Patching the wrong product — a bad thing?

Patching the wrong product — a bad thing?

Summary: Microsoft warns that using Windows POSReady patches on a regular Windows XP system could cause problems. How seriously should you take this?


Microsoft's reaction to the news yesterday that a simple hack could effectively extend security updates for Windows XP for five years was careful, but the company's tone was clear:

"We recently became aware of a hack that purportedly aims to provide security updates to Windows XP customers. The security updates that could be installed are intended for Windows Embedded and Windows Server 2003 customers and do not fully protect Windows XP customers. Windows XP customers also run a significant risk of functionality issues with their machines if they install these updates, as they are not tested against Windows XP. The best way for Windows XP customers to protect their systems is to upgrade to a more modern operating system, like Windows 7 or Windows 8.1."

You really don't want to do this, they say. Even so, I have to think that the most credible part of the statement is the last sentence: Users of Windows XP really ought to upgrade to a better, more secure operating system. A hack like this is just an excuse for putting off what you really ought to be doing.

What about Microsoft's other claims, i.e. that the patches may not be appropriate for a Windows XP system or that you might not be properly protected by them? It seems as though Microsoft is overplaying its hand here. There's every reason to believe that the point-of-sale (POS) versions of Windows are just desktop Windows with some extra device support.

Have you ever seen a Windows-based point of sale system? I've seen a few, and to me they look like Windows PCs with some extra devices. In fact, if you were Microsoft designing a point of sale system, why would you do it any other way?

Making the POS edition as close as possible to the mainstream version allows ISVs, IHVs, and OEMs to adapt to the new version as quickly and easily as possible.

Developers can work on software on regular Windows desktop. System vendors need only make the most minor of repackaging — or no repackaging at all. That seems to be what Dell did with some of its Windows POSReady systems. The Optiplex XE (designed for POSReady 2009, now discontinued), marketed as a POS platform, sure looks like a desktop computer.

In fact, they call it (emphasis mine) an "OEM- and POS-ready desktop available in two sizes and featuring an adaptable, heat-tolerant design."


I'm not sure why a POS system needs to be hardened against tough environmental conditions more than a regular PC, but this one is. They have also added things like RS-232 serial ports, which haven't been in PCs for ages, probably because some older POS external devices use them. The newer Optiplex XE2 shares many of these characteristics, but there's no mention of POS on that page. I can only assume the XE POS line flopped. So now it's just a somewhat-ruggedized PC.

Microsoft also points out that the updates that show up after you hack the XP system "...are intended for Windows Embedded and Windows Server 2003 customers and do not fully protect Windows XP customers."

Well, not exactly.

In fact, if you look up the KB numbers for them, KB2932079 and KB2931365, you'll see the full names of the updates are:

  • MS14-026: Description of the security update for the .NET Framework 2.0 Service Pack 2 on Windows XP and Windows Server 2003: May 13, 2014

  • MS14-026: Description of the security update for the .NET Framework 4 on Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7 and Windows Server 2008 R2: May 13, 2014

Oops. I guess they really are designed for Windows XP. The references to Windows XP have been removed from the descriptions displayed by Windows Update on a hacked Windows XP system, but not from the KB articles. 

It's remarkable, at least in retrospect, that in March 2009, Microsoft released a new product — a new edition of Windows — based on Windows XP. Windows Embedded POSReady 2009 was released over 2 years after Windows Vista, shortly before the release of Service Pack 2 for Windows Vista and only about six months before the release of Windows 7.

And at a time like that they choose to give 10 more years to the Windows XP platform? In hindsight, it's hard to see what could justify this, but I think the problem should have been obvious in foresight as well.

So what's Microsoft to do?

My money's on some sort of update going out to counter the hack and stop updates on Windows XP again. It could get tricky, especially if the change requires an update to the Windows Update controls in Windows XP, but if I were Microsoft, I would do it, and I'd say it was for the users' own good. Whether it really is for their own good is complicated.

Topics: Security, Microsoft, Windows

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • If people wish to do this I have no objection as long as...

    ...they don't blame Microsoft should one of these patches break their Windows XP system.
    • "I have no objection"

      Good to know. I was worried if you would or not...................
      • I wasn't worried

        not really looking for anyone's approval, personally.
    • warning issued

      Kill switch coming. XP masquerading as POS system = Toast.
      • Easier said than done

        as POSReady is basically just XP.
        • I am not sure that is true. POS may be XP embedded

          If the latter it is has some significant differences especially in the way you can configure it.
      • Kill switch

        Just kill XP and end this nonsense.
      • Re: XP masquerading as POS system = Toast

        Imagine the reaction of those businesses when their POS terminals get toasted by Microsoft.
    • Thanks ye!

      Good to have your permission and know you don't object us doing that.
  • Why not upgrade to 7?

    I know people hate Windows 8 - but why not upgrade to 7?

    And before you push the words "my hardware won't run it" around, I'd like to see the specs of the machine you think won't run Windows 7, as well as evidence you've at least tried.

    Not to mention the reason why you still hold to such an ancient machine even today . . .
    • Re: Why not upgrade to 7?....

      What about all those XP era machines out there with 512MB RAM and second rate integrated Graphics ?
      • Buy more RAM

        Buying a license for Windows 7 and extra RAM is still cheaper than a new PC. 512 MB of RAM is barely sufficient for XP with all service packs, let alone any kind of productivity at all.
        • Re: Buy more RAM....

          Some of the early Pentium 4 Chips only support a maximum of 1GB RAM and you have still got those cruddy integrated Graphics on a board that doesn't support a dedicated Graphics card.
          There are literally tens of thousands of these machines out there where a simple upgrade is just not an option.
          • Windows 7 will run just fine on such a system.

            But if it really is a problem one can always buy used (remember, according to Mac fanbois PC resale prices are ridiculously low) with a copy of Windows 7 already licensed. Basically for the cost of a Windows 7 license and additional RAM one could buy a used PC with Windows 7 already installed.
          • no it doesnt

            You can run windows xp with 64MB of ram and a pentium 233, but it would not run smoothly at all. Running windows 7 at 1gig of ram is like running windows xp with 64MB of ram : stupid stupid idea.
          • Have to disagree.

            I've run Windows 7 on 1GB of memory. It ran fine. But why bother. PCs with Windows 7 pre-installed will cost you $20 more than the license for just Windows 7.
          • LOL

            Everyone please throw out your 2009 Corolla's and buy a 2014 because it has better crash ratings. It won't get you to work faster but you'll make a lot of other people more happy.
          • They didn't have PCI or AGP slots?

            My in-law's PC has a very old motherboard from 1996 (designed for AMD Thunderbird processors), & it had an AGP slot as well as PCI (not PCIe) slots. You know, from back in the day when video cards only came in PCI or AGP varieties.

            Oh, & that motherboard from 1996? While it only topped out at 2 GB of DDR RAM, that's more than enough for 32-bit Windows 7 (minimum of 1 GB required).

            So don't tell me that someone's XP-designed system doesn't support a discrete GPU or the minimum RAM for Windows 7. Just because you can't install a more modern, PCIe 3.0-compatible GPU or DDR3-3200 speed RAM, doesn't mean you can't install Windows 7. It may not be a fast Windows 7 machine, & you may not be able to use the fancy Aero portions, but you can get it to run.

            The only machines currently running Windows XP that probably have zero chance of being upgraded to meet Windows 7's minimum requirements...are the machines that *weren't* designed originally for Windows XP. You know...the machines that started off as Windows *95/98* machines, that had to be upgraded before they had Windows XP installed. But since Windows XP itself is over 13 years old, I think it's high time to retire any hardware that was already dated before XP came along...
        • I have to disagree.

          Windows XP runs quite well in 512MB of RAM. Even when running basic office applications. Remember there was a time when 512MB was considered a huge amount of memory.
          • Remember a time .....

            when 640K was enough, even according to Bill Gates.

            And your point is....?