Microsoft discontinued support for Windows XP Service Pack 2 on July 13th, and that means there is no SP2 update for the recent LNK shortcut vulnerability (KB2286198). If you review the comments from this SANS Diary post, you’ll see that there was some initial confusion regarding SP2 support, due to a typo in Microsoft’s Security Bulletin (MS10-046). The bulletin is now corrected.
However, even today, the download for Windows XP still includes SP2 in the file properties.
But if you try to install the update on an SP2 system, you’ll get this error message:
“Setup has detected that the version of the Service Pack installed on your system is lower than what is necessary to apply this hotfix. At minimum, you must have Service Pack 2 installed.”
This minimum requirement reminded us of some other software that required SP3… Grand Theft Auto IV.
GTA IV wouldn’t install on SP2 systems when it was released in December of 2008.
And so some determined gamers came up with a registry hack.
It turns out that an SP2 system will think its SP3 if you edit this key: HKLM\System\CurrentControlSet\Control\Windows, and edit the DWORD value CSDVersion from 200 to 300 (and reboot).
It worked for GTA IV, so we decided to test it with KB2286198. And our test worked, WindowsXP-KB2286198-x86-ENU.exe installed on our SP2 test system once we tweaked the registry. We also tested an LNK exploit, and it did not infect the system after the patch.
But remember, this update is NOT officially tested or supported by Microsoft for SP2. And we do NOT recommend that anybody use this tweak in a production network of any kind. Hacking the registry and applying updates is likely a very quick way to destabilize your system. You really should update to Service Pack 3 if at all possible.
If you want to experiment, do so at your own risk.
Updated to add: A reader shared this link to Security Active Blog.
The Security Update for Windows XP Embedded also installs on Windows Service Pack 2 systems and no registry tweak is needed. The file is called WindowsXP-KB2286198-x86-custom-ENU.exe.