Can you still get patches for Windows XP?

June 03, 2014 | Heroix Staff

Were you using XP in Feb. 2010?  If you were, you might remember a patch issued by Microsoft that caused a blue screen on many computers.   That incident should serve as a reminder that even patches that are explicitly intended for the exact OS version you’re running can still end up rendering your system inoperable.  It’s also something to keep in mind before installing patches that “should be” ok on your version of XP.

Home and Pro XP patches do exist - Microsoft is still creating them - but only for large organizations that have paid for extended support.  Outside of extreme circumstances like last month’s IE advisory from US-CERT, Home and XP Pro patches are out of reach for most XP holdouts.

However, Microsoft is continuing to publicly distribute patches for embedded versions of XP up to 2019, and Windows 2003 up to July 14, 2015.  Embedded XP is under the covers of gaming consoles, cash registers, ATMS, etc., and shares the same basic underlying code as the 32 bit Home and Pro XP editions.  64 bit XP shares basic code with Windows 2003.  It was probably inevitable that someone would figure out a way to try to substitute patches that are almost the right version and available, for patches that are the right version, but are not available.

Enter  a German message board  detailing registry edits and patch hacks to make embedded XP and 2003 patches available to Home and Pro XP users.  The hacks work by making Microsoft Update think that the patch is being installed on a supported system. The 32 bit XP hack is done by altering a registry value to make Microsoft think that embedded POSReady2009 is installed.  The 64 bit hack is more complex and involves downloading Windows 2003 patches manually and modifying them to work around the OS version check.

The author of the original post includes the following disclaimer:

  • ATTENTION: Use it you [sic] own risk! These updates are not tested on a regular XP system and could damage your system

ZDNet reported on the hack a few days after it was posted, and included a statement they received from Microsoft:

  • We recently became aware of a hack that purportedly aims to provide security updates to Windows XP customers. The security updates that could be installed are intended for Windows Embedded and Windows Server 2003 customers and do not fully protect Windows XP customers. Windows XP customers also run a significant risk of functionality issues with their machines if they install these updates, as they are not tested against Windows XP. The best way for Windows XP customers to protect their systems is to upgrade to a more modern operating system, like Windows 7 or Windows 8.1.

This isn’t just a case of a pro forma “don’t do this, spend money on the new version” warning from Microsoft.  Microsoft doesn’t know what would happen if you apply the wrong version of a patch to your XP system, and they aren’t going to test that scenario because it’s not something they support.  It is possible that the patches might work perfectly fine using this hack.  Or you could hit a BSOD and end up needing to reinstall the OS.  They don’t know, and they aren’t going to help you rescue your box if the patches fail.

Ultimately, almost the right version of a patch can be worse than no patch at all.  XP can run without patches, but you will need to be more security conscious, keep everything backed up, and be ready to completely rebuild the system.  Or, better yet, try rebuilding the computer as Linux.