LNK patch and Windows XP SP2
F-Secure reports that a little tinkering with the registry allows Windows XP SP2 users to install the official patch to plug the critical LNK vulnerability. Microsoft stopped supported Service Pack 2 on 13th June and is only offering the LNK patch for Windows XP SP3 and above. However, changing the HKLM\System\CurrentControlSet\Control\Windows\CSDVersion registry entry from 200 to 300 and then restarting will apparently confuse the installer's version query such that the patch will install on older versions of the operating system.
According to initial tests by F-Secure, following this procedure reliably blocks LNK exploits from subverting SP2 systems. However, the anti-virus specialist advises against using this method on live systems as it could affect system stability. The 1,000+ fixes in SP3 pave the way for future patches and include updated versions of system components such as Core XML Services and the Background Intelligent Transfer Service (BITS). Microsoft has also buffed up the Windows Installer and Management Console (MMC) in SP3.
In view of the potential for dependencies on components updated in SP3, it's not advisable to go overboard in installing patches intended for Service Pack 3 on SP2 systems. Users who want to play it safe and continue to receive updates in future are simply advised to install Service Pack 3. Support for SP3 will continue through to 8th April, 2014.
- Emergency patch closes LNK hole in Windows, a report from The H.
- Support for Windows 2000 and Windows XP Service Pack 2 expires today, a report from The H.