
Microsoft Patches ‘Wormable’ Flaw in Windows XP, 7 and Windows 2003 - akeck
https://krebsonsecurity.com/2019/05/microsoft-patches-wormable-flaw-in-windows-xp-7-and-windows-2003/
======
cf141q5325
Its especially unfortunate since KB4474419, the sha2 update for Windows Seven,
defacto disabled updates for quite a few people with dualboot or encrypted
system partitions in mid March.

~~~
cpach
Disables updates? How?

~~~
cf141q5325
The update fails and gets automatically reverted. I dont think you can get the
monthly security updates without it, at least that was the case with the April
rollout. Since its not immediately clear why the update fails, you can even
now find quite a few people looking for help to diagnose the error online.

edit:

Here some context

[https://answers.microsoft.com/en-
us/windows/forum/all/kb4474...](https://answers.microsoft.com/en-
us/windows/forum/all/kb4474419-will-not-
install/658900bc-3103-4a0e-a9ed-08c5c2d31e76#?page=7)

its an easy fix for for dualboot if you can just replace grub with mbr again,
but people with disc encryption are rather screwed it seems.

------
rincebrain
Not even a wormable flaw could convince them to patch Vista, apparently
(assuming it's not somehow magically invulnerable when the versions before and
after it weren't).

~~~
dfabulich
"Users of Windows Vista can download the updates (Monthly Rollup or Security
Online) of Windows Server 2008 from the Update Catalog and install them
manually." [https://borncity.com/win/2019/05/15/critical-update-for-
wind...](https://borncity.com/win/2019/05/15/critical-update-for-windows-xp-
up-to-windows-7-may-2019/)

But this is definitely confusing. MS explicitly offers patches for Win 7,
Server 2008, Server 2003, and XP, but there's no "Vista" link visible.

[https://portal.msrc.microsoft.com/en-US/security-
guidance/ad...](https://portal.msrc.microsoft.com/en-US/security-
guidance/advisory/CVE-2019-0708) [https://support.microsoft.com/en-
us/help/4500705/customer-gu...](https://support.microsoft.com/en-
us/help/4500705/customer-guidance-for-cve-2019-0708)

~~~
dmix
It makes sense not to mention Vista in a headline consider the very low usage
rates.

If anyone should not expect security update news via popular news outlets its
Window's Vista users. There are plenty of niche channels for niche product
releases.

~~~
bArray
On a side note, I think that Vista wasn't necessarily unpopular, it just had a
good upgrade path/incentive for users (unlike XP to Vista).

~~~
rincebrain
My perception for a long time has been that Vista, from a technical
perspective, was leaps and bounds above XP, but the end user experience was
sometimes lacking; 7 didn't provide drastic technical improvements so much as
offering a much-polished Vista.

~~~
tunap
Windows 7 should have been called Vista SP7. That is what I called 7's hasty
premier after Vista's lackluster debut.

------
MagicPropmaker
Wow! Good for Microsoft. You don’t see Apple releasing patches for 15+ year
old operating systems.

~~~
auiya
Apple makes all their OS releases free to their users, so there's much lower
numbers of 15+ year old Apple OS's existing in the wild to begin with. If
you'd said you don't see Apple releasing patches for 15+ year old _computers_
, I'd be more inclined to agree.

~~~
zeusk
Heh, because Apple prefers to arbitrarily leave out support for their older
systems on newer OS releases.

------
baroffoos
I don't understand why they would do this. If I was a microsoft manager I
would be glad something like this happened because it would force people off
of old OSs without having the bad rep of doing it through nag popups.

Now everyone on XP will feel safe because its still getting updates.

~~~
pjc50
At this stage, anyone still using XP is doing so because they have no other
choice: either it's intrinsically tied to low-end hardware, or to some piece
of critical software, and it's too expensive or time-consuming to replace.
Often this includes "embedded" PCs in scientific equipment and the like.

~~~
basch
or they dont know or care. "it runs my spreadsheet fine"

