Behind Windows XP Stop patches: The top ten security vulnerabilities

Microsoft has announced that it will stop supporting Windows XP operating systems from April 8, 2014, and that Windows XP will officially retire from the historical arena as the oldest operating system in Microsoft's history. At the same time, Microsoft Office 2003 will also stop service on April 8, 2014. Obviously, Microsoft's initiative, largely due to business considerations, the shutdown of the old operating system support services can shorten product line length, reduce product maintenance costs, on the other hand, can also be forced to upgrade the user to achieve for Windows 8, such as the promotion of new operating systems. According to statistics, the world still has about 500 million computers in the use of Windows XP operating system, 28% of the enterprise's Windows computer is still running Windows XP. Although Microsoft has sent a large number of notices to major companies, it suggests "from a stability and security perspective, Please upgrade the new operating system as soon as possible, however, many companies have not started to start the program to remove XP for cost reasons. So what are the security risks that users will face if they continue to use Windows XP after Microsoft stops supporting Windows XP on April 8, 2014? We'll do a brief analysis here.

From a security standpoint, the biggest risk to end users of Microsoft's support services for Windows XP operating systems is to stop updating the patch for operating system vulnerabilities. Operating system as a large computer basic software, in the development of inevitable there will be some ill-conceived, thus forming some system loopholes. These system loopholes to computer viruses, Trojans and so left an opportunity, most viruses and trojans working principle is to rely on system loopholes play a destructive role. As a result, developers need to continue to provide support services, release system patches and security vulnerabilities update packages to plug these vulnerabilities. A newly installed Windows XP system that requires up to hundreds of patches to meet basic security needs. At the same time, as users in depth, the new system vulnerabilities will continue to be exposed, need to release new patches to repair. But while the new patch corrects the legacy system vulnerabilities, it also introduces new vulnerabilities and errors, so that, over time, the old vulnerabilities will disappear, but the new vulnerabilities will appear immediately. So the vulnerability is also a long-standing problem of computer systems, if there is no patch and security vulnerabilities to update the package, the user's computer security is a major hidden danger.

Currently, Windows XP vulnerabilities with a larger security threat include the following 10 types:

1. UPnP service security vulnerabilities initiated by Windows XP defaults

The UPNP protocol has a security vulnerability that can allow an attacker to illegally acquire system-level access to any Windows XP, attack, and to initiate a distributed attack by controlling multiple XP machines.

2. Windows XP Upgrade Program Vulnerability

The Windows XP upgrade program will not only remove the IE patch file, but will also cause (1) Certain pages or HTML mail scripts to automatically invoke Windows programs. (2) The user's computer files can be peeped through IE vulnerabilities.

3. Windows XP Help and Support Center vulnerability

This vulnerability could allow an attacker to skip a particular page while uploading a file or folder, causing the operation to fail, and then the Web page could be posted on the Web site to attack users who visit the site or be propagated as messages.

4. Compressed folder Vulnerability

The Windows XP compressed folder runs code according to the attacker's choice.

5. Denial of service vulnerability

Windows XP supports Point-to-Point Protocol (PPTP), which causes vulnerabilities in the implementation of Windows XP because of an unchecked cache in the code snippets that govern the establishment, maintenance, and disassembly of PPTP connections.

6. Windows Media Player Vulnerability

The Windows Media Player vulnerability mainly generates two problems: the first is the information Disclosure vulnerability, which provides an attacker with a way to run code on a user's system, a severity defined by Microsoft. The second is the script execution vulnerability, when the user chooses to play a special media file, Then, after browsing a specially built web page, an attacker could exploit the vulnerability to run the script.

7. RDP vulnerability

The Windows operating system provides remote terminal sessions to clients through RDP (remote Data Protocol). The RDP protocol transmits related hardware information from a terminal session to a remote client, which results in: (1) A vulnerability related to the implementation of session encryption for some RDP versions. (2) vulnerabilities associated with RDP implementations of Windows XP for some incorrect packet handling methods.

8. VM Vulnerabilities

An attacker could crash a host application by passing an invalid parameter to the JDBC class, and an attacker would have to have a malicious Java applet on the Web site and entice a user to visit the site.

9. Hot Key Vulnerability

After setting the hotkey, because of the Windows XP Self logoff feature, you can make the system "fake logoff" and other users can call the program through the hotkey.

10. Account Quick Switch loophole

Windows XP Fast Account switching has problems, can be caused by account lockout, so that all the Non-administrator account can not log in.

Using the above loopholes, hackers and virus makers can access users ' computers to steal personal information, steal numbers, monitor and so on. When this happens, the user is not easy to detect, if the virus hidden deep, that is, the use of anti-virus software is difficult to find, such as online silver on the input of some accounts, passwords will be stolen. This is a very large security threat for users. And as Windows XP stops security updates in 2014, new vulnerabilities will not be patched. There is a good chance that the so-called "XP Hunter" will be on the web, targeting Windows XP users who are still in widespread use but have lost security update protection. In addition to seeing current frequent security attacks, enterprise security administrators who are using Windows XP systems will face targeted attacks targeted specifically at XP systems by attackers. This will allow the corporate network to face larger and more unpredictable security threats. Without effective measures, the vast majority of existing Windows XP users will sooner or later become the "lamb" to be slaughtered in the hands of cyber hackers.