Mixed in with some recent thoughts (3 More Patch Tuesdays Until Windows XP Expires) about the coming Windows XP end-of-life date, I threw in a tidbit about the possibility that Microsoft used the January Patch Tuesday to fix a long-standing Windows XP problem. To refresh your memory, I said…
A glaring problem has been affecting Windows XP for a long time where SVCHOST pegs the CPU to 100% during Windows Updates. With Windows XP being slow already, and running on old, outdated hardware in most cases, the issue has been almost show-stopping. Toward the end of 2013, Microsoft took a couple months of Patch Tuesdays to attempt to fix the problem, with no success. And, then in December, Microsoft's Doug Neal explained the situation and ensured customers that Microsoft was determined to fix it once and for all before the Windows XP expiration.
Per reports from the Patch Management email list, it appears that the problem may finally be fixed. Microsoft has made no statements as to any established action to fix it, possibly to watch community comments, but the reports are good so far.
Microsoft has now confirmed that the SVCHOST problem was, indeed, addressed during this last round of updates. The issue was fixed through a process of deprecating legacy security updates for Internet Explorer.
In a statement, Dustin Childs, group manager in the Microsoft Trustworthy Computing group said…
“On Tuesday, Microsoft depreciated legacy security updates for Internet Explorer that had been replaced by more recent ones. We did this to improve customer experience, reducing the time Windows Update requires to check existing updates before installing new ones. This action was purely to improve update performance and does not affect customer security.” - Dustin Childs, group manager, Microsoft Trustworthy Computing
Once the deadline hits (April 8, 2014), no new updates will be provided for Windows XP, so it's good to see that Microsoft is still working to support an operating system version that is soon to expire. Will the next 3 months of updates make Windows XP a more secure operating system? Will the patches make it safer to use past its death? No.
On January 15, 2014, Microsoft altered its policy on providing antimalware updates for Windows XP. Originally, Microsoft's free, consumer product, Security Essentials, would stop working to provide antimalware updates for Windows XP on the same day support for the operating system ended. Now, Security Essentials will continue to provide updates for Windows XP until July 14, 2015. This change shows that Microsoft understands that some customers need more time to migrate to a newer, supported operating system.
Still, despite Microsoft working to make Windows XP as secure as it can be before April 8, 2014 and extending Windows XP support for Security Essentials, this should in no way give customers a sigh of relief. Windows XP remains a highly unsecure operating system and continued use will only invite security problems and targeted attacks. Remember, the only good Windows XP PC is a dead Windows XP PC.