'Million Dollar Flaw' the First Test of XP Phaseout, say Critics

Dennis Faas's picture

Microsoft has faced the first major test of its policy to phase out support for some versions of Windows XP. A major security patch last week was only available to users who had upgraded to the third and final Service Pack (SP3).

As previously reported, Microsoft issued an out-of-cycle update (known more casually as an emergency pack) to patch a Windows shortcut flaw.

The issue was particularly serious because it meant machines could be hacked if a user opened a folder containing the infected shortcut file, even if they didn't click on the shortcut itself.

The shortcut flaw was such a clear opportunity to hackers, that many critics have dubbed it a "million dollar flaw" (Source: usatoday.com)

Some XP Users Unsupported

Although Microsoft issued a patch for all supported editions of Windows, not all Windows users will have received the patch. That's because Microsoft stuck to its guns over the recent removal of Windows 2000 and all versions of Windows XP (except those with Service Pack 3 applied), from its list of supported products.

That support doesn't just cover help and advice, but also includes monthly scheduled security updates and emergency patches.

Businesses At Particular Risk

Indeed, one recent survey even found that one in six business users were running XP with only SP2 applied. All of these will have missed out on the update this week and may remain at risk. (Source: pcworld.com)

There was some speculation that Microsoft might play it safe and make a special exception. This later turned out to be a mistake. (Source: computerworld.com)

Those users still using unsupported XP Service Pack 2 have several options. The simplest and best is to upgrade to SP3 immediately and then manually install the fix. An alternative is to either use a Microsoft workaround (which disables some shortcuts) or download a free tool from Sophos, an independent security firm.

Rate this article: 
No votes yet