Slashdot Mirror
XP Systems Getting Emergency IE Zero Day Patch
msm1267 (2804139) writes "Microsoft announced it will release an out-of-band security update today to patch a zero-day vulnerability in Internet Explorer, and that the patch will also be made available for Windows XP machines through Automatic Update. At the same time, researchers said they are now seeing attacks specifically targeting XP users.
Microsoft no longer supports XP as of April 8, and that includes the development and availability of security updates. But the about-face today speaks to the seriousness of the vulnerability, which is being exploited in limited targeted attacks, Microsoft said. Researchers at FireEye, meanwhile, said multiple attackers are now using the exploit against XP machines, prompting the inclusion of XP systems in the patch."
Microsoft no longer supports XP as of April 8, and that includes the development and availability of security updates. But the about-face today speaks to the seriousness of the vulnerability, which is being exploited in limited targeted attacks, Microsoft said. Researchers at FireEye, meanwhile, said multiple attackers are now using the exploit against XP machines, prompting the inclusion of XP systems in the patch."
the problem is when they get hacked, they aren't going to get rid of their machines or go offline.
they will just become one more in the zombie army, and the REST of us end up suffering.
Microsoft is doing the right thing here.
I know right, like recalling cars out of warranty.
Yes, how dare they provide support for a large percentage of their userbase, rather than try to force their users to pay them more money for the latest version! Those bastards!
Seriously, I get that XP is old and there are real disadvantages to its continued use, but it's amazing to me that we've actually reached the point where MS is getting flack for not adhering strongly enough to planned obsolescence. Like, we want them to be greedier now and stop providing free updates? I'd like to believe that they'll continue supporting Win7 for quite some time. I don't particularly like the idea of forced paid upgrades, or the "subscription Windows" that everyone seems to think is coming.
I'd love it if people would start moving off of XP and onto modern OS'es, but that's not going to happen right away regardless of what MS does, and I'm not going to knock them for supporting their product long-term.
Car analogy: I told the used car dealer to stop selling that garbage and just send all his vehicles to the dump. I mean they were all from like 2007 or before! I mean seriously, who uses a car that old (except for all the retro ones that were sold up until 2012 - and those suck too. They aren't hip at all)? They don't have the latest rear view cameras and other safety equipment or anything. It is no secret if you buy the after market warranty you can get your crappy old car fixed, but if you don't it isn't my problem you can't get parts when you need them because you are a dumb poopy pants. I throw everything away because there is a newer model that surely must be better because new and shiny!
Get a web developer
They should support it as long as they hold copyright on it. When the support ends, it should be put in the public domain.
“He’s not deformed, he’s just drunk!”
Apple isn't even releasing updates for Snow Leopard from 5 years ago. Which 20% of their user base is on...
Reality distortion field on.
They're not receiving any new revenue for it, so why should they continue to support it?
Because they're acting as a responsible corporate entity, maybe? It must be shocking to Apple users to see something like this, but Microsoft has actually been a relatively responsible, responsive company for a long time, now.
I don't respond to AC's.
There are a lot of people out there who may not be able to afford better hardware, or a copy of Windows 7. Given a choice between a roof over the head versus an upgrade of Windows, I'm sure not many would choose homelessness.
Then there is the fact that a lot of XP systems cannot be upgraded, and are part of an embedded system. A friend of mine has a $9000.00 sewing machine that runs XP, and if one tries to stick W7 on it, it won't have the drivers to move the embroidery head.
Then there is software that requires XP to function. Another friend of mine has a CNC mill for 2D wood carving that he copies data to a full size PCMCIA card. The reader/writer on the computer will not work with Vista or newer, and it won't work in a VM, so it is XP or nothing.
People don't -want- to run XP... but a lot have to. Just like the guy who drives the 10 year old Honda Civic. It isn't because he is in love with the car, but that he can't afford a new car, or he has other priorities.
So whenever a company discontinues a product, they relinquish all rights they had to that product? I don't think that's how copyright or patent law works.
"Our two-party system is like a bowl of shit looking at itself in a mirror." - Lewis Black
XP is used in many commercial products which cannot easily be replaced by the end user. For example: http://rightfast.com/index.php...
I'm going to go out on a limb here and say that there's nothing wrong with XP in an embedded environment (such as in a bank's ATM). Exploits in most operating systems are almost always related to application-level attack surfaces, such as IE and Flash (as was this particular vulnerability). In a point of sale unit, there is no one surfing the web with the browser. As long as the front-facing application and hardware are properly locked down, there should be no problems. Note that Target's POS data breach was NOT done through the machines themselves, but through the backend network itself. Granted, lack of address space randomization makes it an easier target, but note carefully that the exploit discussed in the article was available on ALL platforms and IE versions, not just XP/IE6.
Where a company or user will get into trouble is if they're using Windows XP + IE6 in a user-controlled, internet-facing computer. And let's be clear here, it's been IE6 and not really XP that was the problem since the latest patches and the firewall was turned on by default. If they rely on IE6, then there's a good bet that they also rely on Flash or a Java plugin as well, and that's just tripling your attack surface, especially if they're not kept up to date as well for reasons of compatibility or laziness.
There's sort of a media feeding frenzy about Windows XP and it's end-of-life. Yes, people should move on to a supported OS as soon as it's practical, but XP users can greatly reduce their risk simply by using up-to-date applications. Use Chrome or Firefox when browsing, and if possible remove Flash and Java (I actually removed Flash about half a year ago for security reasons, and found that, for the most part, I don't really need it anymore). Note that this exploit was performed with the help of Flash as well - nothing to do with XP.
Irony: Agile development has too much intertia to be abandoned now.
So you're saying that Dodge should be obligated to release all intellectual property associated with, say, the Magnum. Even though that same technology is used in their other vehicles. Or Sony should release everything associated with the Playstation 3 and before. I don't think you've thought this through. If a product is ultimately superceded by a different product, and thus discontinued, the manufacturer should not be obligated to release anything.
"Our two-party system is like a bowl of shit looking at itself in a mirror." - Lewis Black
Yes, if I own a Magnum, and Dodge refuses to support it, then I should be able to go to somebody who can and will. So, yes, Dodge should lose its exclusive privileges granted by copyright law, absolutely.
“He’s not deformed, he’s just drunk!”