Windows XP registry hack keeps security updates rolling for the dead operating system

#1
Windows XP registry hack keeps security updates rolling for the dead operating system

"Microsoft stopped supporting Windows XP in April, but a simple registry hack lets users continue to get security updates. The hack, as reported by ZDNet, fools Microsoft into thinking the system is running Windows Embedded POSReady 2009, a variant of XP that's used by ATMs and cash registers. Those systems will keep getting security updates until 2019."

Windows XP registry hack keeps security updates rolling for the dead operating system | PCWorld

Registry hack enables continued updates for Windows XP | ZDNet
 

Ex_Brit

If you're going through hell, keep going.
Staff member
#2
I heard rumours that this was possible, interesting.
Not wise however, as XP nowadays is inherently unsecure anyway.

I suppose the question is, will that be possible with Vista and later systems when the time comes, I would assume so.


.
 
Last edited:
#3
The latest stats (July 2014) that I can find Usage share of operating systems - Wikipedia, the free encyclopedia show that Windows XP was running on 24.8% of desktop and laptop computers. From my experience many of those running XP have very valid reasons for doing so and will never upgrade their computer from XP. This hack provides some security improvements which is better than having no security updates.

The hack only works because Windows Embedded POSReady 2009 is based on XP. I know of no similar Vista based products.
 

Ex_Brit

If you're going through hell, keep going.
Staff member
#4
That article also points out that making Updates think it's a different OS could result in system problems because updates will install that may not be compatible with XP. I would anyone that desperate to stick with an old machine/old OS needs to think again.
 

Ex_Brit

If you're going through hell, keep going.
Staff member
#6
Good summation... ! :wink:
 
#7
1) If anyone is interested -- After hack the following updates were applied by Windows Update. This is what some companies are paying $200 per PC per year for! Windows XP support will be available after April 8—just not for you | PCWorld :

Security Update for WEPOS and POSReady 2009 (KB2993651)
MS14-045: Description of the security update for kernel-mode drivers: August 27, 2014
https://technet.microsoft.com/en-us/library/security/ms14-045.aspx

Update for WEPOS and POSReady 2009 (KB2981580)
August 2014 cumulative time zone update for Windows operating systems

Cumulative Security Update for Internet Explorer 8 for WEPOS and POSReady 2009 (KB2976627)
MS14-051: Cumulative security update for Internet Explorer: August 12, 2014
https://technet.microsoft.com/en-us/library/security/ms14-051.aspx

Windows Malicious Software Removal Tool - August 2014 (KB890830)
The Microsoft Windows Malicious Software Removal Tool helps remove specific, prevalent malicious software from computers that are running supported versions of Windows

Security Update for WEPOS and POSReady 2009 (KB2961072)
MS14-040: Description of the security update for an ancillary function driver: July 8, 2014
https://technet.microsoft.com/en-us/library/security/ms14-040.aspx

Security Update for WEPOS and POSReady 2009 (KB2957509)
MS14-036: Description of the security update for Windows 7, Windows Server 2008 R2, Windows Server 2008, Windows Vista, and Windows Server 2003: June 10, 2014
https://technet.microsoft.com/en-us/library/security/ms14-036.aspx

Security Update for WEPOS and POSReady 2009 (KB2957503)
MS14-036: Description of the security update for Windows 7, Windows Server 2008 R2, Windows Server 2008, Windows Vista, and Windows Server 2003: June 10, 2014
https://technet.microsoft.com/en-us/library/security/ms14-036.aspx

Security Update for WEPOS and POSReady 2009 (KB2939576)
MS14-033: Description of the security update for MSXML: June 10, 2014
https://technet.microsoft.com/en-us/library/security/ms14-033.aspx

Security Update for Microsoft .NET Framework 4 on Windows Server 2003, Vista, Windows 7, Server 2008 x86 (KB2931365)
MS14-026: Description of the security update for the .NET Framework 4 on Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7 and Windows Server 2008 R2: May 13, 2014
https://technet.microsoft.com/en-us/library/security/ms14-026.aspx

Security Update for Microsoft .NET Framework 2.0 SP2 on Windows Server 2003 (KB2932079)
MS14-026: Description of the security update for the .NET Framework 2.0 Service Pack 2 on Windows XP and Windows Server 2003: May 13, 2014
https://technet.microsoft.com/en-us/library/security/ms14-026.aspx

Security Update for WEPOS and POSReady 2009 (KB2926765)
MS14-027: Description of the security update for Windows: May 13, 2014
https://technet.microsoft.com/en-us/library/security/ms14-027.aspx

Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.183.935.0)
Description of Microsoft Security Essentials and of the definition file updates for beta version 2.0.0375.0

2014 Microsoft Security TechCenter Bulletin Index with links to details
Security Bulletins 2014

After updating 2 physical and 3 VM 32 Bit XP SP3 systems, no problems noticed. Microsoft Security Essentials scanned with updated definitions. Note: Systems also run Malwarebytes Anti-Malware

2) To answer Vista question -- Wikipedia shows Windows Embedded POSReady Versions below. None are bases on Vista:

Windows Embedded for Point of Service V1
This was a specially designed subversion of Windows XP Embedded designed for use in Point of Service situations. Mainstream support for version 1.1 SP3 ended in April 2011 and extended support will end in April 2016.

Windows Embedded POSReady 2009
Based on Windows XP Service Pack 3, this version offers more features over Windows Embedded for Point of Service V1 such as Full Localization and XPF Support if .Net Frameword 3.5 or higher installed. It is the first version of Windows Embedded that can use the Windows Update Agent to update an installed and deployed image. Mainstream support ended in April 2014 and extended support ends in April 2019.

Windows Embedded POSReady 7
Windows Embedded POSReady 7 is the first version of Windows Embedded Industry to be based on the Windows 7 Platform. It was released in July 2011.

Windows Embedded 8 Industry
Based on Windows 8, Windows Embedded 8 Industry was released in April 2013.

Windows Embedded 8.1 Industry
Based on Windows 8.1, Windows Embedded 8.1 Industry was released in October 2013.
 
Last edited:

Ex_Brit

If you're going through hell, keep going.
Staff member
#8
Well the difference is, those companies paying the money are getting updates meant for XP only and you are getting updates meant for Windows Embedded, at your own risk. That article does point that out. Hopefully that risk is small. Interesting regarding Vista and up - thanks. When the time comes, then there may be similar workarounds.
 
Last edited:
#9
Links to KB descriptions and Microsoft Security TechCenter Bulletin details added to my previous post. The second link explains the vulnerabilities those up to 24% of desktops and laptops running XP without the registry hack are exposed to.
 
Last edited:
#10
Have been running the Windows XP registry hack for four monthly Windows updates. All updates have applied successfully. Have not seen any problems with the updates.
[h=2][/h]
 

mqudsi

Mostly Harmless
Staff member
#11
Yeah, it honestly should be fine. Legally, obviously I'm not a lawyer and so I'm not going to comment; but from a technical perspective, Windows embedded is a first-class citizen in the Microsoft world, but identical to Windows XP codebase-wise (speaking as someone that's spun more than my fair share of custom Windows XP Embedded images).