39 replies to this topic

[LDTate]

At the end of this period (after April 12, 2005), Windows XP SP2 will be delivered to all Windows XP and Windows XP Service Pack 1 systems..."

Is that only if you run updates
So what's next? Disabling your AVG and programs like Ad-Aware, so one has to run theirs

[AplusWebMaster]

FYI...

Drop In Bots Due To Windows XP SP2, Says Symantec
- http://www.techweb.c...urity/159903590
March 21, 2005
"Microsoft's rollout of Windows XP SP2 in August 2004 was the most likely reason the number of bots actively involved in scanning dropped precipitously in the second half of 2004, said Symantec in a report the security company released Monday...While Symantec tracked an average of 30,000 machines daily that were actively involved in botnet scanning during the first half of 2004, the number plummeted to just 5,000 per day in the second. The bulk of the drop occurred mid-August, said Symantec, with a significant drop on August 19. "The timing of this drop corresponds closely with the availability of Windows XP Service Pack 2," said the report. Microsoft officially launched SP2 August 6, 2004, and rolled it out in stages throughout that month. Symantec said the decrease was largely due to a fall-off in the number of bots scanning TCP ports 135 and 445; many bot exploits, including the nefarious Gaobot, target vulnerabilities accessible through these Windows ports to infect new machines..."

.

[AplusWebMaster]

FYI...

Another reason to upgrade XP to SP2
- http://isc.sans.org/...date=2005-03-28
Updated March 28th 2005 17:54 UTC
"...Vulnerability announced in XPSP1 that would allow a remote (authenticated) non-administrative attacker to shut down an XPSP1 system running remote desktop. Details are available at:

Non-administrative users can remotely shut down a WinXP SP1 based computer by using the TSShutdn.exe command
- http://support.micro....com/kb/889323/
SYMPTOMS
A non-administrative user can remotely shut down a Microsoft Windows XP Service Pack 1 (SP1)-based computer by using the TSShutdn.exe command.
CAUSE
This problem occurs because the Remote Desktop does not check the Force shutdown from a remote system user right.
...A supported hotfix is now available from Microsoft, but it is only intended to correct the problem that is described in this article. Only apply it to systems that are experiencing this specific problem. This hotfix may receive additional testing. Therefore, if you are not severely affected by this problem, we recommend that you wait for the next Windows XP service pack that contains this hotfix. To resolve this problem immediately, contact Microsoft Product Support Services to obtain the hotfix..."

[AplusWebMaster]

FYI...

Business Adoption Of Windows XP SP2 Still Low
- http://www.informati...cleID=160403344
April 4, 2005
"Business adoption of Microsoft's Windows XP Service Pack 2 operating-system upgrade remains low, according to the results of a survey released Monday by AssetMetrix Inc., a vendor that helps companies analyze their computing infrastructures. The survey of 136,000 PCs at 251 companies in North America found that Windows XP SP2 had been deployed on only about 9% of those computers. Modest uptake of SP2 might be expected in the broad context of Windows computing environments because many companies continue to use Windows 2000, Windows 98, and earlier versions of Microsoft's operating system. Yet, SP2 adoption was moderate even among companies that have deployed Windows XP, with only 24% of Windows XP machines upgraded to SP2 at the companies surveyed..."



EDIT/ADD:
- http://www.theregist.../04/sp2_survey/
4th April 2005
"...Users still reluctant to deploy XP SP2 after then will have to stop using automatic updates after 12 April but that creates a number of possible issues, including possible incompatibilities with future products such as Internet Explorer 7, or a potential support gap when Microsoft support for Windows XP Service Pack 1 is withdrawn in September 2006."

Edited by AplusWebMaster, 04 April 2005 - 10:56 AM.

['KotaGuy]

Then there are those systems that just don't like SP2 at all!

I have a box that no matter what I do, will NOT accept SP2. Through Windows Updates, CD-ROM, Network Install... just doesn't like it. Even though it works fine on my three other systems, one of which is practically identical to the problem box in its hardware and configuration.

It did actually accept SP2 the very first time I tried to install it, crippled the box so bad I had to reinstall Windows

I know there are more problem systems like the one I have.

[AplusWebMaster]

FYI...

- http://www.theregist..._patch_preview/
8th April 2005
"...Are corporates (and consumers) baulking at SP2 deployment despite its heavily-touted security benefits? Not so says Gibbons who cites a recent Microsoft survey of 800 firms which found that 77 per cent planned to deploy SP2 in the first half of 2005. "The deployment of SP2 in the home market is even higher. In December 2004, 68 per cent of consumers using XP had installed SP2," she said..."

[AplusWebMaster]

FYI...

Windows XP SP2 Blocker Tool Expires on April 12th
- http://isc.sans.org/...date=2005-04-11
Updated April 12th 2005 06:31 UTC
"The Automatic-Download of Microsoft XP Service Pack 2 may soon happen on your network if your organization has opted out of the original update and does not maintain their own SMS or SUS servers. Read the following articles to make sure you're aware of what this update might mean for your organization.
The Microsoft TechNet - Disabling Delivery of Windows XP Service Pack 2 and a WindowsITPro article.
There has been some light speculation that smaller organizations not running centralized patch management infrastructure such as an SMS or SUS server, and Microsoft XP clients running with default Auto-Update (AU) settings in place which will prompt the downloading of updates including SP2 and then require user involvement might cause some degree of network congestion for organizations having limited network bandwidth..."

- http://www.windowsit...ArticleID=45798

- http://www.microsoft...n/sp2aumng.mspx

[AplusWebMaster]

Ahem! (cough, cough)...

- http://isc.sans.org/...date=2005-04-24
Updated April 25th 2005 05:03 UTC
"...The removal of raw sockets was one of the "features" included in Service Pack 2. Intrepid hackers soon found a way around this feature. The MS05-019 critical security patch closes this loophole. Fyodor, of nmap fame, has a couple of comments on the situation..."

- http://seclists.org/...r-Jun/0000.html
Apr 23 2005
"... Pick your poison: Install MS05-019 and cripple your OS, or ignore the hotfix and remain vulnerable to remote code execution and DoS..."

[AplusWebMaster]

FYI...

XP SP3 to arrive before Longhorn
- http://www.theinquir.../?article=22947
02 May 2005
"... information was handed out by Steve Ballmer, and the event was Surfa Lugnt, also known as Swedish National Data Security Day. Ballmer allegedly also said that IE7 would have anti-phishing technology built in. No-one really knows what SP3 will contain. It probably can't contain anything huge, since the next wave of upgrades due to be ported back to XP - the Aero UI, the file system and the like - won't be done until Longhorn is done. It seems likely that it will just be IE7 and some security features..."

- http://www.f-secure....eblog/#00000548
Friday, April 29, 2005
XP SP3?
"...Mr. Ballmer made some interesting remarks: Microsoft might indeed ship SP3 for Windows XP before longhorn comes out. Also, upcoming version 7 of Internet Explorer should have anti-phishing technology built-in."

[AplusWebMaster]

"Did you know?..."

- http://www.securityf....com/news/11115
May 9 2005
"...Microsoft revealed on Thursday some details of the company's struggle to develop Service Pack 2, the massive security update released last August to harden Windows XP. Among the revelations: The software giant made more than 400 significant changes to the way Windows XP operates...In all, the software giant changed or removed 428 software features in the operating system to reduce potential vulnerability... Of those design change requests -- referred to internally as DCRs -- 51 were in Internet Explorer and 107 were in the networking functions of Windows XP... A lot of legacy code still remains in Windows XP because the company cannot risk breaking customers' applications... However, the company aims to mitigate the risk of the older code by either continuing to rewrite it, or to only install the code when the user requests the installation..."