System in Europe

    The laughing stock that the patent system, the patent law firms, and patent media became (over the past few years) must be replaced; at the moment we have a cabal connected to a bunch of criminals running the entire show and the public understandably grows impatient (at least people who are sufficiently informed; the criminals have already intimidated and bribed a lot of the media and they're still bribing more of it, as we shall demonstrate later today)



  25. [Meme] IRC Wars in a Nutshell

    In terms of large IRC networks, we’re in trouble (unless we self-host) because they seem to be dividing themselves along political lines rather than anything technical or something of an on-topic/relevant substance. Using networks for Free software projects/organisations to push one’s political agenda is not acceptable because it’s starting to seem like in IRC space, FN has become the Front Nationale (French) and LC is Liberal Coalition. Both FreeNode and Libera Chat have managed to turn from technical platforms into political parties, in effect using technical networks (intended for technical projects) to push someone's political agenda and thus misusing them for personal gain. There’s no free lunch. As it turns out, FreeNode’s new owner (Andrew Lee) has just outed himself as a huge Donald Trump supporter who speaks of “these fuckers who stole that shit” (he meant the election, which he insists Trump actually won in 2020).



  26. IBM Handles More Removals of Signatures From Its Hate Letter Against Richard Stallman

    Less than a day ago IBM processed a request for removal (from its hate letter); as someone put it in a letter to us, also less than a day ago: “When all of this started in 2019, the Red Hat GNU developers showed off their colours. The best way to attack an organisation is from the inside. Using GNU developers was a dead giveaway. Google and Microsoft are very much on the team with IBM. I believe they’ve made headway into the Free/Libre software community and have persuaded senior Debianties to go along with them.” That same message, from an anonymous GNU maintainer, said: “The strategy to target major distributions is clear and present danger. I’m not sure what arguments of persuasion are being used, but I’m pretty sure their main tool is currency. RMS needs a lot of strategic support from experts who will rally to the Free Software cause. He needs great lawyers, some corporate minds, and intelligence specialists.” Sometimes it seems or feels like by simply buying Red Hat (the staff) IBM infiltrated the GNU Project and now it is vainly making claims like 'GNU is IBM' and thus IBM et al can command/tell the FSF who should run FSF, not only GNU. Such entryism isn’t hard to see; “An open letter in support of Richard Matthew Stallman being reinstated by the Free Software Foundation” has meanwhile garnered 6,758 signatures. The opposite letter is only decreasing in support (signatures lost).



  27. Links 20/6/2021: Debian GNU/Linux 10.10 “Buster” Released and LF Revisionism Resumes

    Links for the day



  28. The EPO's Enlarged Board of Appeal Has Already Lost the Case in the Court of Public Opinion

    Personal views on the sordid state of the Enlarged Board of Appeal (EBoA), which by extension bodes poorly for the perception of independence in every Board of Appeal (BoA); the patent tribunals have been captured by patent maximalists who either stack the panels or intimidate judges into ruling in a particular way



  29. Virtual Injustice -- Part 12: Carl Josefsson – Down But Not Out!

    António Campinos still controls Josefsson, who controls all the judges, so in effect all the legal cases (including some about European software patents) are manipulated by the Office the judges are supposed to judge



  30. Links 19/6/2021: Wine 6.11 and Proton 6.3-5 RC

    Links for the day


RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

Recent Posts