Hackers now crave patches, and Microsoft’s giving them just what they want
At least one of next Tuesday’s updates looks like an excellent candidate to hackers as they sniff for bugs in the now-retired Windows XP
Computerworld – Hackers will have at least one, perhaps as many as four, patches next week to investigate as they search for unfixed flaws in Windows XP, the 13-year-old operating system that Microsoft retired from support April 8.
“Come Tuesday, Microsoft will be patching some vulnerabilities in Windows, and it is realistic to assume that at least one of these will also affect Windows XP,” said Kasper Lindgaard, director of research and security at Secunia, in an email Friday. “Generally speaking, newly discovered vulnerabilities in XP will be unpatchable for private users, and therefore we will see a rise in attacks.”
On May 13, Microsoft’s regularly-scheduled monthly Patch Tuesday, the Redmond, Wash. company will issue eight security updates for its software. But because it has stopped providing updates to owners of Windows XP PCs, those customers will not see any of the eight.
Hackers looking for vulnerabilities in Windows XP will be using the patches to find vulnerabilities in XP, Microsoft and security experts have said. By conducting before- and after-patch code comparisons, attackers may be able to figure out where a vulnerability lies in Windows 7 — which will be patched — then sniff around the same part of XP’s code until they discover the bug there. From that point, it will be relatively straight forward for them to craft an exploit and use it against unprotected XP PCs.
“Patches to the other Windows operating systems will be reverse engineered by hackers, seeking to discover which vulnerabilities were fixed by Microsoft, and if applicable, modified to work against Windows XP,” Lindgaard said.
He’s not the only one who believes hackers will leverage updates to find unpatched bugs in XP. So does Microsoft.
“After April [2014], when we release monthly security updates for supported versions of Windows, attackers will try and reverse engineer them to identify any vulnerabilities that also exist in Windows XP,” said Dustin Childs, director of Microsoft’s Trustworthy Computing group, last October. “If they succeed, attackers will have the capability to develop exploit code to take advantage of them.”
Having just arranged a 12 month new life for my XP, should I be concerned by the above item?
I, too, have just been helped to extend my XP life for another 12 months and am wondering like Keith, whether the miraculous changes TC made for over an hour on my messed up computer will stand the test of imminent ‘patch threats’ for a while anyway. While I’m on the subject, I must praise and highly recommend TC’s unbelievable expertise and supersonic speed with which she re-made my old, tired computer just come to life with new speed and zesty enhancements I haven’t seen for many moons. What a gal!!!! And what a super team effort you both provide to seasoned computer nerds as well as to computer neophytes like myself!! (I’m 82 years young – whoopee!!) The renewal results were well worth the very few dollars spent on the myriad of entertaining gymnastics and solid results I have been enjoying all day!!! Thank you!! Thank you!! thank you – again and again! You are appreciated — YES!!! Ron Ron
That’s why we do what we do. After we’ve finished securing your computer, if you use reasonable care, and normal caution, you don’t have to worry so much about exploits. No computer user should throw caution to the wind because they have good security software installed – you still have to use care and caution as do all computer users whether hanging in there with XP or using the newest incarnation of Windows 8.x: Watch what you click, don’t open attachments directly from email unless you’re 100% positive you know what it is and who sent it, use your head when browsing the web and don’t be tricked into falling for one of those “your computer is infected” warnings, and when you install software make sure you know what you’re installing — i.e. watch for bundling. These basic safety rules apply to Windows 8.x users just as much as they do to XP users.
help, help need your expertise, FIX whatever it takes, (XP), got the latest updated this month for what it worth some cant download… Rrimage is still connected in part? I bought and lost it in a PC crash…I tried to get microsoft antivirus and among other thingies, CONDUIT slipped in . Now CONDUIT is in control even in my Macbook Pro.Please, need all repaired. Sell me hwever many tickets it will take. Please get in touch at ur convenience. Still use Outlook express… Also have MSN mail ,outlook….Dont want you to stop till i’m up and running smoothly… thanks JB
We don’t do Mac Repair but we are not aware of any Windows software running on Mac unless you’re running BootCamp. You can purchase Cloudeight Direct Keys at http://thundercloud.net/direct/ Thank you.