Good news! We’re sliding into the new year with relatively few security updates — and a possible fix for the Windows XP Svchost issue.
There is one oddity this month: a rarely seen reissue of a troublesome Windows kernel update.
Is the XP Svchost debacle finally fixed?
On my office network, there’s a server that hands out updates to all attached Windows workstations. The server routinely sends me notifications whenever there’s any sort of unusual event. Recently, one such alert really caught my interest: 613 updates had “expired” off the server. In other words, Microsoft flagged them as useless members of the update team and voted them off the island.
Many of these now obsolete updates were very old Internet Explorer patches; a considerable number of those were the updates blamed for the recent XP Svchost issue. As you’ll recall, svchost.exe — a common Windows system process/service — runs amok on some XP systems, making the machines completely unusable for several minutes or hours. Some users solved the problem by manually installing all IE updates.
Why should my aforementioned server notification interest XP users? It’s likely that those updates expired on my server because Microsoft had retired them from its master update server. With the problematic updates now effectively gone, the Svchost issue should be fixed. I asked Microsoft whether this was the case but did not receive a reply in time for this column. If I hear back, I’ll post that information in the Windows Secrets Lounge. In the meantime, any XP users who’ve been affected by Svchost should check whether they still have the problem. Let me know in the Lounge, using the link at the bottom of this column.
What to do: Use XP’s Task Manager to see whether svchost.exe is consuming excessive CPU cycles.
XP systems get a fix for a zero-day threat
Those XP users paying any attention whatsoever know it’s nearly midnight (April 8, 2014) for official Microsoft support. Nevertheless, XP updates are still coming out of Redmond. Impacting only XP and Server 2003 systems, KB 2914368 clears up a zero-day vulnerability first seen in the wild this past November.