Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Were they not vulnerable to hackers now and in the past?


Yes, but only until Microsoft issued a fix for any vulnerabilities discovered. After April 8th, no more fixes, just bugs that can be exploited forever.

Rumors have it that hackers are detecting and cataloging vulnerabilities that they're holding in reserve for the day Microsoft stops support for XP, after which they'll have a field day exploiting known vulnerabilities, secure in the knowledge that the errors will remain in place until the victims finally dump XP.


Not only that... The main concern is that since Vista/7/8 are derived from XP, they also share critical vulnerabilities hidden inside the core of the OS. If Microsoft stops publishing patches for XP, there is a non trivial risks that attackers will be able to look at a patch for a newer Windows version, reverse it and make an exploit that will work perfectly on XP, which won't get the security fix.


No they're not. Check the major version numbers. Windows 2000, 2003 and XP were build on version 5 of the NT kernel/architecture. Vista involved a major overhaul and was version 6. Windows 7, 8 and 8.1 are versions 6.1, 6.2, and 6.3, respectively.


You can't make blanket statements like that. It depends on where the vulnerability is.

For example, Vista has a substantially-rewritten networking stack. A networking exploit in Vista would not necessarily translate over to XP.

On the other hand, there's a lot of legacy code around in GDI+ for decoding graphics formats. A file format exploit would be highly likely to carry over to XP.


Fair enough. I misunderstood the parent when posting that. Re-reading it and your comment, it makes more sense.

That makes me curious as to just how much legacy code still exists in Vista/7/8/8.1, and where. I guess it's time for me to do some more research.


Given that this site is dedicated to programmers, I'd expect you to realize that a new version of a program isn't a complete rewrite.


As much of an overhaul there may have been, it seems unlikely that NT 6.0 was started from scratch. Is there no chance vulnerable sections of the codebase carried over?


The version numbers don't indicated complete and utter uncommonality of the code base, they just indicate points of major revisions. XP and Vista/7/8 do still share a lot of common sub-systems, code, and designs, many vulnerabilities that will be discovered and patched in currently supported versions of windows will definitely apply to XP.


> just bugs that can be exploited forever.

...or until someone else patches them; remember the WMF exploit at the end of '05? There was an "unofficial", but just as effective, patch released before Microsoft released theirs.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: