Windows 8 is here, and of course Microsoft wants you and everyone you know to upgrade to its newest operating system. Heck, Microsoft's even taken some of the sting out of upgrading by putting in place several promotions, such as offering Media Center as a free download to Windows 8 Pro users until January 31, 2013. But hey, if you're of the opinion that Microsoft will have to pry the Start menu from your cold, dead installation of Windows 7, then more power to you. Just be aware that you aren't likely to see a second Service Pack, so for all intents and purposes, what you currently see with Windows 7 is what you get.
So here it is, folks, the first of what is likely to be many bugs affecting unpatched versions of Windows XP Service Pack 2 (SP2), which of course will remain unpatched since Microsoft cut off support for XP SP2 and earlier.
According to a security advisory (2286198), "the vulnerability exists because Windows incorrectly parses shortcuts in such a way that malicious code may be executed when the user clicks the displayed icon of a specially crafted shortcut. This vulnerability is most likely to be exploited through removable drives," Microsoft says.
While disabling AutoPlay lessens the risk, users with an infected USB thumb drive can still fall prey the attack if they were to manually browse to the root folder. And because it can run when AutoPlay and AutoRun are disabled, Sophos senior security advisor, Chester Wisniewski, warns that the bug is particularly "nasty," pointing out in a blog post that "it bypasses all Windows 7 security mechanisms, including UAC, and doesn't require administrative privilege to run."
We've touched on the impending demise of XP Service Pack 2 (SP2) on a couple of occasions in the past week or so, and if you were still caught off guard today by Microsoft ending support, then extend your leg and swing it back as far and as fast as possible, with the goal being to kick yourself in your own ass for failing to pay attention.
Whether you were ready for it or not, what happens now? For starters, Microsoft will stop sending out updates and security patches for the now-defunct version of Windows, leaving XP SP2 users vulnerable in a number of areas, including IE, WMP, and Outlook Express.
You do have some options, however, the most obvious one being to upgrade to SP3. If for whatever reason that's not an option and you're simply stuck on XP SP2, you can make the best of a bad situation by first and foremost getting rid of IE. It doesn't matter what version of Microsoft's popular browser you're running, you won't be receiving updates. Instead, consider (strongly) switching to any of the alternatives, such as Firefox, Chrome, Safari, or Opera, all of which will continue kicking out updates.
Other steps you can take: update other programs, install AV software (if you haven't already), keep your firewall running, and cross your fingers.
After July 13, Windows XP users still using Service Pack 2 or earlier "will no longer receive software updates from Windows Update. These include security updates that can help protect your PC from harmful viruses, spyware, and other malicious software." Surely everyone has upgraded by now, right?
In a word, 'no.' According to recent PC Advisor poll, 15.1 percent of XP users are still clinging to SP2 or earlier. That's probably higher than most would expect, but on the plus side, that only breaks down to less than 6 percent of the total sample of XP users who particpated in the poll.
Still, these users are running out of time to upgrade, either to SP3 (free) or to a later version of Windows (not free). If you're one of those users, you're down to less than a week to decide before you're on your own.
Nevermind that the third Service Pack for Windows XP came out two years ago, or that XP itself is about two generations old. According to security risk and compliance management provider Qualys, out of the hundreds of thousands of PCs the company monitors, half of them are still running Windows XP SP2.
"The normal thing for IT is not to muck around with something that works," said Wolfgang Kandek, chief technology officer for Qualys. "I would expect that come August, SP2 will be getting hard and harder to defend. I expect to see reliable exploits of unpatched vulnerabilities three or four months later."
Kandek's outlook takes into consideration that Microsoft plans to retire Windows XP SP2 on July 13, at which point users will need to upgrade to SP3 in order to continue receiving security updates.
Looking further ahead, Microsoft will retire Windows XP SP3 in April 2014.
We're not sure why anyone would choose to kick it with Vista, but if you absolutely refuse to step up to Windows 7, you're going to want to make sure you've installed one of the available Service Packs. As of yesterday, Microsoft cut off support for unpatched copies of Vista, putting the original OS out to pasture.
"Under the former service pack support policy, when a service pack reached the end of support, customers were no longer eligible to receive troubleshooting help from Microsoft Customer Service and Support, including assisted telephone support, security updates, or non-security hotfixes," Microsoft said in a blog post.
In the same blog post, Microsoft also announced that it has updated its Service Pack Support policy to provide customers with limited troubleshooting on unsupported service pack versions. This "limited troubleshooting" includes:
Break/fix support incidents will be provided through Microsoft Customer Service and Support; and through Microsoft’s managed support offerings (such as Premier Support).
There will be no option to engage Microsoft’s product development resources, and technical workarounds may be limited or not available.
If the support incident requires escalation to development for further guidance, requires a hotfix, or requires a security update, customers will be asked to upgrade to a supported service pack.
On a side note, Microsoft isn't pulling the plug for support on Windows XP SP2 or all versions of Windows 2000 until July.
Just last week Microsoft released SP2 for Windows Vista, and it would appear that many users of the update have noticed some massive changes in their free disk space.
Now, when I say ‘massive changes’ I’m not just talking about 500MB here or there, but there have been reported cases of people freeing 40GB and more. One user wrote on PC World’s forums, “Wow! I didn't notice that til now. I went from about 88GB free to 122GB free. That's a significant change 'under the hood,' isn't it?” The biggest recorded case was another user that managed to regain 130GB.
Vista SP2 includes a command-line cleanup tool (compcln.exe) that is used to remove older system files and restore points, therefore freeing up space. Many think that the SP2 installer automatically runs this, but there’s been no official confirmation from Microsoft.
Have you installed SP2, and if so, have you regained any of your hard drive space? If so, let us know!
At long last, Microsoft has confirmed that Service Pack 2 for Windows Vista and Windows Server 2008 is complete, by releasing it to select manufacturers. It even hit torrents, hours before it was officially announced on the Windows Vista Team Blog.
As for an official download, it’s not clear when Service Pack 2 will be available. They’ve stated that they will push the final version to customers through Automatic Update over the next few months, but those that aren’t ready can still use Microsoft’s service-pack blocking tool.
Along with this, Microsoft has started pushing Vista SP1 to users that had previously blocked it, in order to prime them for SP2.
For those wondering, Service Pack 2 will bring Windows Search 4.0, the Bluetooth 2.1 Feature Pack, the ability to record data on Blu-ray natively through Windows, Windows Connect Now (a simpler WiFi tool), the addition of support for UTC timestamps in the exFAT file system, as well as various security and performance updates.
If you're on the Microsoft Connect testing list for Windows Vista SP2 or Windows Server 2008 SP2, Redmond has just rung the "come and get it" bell - SP2 RC (the same package upgrades both Vista SP1 and Windows Server) was released to MS Connect testers yesterday, Ars Technicareports.
So, what's special about SP2 RC? Some highlights include:
Support for VIA's 64-bit CPU
Integration of the Windows Vista Feature Pack for Wireless, including support for Bluetooth 2.1
Support for writing to Blu-ray media
Integration of Windows Search 4.0
Better and more secure installation experience
Over 690 hotfixes
If you're not among the fortunate few testing Vista SP2 RC, what should you be doing until you can try it? For our suggestions, as well as an early comparison with Vista RC1 (not to mention your chance to sound off), join us after the jump.