Security Watch

Researcher: End of XP SP2 Support Means More Risk

Plus: Developer ignoring DEP and ASLR at peril; what the global 'spamscape' looks like.

• By Jabulani Leffall
• 07/06/2010

In less than a week after you read these very words, Microsoft will wind down support for one of its most popular enterprise operating systems ever: Windows XP.

Okay, more specificially: after July's Patch Tuesday (July 13) Microsoft will no longer release security updates for XP Service Pack 2.

While Windows 7 is getting decent reviews along the lines of security, there's no doubt that Redmond is aware of the irony of ending support at the same time that it combats a Windows Help and Support Center vulnerability in all currently supported versions of XP.

The end of support for XP SP2 comes nearly a month after the software giant issued a security advisory about the remote code execution bug that can be triggered when a Windows user in an Internet Explorer session clicks on a links in specially crafted Web pages or e-mail messages.

Support retirement notwithstanding, many enterprises may choose not to upgrade to Windows 7 just yet and may not even upgrade to XP Service Pack 3, according to one researcher.

"We were surprised by the number of people who have not yet deployed Service Pack 3," said Dean Williams, Services Development Manager for Softchoice in an e-mail statement. "Microsoft announced the expiration date in April of 2008, yet 45 percent of the machines we looked at are still running SP2. If organizations aren't already on top of this, they should be moving quickly to update their systems."

In a research note (click here for the PDF), Softchoice said its analysis of 278,498 corporate and public sector PCs reveals that almost half are still running Microsoft Windows XP Service Pack 2.

The reported estimated that nearly eight out of every 10 organizations contained in a report covering a period from January to June have a "high enough prevalence of SP2 in their environment to warrant immediate action to update their systems."

The greater issue here is that Microsoft's current, in-the-wild exploit affecting XP that may or may not be patched in July covers every version of XP.

There's some concern among security observers that Microsoft may be ceding XP to hackers who know Redmond isn't going to support it anymore and may look to gear more exploits told the older operating system.

Time will tell.

App Developers Ignoring Built-In Windows Security Components?
Developers of third-party applications that run within Sun Java JRE, Apple QuickTime and RealPlayer, apps that are all used in a Windows stack, may not be utilizing Data Execution Prevention (DEP) and Address Space Layout Randomization (ASLR), two prominent Windows OS defense mechanisms. That's according to Secunia (PDF report here). In a default configuration, Windows applications have to inform the operating system that they want DEP or ASLR enabled often times in order to run.

Both DEP and ASLR add a layer of protection by preventing the execution of writable memory and the ability to hide malicious code in a fixed executable IP address respectively.

The report found that while most "Microsoft applications take full advantage of DEP and ASLR, third-party applications have yet to fully adapt to the requirements of the two mechanisms."

Taking into account the increased number of bugs discovered in third-party applications such as Adobe Reader and Flash Player -- both of which were also on Secunia's list -- the incentive to target non-Windows apps that sit on the Windows OS becomes greater.

Both Microsoft and Secunia have long noted that incorporating these Windows OS functions, while not a substitute for secure code, can save some headaches.

AppRiver's Data Outlines 'Spamscape'
Web Security outfit AppRiver just released this mid-year PDF report titled "Threats and Spamscapes," which analyzed and outlined spam and malware trends between January and June 2010. In doing its sweeps to formulate the conclusion, AppRiver quarantined more than 26 billion spam messages in more than six million mailboxes.

This report's findings are similar to most all others you might find out on the Web, in the respect that its data reveals the U.S. as the top spam-producing country, followed by Brazil. Other notable countries include India and Russia, with a notable uptick in hatched spam coming out of Eastern European locales such as the Ukraine.

Meanwhile, Europe, with more than 44 percent and Asia with about 23 percent of spawned spam, lead by a wide margin as continents where spam is originating.

Facebook is a major tool these days for spammers involved in phishing activity, according to the report, which also identified a major campaign of spoofed e-mails purportedly coming from Microsoft and regarding news updates about the Conficker worm. You might remember that the self-replicated Conficker worm was the bane of Windows IT pros' existence last year and garnered international attention.