Registry Tweak Enables Updates for XP SP2

Microsoft recently retired Windows XP SP2 on July 13, removing the tired-but-classic OS from its update roster. This meant that consumers still running XP SP2 wouldn't receive the emergency update for the LNK shortcut vulnerability (KB2286198). However Finland-based antivirus vendor F-Secure detailed a way for consumers to trick XP SP2 into (virtually) thinking its SP3, thus allowing Microsoft-sanctioned updates to resume.

The "trick" actually stems from a previous problem with Grand Theft Auto IV. When it was released in December 2008, the game wouldn't run on XP SP2. However gamers tricked the OS by editing this registry key: KLM\System\CurrentControlSet\Control\Windows. Gamers simply edited the DWORD value CSDVersion from 200 to 300. The trick became effective after a reboot.

F-Secure decided to see if the GTA IV trick would also work with KB2286198. It did. "WindowsXP-KB2286198-x86-ENU.exe installed on our SP2 test system once we tweaked the registry," the company said in a blog. "We also tested an LNK exploit, and it did not infect the system after the patch."

The firm also indicated that the forced update was not officially tested or supported by Microsoft for XP SP2. "We do NOT recommend that anybody use this tweak in a production network of any kind," F-Secure said. "Hacking the registry and applying updates is likely a very quick way to destabilize your system. You really should update to Service Pack 3 if at all possible."

As F-Secure warns, experiment at your own risk.

Create a new thread in the UK News comments forum about this subject
This thread is closed for comments
Comment from the forums
    Your comment
  • Vampyrbyte
    Why are people not upgrading to SP3? What is the point! It added not only security enhancements but also performance enhancements!
  • ik242
    because there are people who need it, there was tons of software that doesn't work properly with SP3 (probably still is, didn't check recently). Some of the incompatible software in my case is various programming software for example (AB, Mitsubishi, Siemens etc.). Each of them is expensive because of relatively small user base so development cost is transferred to users. Small user base also means that bug reports are rare and bugfixes are slow. It often takes years before OS compatibility is met. And since cost is one of the so big factors, many choose not to upgrade for 2-3 years even when upgrades are available.
    Upgrades are not free, they may cost as much as 70% of the new release. Support is usually offered on annual basis (usually also costs few $1000s). I currently have over $50k worth of software on my machine (not counting OS, Office, etc.).
  • ik242
    by "need it" i meant SP2