09.21.09

Gemini version available ♊︎

Microsoft Confirms Windows XP is Not — and Never Will be — Secure

Posted in Microsoft, Security, Windows at 2:21 pm by Dr. Roy Schestowitz

Is XP EOL?

Windows XP wallpaper style

Summary: With Windows Server 2003 and Windows Server 2000 near the dumpster, Microsoft takes a huge risk by not patching the most ubiquitous desktop operating system

MICROSOFT HAS stopped issuing patches for security flaws in Windows XP, which makes XP unsuitable (and maybe illegal) for use on the Internet.

This very bizarre stance (if not illegal because Microsoft advertised XP as supported for years to come) is more or less being ratified now that Microsoft offers radical advice for ‘removing’ the security risk:

Microsoft says turn off Windows feature to protect Windows

[...]

There’s no real reason for SMB2, (Server Message Block 2), a Microsoft network file and print-sharing protocol that ships with Windows Vista, Windows Server 2008 and Windows 7, to exist. All it does is duplicate the basic network file and print functionality that Windows has provided for over a decade. But, SMB2 is in there, it is broken, and, now it can be used to take over PCs.

Microsoft admits that the problem is real. Mark Wodrich and Jonathan Ness, part of the MSRC (Microsoft Security Response Center) engineering team wrote that an experimental exploit is already out and that it can gain “complete control of the targeted system and can be launched by an unauthenticated user.” Just what you didn’t need.

There is a way to fix it. Well, sort of. You have to turn SMB2 off.

This stuff cannot be made up. Microsoft is also neglecting Windows Server 2003 and is officially ending support for Server 2000 at the moment. This is a huge strategic risk for the company. Now is the time to advance GNU/Linux for domestic and commercial use.

Share in other sites/networks: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Reddit
  • email

Decor ᶃ Gemini Space

Below is a Web proxy. We recommend getting a Gemini client/browser.

Black/white/grey bullet button This post is also available in Gemini over at this address (requires a Gemini client/browser to open).

Decor ✐ Cross-references

Black/white/grey bullet button Pages that cross-reference this one, if any exist, are listed below or will be listed below over time.

Decor ▢ Respond and Discuss

Black/white/grey bullet button If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

9 Comments

  1. Yuhong Bao said,

    September 21, 2009 at 3:43 pm

    Gravatar

    “Microsoft Confirms Windows XP is Not — and Never Will be — Secure”
    Against this particular vulnerability only! Besides, this isn’t unusual. Look at the last months of security bulletins before MS discontinued NT 4 support in the end of 2004, some of them say NT 4 will be never be patched for the same reason.

    Roy Schestowitz Reply:
    September 21st, 2009 at 3:47 pm

    NT 4…

    Microsoft is not a basis of comparison for Microsoft. :-p

    Yuhong Bao Reply:
    September 21st, 2009 at 10:39 pm

    “Against this particular vulnerability only!”
    To clarify, I mean that, yes, MS will not patch this vulnerability, but that do not change the fact that MS will still try their best to patch XP against new security holes until the end of Extended Support in 2014, just like how MS did with NT 4 until end of 2004 and 98/ME until mid-2006.

  2. Yuhong Bao said,

    September 21, 2009 at 5:54 pm

    Gravatar

    “There’s no real reason for SMB2, (Server Message Block 2), a Microsoft network file and print-sharing protocol that ships with Windows Vista, Windows Server 2008 and Windows 7, to exist.”
    Well, I would not go that far, but the merits and disadvantages of the SMB 2.0 protocol itself is another topic altogether.

    twitter Reply:
    September 21st, 2009 at 10:29 pm

    Ah Boa, you never “go that far.”

    Anyway, what’s a softie to do? They no longer even have the illusion of network security now. If XP is never patched again and Vista is knocked off the M$ network, where does that leave the Enterprise? None of them bothered to run Vista and won’t bother running Windows 7 either. So they are left with a very broken M$ infrastructure.

    Yuhong Bao Reply:
    September 21st, 2009 at 10:35 pm

    I was specifically talking about the SMB 2.0 protocol, not Vista in general.
    “XP is never patched again”
    Not true, see my previous comment.

  3. Needs Sunlight said,

    September 22, 2009 at 5:58 am

    Gravatar

    Q: When is Windows exactly like Windows?
    A: When the $NEXT_VERSION is for sale.

    Q: When is Windows not like Windows?
    A: When the $NEXT_VERSION is for sale.

    M$ always allows criticism of it’s oldest supported version when trying to drum up sales of the $NEXT_VERSION. In this case it’s trying to peddle Vista7 and stem of further upgrades to Ubuntu.

    Of course it is different now than in the past. In the past, M$ embarrassed its executives and its programmers by releasing terribly poor, insecure and unstable software. But this time, honest, they’ve learned there lesson and the company will recover its reputation with
    Windows 3.0
    Windows 3.1
    Windows 3.11
    Windows NT
    Windows 95
    Windows 98
    Windows NT 4.0
    Windows 2000 (NT5)
    Windows Millennium Edition (Me)
    Windows XP
    Windows XP SP2
    Windows Server 2003
    Windows Home Server
    Windows Vista
    Windows Server 2008
    Windows Vista 7
    Windows Vista 8
    Windows Vista ng

    … Not!

    http://linuxlock.blogspot.com/2009/08/windows-users-charlie-browns-of.html

    Needs Sunlight Reply:
    September 22nd, 2009 at 6:02 am

    Forgot overpriced in the description above.

    http://www.law.com/jsp/article.jsp?id=1088699765289

    There are 49 other states not counting the UK. :P

  4. Roy Schestowitz said,

    September 22, 2009 at 6:14 am

    Gravatar

    Watch this video from 2007 (when Vista was released). Around the 5th minute Linus speaks about how Vista is mostly hype.

DecorWhat Else is New

  1. Links 31/03/2023: Ruby 3.2.2 and Linux Lite 6.4

    Links for the day

  2. Links 31/03/2023: Devices and Games, Mostly Leftovers

    Links for the day

  3. IRC Proceedings: Thursday, March 30, 2023

    IRC logs for Thursday, March 30, 2023

  4. Links 31/03/2023: Ubuntu 23.04 Beta, Donald Trump Indicted, and Finland’s NATO Bid Progresses

    Links for the day

  5. Translating the Lies of António Campinos (EPO)

    António Campinos has read a lousy script full of holes and some of the more notorious EPO talking points; we respond below

  6. [Meme] Too Many Fake European Patents? So Start Fake European Courts for Patents.

    António Campinos, who sent EPO money to Belarus, insists that the EPO is doing well; nothing could be further from the truth and EPO corruption is actively threatening the EU (or its legitimacy)

  7. Thomas Magenheim-Hörmann in RedaktionsNetzwerk Deutschland About Declining Quality and Declining Validity of European Patents (for EPO and Illegal Kangaroo Courts)

    Companies are not celebrating the “production line” culture fostered by EPO management, which is neither qualified for the job nor wants to adhere to the law (it's intentionally inflating a bubble)

  8. Links 30/03/2023: HowTos and Political News

    Links for the day

  9. Links 30/03/2023: LibreOffice 7.5.2 and Linux 6.2.9

    Links for the day

  10. Links 30/03/2023: WordPress 6.2 “Dolphy” and OpenMandriva ROME 23.03

    Links for the day

  11. Sirius is Britain’s Most Respected and Best Established Open Source Business, According to Sirius Itself, So Why Defraud the Staff?

    Following today's part about the crimes of Sirius ‘Open Source’ another video seemed to be well overdue (those installments used to be daily); the video above explains to relevance to Techrights and how workers feel about being cheated by a company that presents itself as “Open Source” even to some of the highest and most prestigious public institutions in the UK

  12. IRC Proceedings: Wednesday, March 29, 2023

    IRC logs for Wednesday, March 29, 2023

  13. [Meme] Waiting for Standard Life to Deal With Pension Fraud

    The crimes of Sirius ‘Open Source’ were concealed with the authoritative name of Standard Life, combined with official papers from Standard Life itself; why does Standard Life drag its heels when questioned about this matter since the start of this year?

  14. Former Staff of Sirius Open Source Responds to Revelations About the Company's Crimes

    Crimes committed by the company that I left months ago are coming to light; today we share some reactions from other former staff (without naming anybody)

  15. Among Users in the World's Largest Population, Microsoft is the 1%

    A sobering look at India shows that Microsoft lost control of the country (Windows slipped to 16% market share while GNU/Linux grew a lot; Bing is minuscule; Edge fell to 1.01% and now approaches “decimal point” territories)

  16. In One City Alone Microsoft Fired Almost 3,000 Workers This Year (We're Still in March)

    You can tell a company isn’t doing well when amid mass layoffs it pays endless money to the media — not to actual workers — in order for this media to go crazy over buzzwords, chaffbots, and other vapourware (as if the company is a market leader and has a future for shareholders to look forward to, even if claims are exaggerated and there’s no business model)

  17. Links 29/03/2023: InfluxDB FDW 2.0.0 and Erosion of Human Rights

    Links for the day

  18. Links 29/03/2023: Parted 3.5.28 and Blender 3.5

    Links for the day

  19. Links 29/03/2023: New Finnix and EasyOS Kirkstone 5.2

    Links for the day

  20. IRC Proceedings: Tuesday, March 28, 2023

    IRC logs for Tuesday, March 28, 2023

  21. [Meme] Fraud Seems Standard to Standard Life

    Sirius ‘Open Source’ has embezzled and defrauded staff; now it is being protected (delaying and stonewalling tactics) by those who helped facilitate the robbery

  22. 3 Months to Progress Pension Fraud Investigations in the United Kingdom

    Based on our experiences and findings, one simply cannot rely on pension providers to take fraud seriously (we’ve been working as a group on this); all they want is the money and risk does not seem to bother them, even when there’s an actual crime associated with pension-related activities

  23. 36,000 Soon

    Techrights is still growing; in WordPress alone (not the entire site) we’re fast approaching 36,000 posts; in Gemini it’s almost 45,500 pages and our IRC community turns 15 soon

  24. Contrary to What Bribed (by Microsoft) Media Keeps Saying, Bing is in a Freefall and Bing Staff is Being Laid Off (No, Chatbots Are Not Search and Do Not Substitute Web Pages!)

    Chatbots/chaffbot media noise (chaff) needs to be disregarded; Microsoft has no solid search strategy, just lots and lots of layoffs that never end this year (Microsoft distracts shareholders with chaffbot hype/vapourware each time a wave of layoffs starts, giving financial incentives for publishers to not even mention these; right now it’s GitHub again, with NDAs signed to hide that it is happening)

  25. Full RMS Talk ('A Tour of Malicious Software') Uploaded 10 Hours Ago

    The talk is entitled "A tour of malicious software, with a typical cell phone as example." Richard Stallman is speaking about the free software movement and your freedom. His speech is nontechnical. The talk was given on March 17, 2023 in Somerville, MA.

  26. Links 28/03/2023: KPhotoAlbum 5.10.0 and QSoas 3.2

    Links for the day

  27. The Rumours Were Right: Many More Microsoft Layoffs This Week, Another Round of GitHub Layoffs

    Another round of GitHub layoffs (not the first [1, 2]; won’t be the last) and many more Microsoft layoffs; this isn’t related to the numbers disclosed by Microsoft back in January, but Microsoft uses or misuses NDAs to hide what’s truly going on

  28. All of Microsoft's Strategic Areas Have Layoffs This Year

    Microsoft’s supposedly strategic/future areas — gaming (trying to debt-load or offload debt to other companies), so-called ‘security’, “clown computing” (Azure), and “Hey Hi” (chaffbots etc.) — have all had layoffs this year; it’s clear that the company is having a serious existential crisis in spite of Trump’s and Biden’s bailouts (a wave of layoffs every month this year) and is just bluffing/stuffing the media with chaffbots cruft (puff pieces/misinformation) to keep shareholders distracted, asking them for patience and faking demand for the chaffbots (whilst laying off Bing staff, too)

  29. Links 28/03/2023: Pitivi 2023.03 is Out, Yet More Microsoft Layoffs (Now in Israel)

    Links for the day

  30. IRC Proceedings: Monday, March 27, 2023

    IRC logs for Monday, March 27, 2023

RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

Recent Posts