Registry hack tricks Windows XP SP2 into installing security updates

Hack requires an edit of a single key in the Windows registry to fool Microsoft's security updates into thinking SP2 is really SP3

People still running the now-retired Windows XP Service Pack 2 (SP2) can trick the operating system into installing security updates, a researcher said Monday.

The hack requires an edit of a single key in the Windows registry, said Sean Sullivan, a security adviser with Helsinki, Finland-based antivirus vendor F-Secure, who spelled out the tweak in a blog post.

[ Get all the details you need on deploying and using Windows 7 in the InfoWorld editors' 21-page Windows 7 Deep Dive PDF special report. | Stay abreast of key Microsoft technologies in our Technology: Microsoft newsletter. ]

"It turns out that an SP2 system will think it's [Service Pack 3] if you edit this key: 'HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Windows,' and edit the DWORD value 'CSDVersion' from 200 to 300, [then] reboot," said Sullivan.

According to Microsoft, CSDVersion specifies the name of the most recent service pack installed on the PC.

In other words, Sullivan's hack disguises XP SP2 as SP3 when Microsoft's security updates determine whether the PC is eligible for a patch.

With the hack, Sullivan was able to force a Windows XP SP2 system to install the emergency patch Microsoft issued last week for a critical vulnerability in Windows' parsing of shortcut files.

That "out-of-band" update was officially denied to Windows XP SP2 PCs because the service pack was retired from support on July 13. By Microsoft policy, retired products no longer receive security patches.

After hacking the registry, Sullivan installed the shortcut patch -- which he had downloaded directly from Microsoft's site rather than via the Windows Update patching service -- and tested an exploit that has been used by attackers for several weeks to infect PCs.

"It did not infect the system after the patch," said Sullivan. "Cool."

The patch for the shortcut bug can be found on Microsoft's Download Center site.

Sullivan cautioned users that the registry hack is risky.

"Remember, this update is not officially tested or supported by Microsoft for SP2," Sullivan said. "Hacking the registry and applying updates is likely a very quick way to destabilize your system. You really should update to Service Pack 3 if at all possible."

Most users, in fact, steer clear of the registry, since as Sullivan pointed out, an editing error can cripple the computer. "Do so at your own risk," he added.

Sullivan admitted he had not come up with the registry tweak, but said he had remembered a similar hack touted by players of "Grand Theft Auto IV" a year and a half ago. A thread on the GTAForums.com site from December 2008 showed how the same hack could be used to fool the game into launching on a Windows XP SP2 system.

Microsoft has been pushing customers all year to upgrade from XP SP2 to SP3 -- or to move to the new Windows 7 instead -- and offers detailed instructions on how to get and install XP's third service pack on its site.

Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer or subscribe to Gregg's RSS feed. His email address is gkeizer@ix.netcom.com.

Read more about Windows in Computerworld's Windows Topic Center.

This story, "Registry hack tricks Windows XP SP2 into installing security updates" was originally published by Computerworld.

From CIO: 8 Free Online Courses to Grow Your Tech Skills
Join the discussion
Be the first to comment on this article. Our Commenting Policies