Critical Infrastructure Security, Network Security, Patch/Configuration Management, Vulnerability Management

It’s heeere: Windows XP Service Pack 3 released

Microsoft has released what is believed to be the final update for Windows XP, the operating system prior to Vista, but still widely deployed by enterprises and consumers.

A Microsoft spokesperson informed SCMagazineUS.com that yesterdayMicrosoft released Windows XP SP3 to Windows Update and MicrosoftDownload Center.  Microsoft is also resuming automatic distribution ofWindows Vista SP1.

On its downloads site, Microsoft said, "Windows XP Service Pack 3 (SP3) includes all previously released updates for the operating system. This update also includes a small number of new functionalities, which do not significantly change customers' experience with the operating system."

Many see the release as a minor tidying up. University of Illinois researcher John Bambenek, for example, on the website of the SANS Internet Storm Center, said that for the most part, the release is simply a bundle of all the updates since SP2.

But, he points out that the update affects Internet Explorer (IE) users.

"If you are an IE 6 user, SP3 will simply update your IE 6 installation," he said. "You will continue to be able to upgrade to IE 7 as an option. If you are an IE 7 user, it will update your IE 7 installation. However, you will not be able to go back to IE 6 after applying this service pack."

For those using the latest generation, IE 8 (in beta), an uninstall will be needed before applying the service pack, and then a reinstall of IE 8, Bambenek added.

Another upgrade included in this pack retrofits some Vista functionality into XP, namely in the area of network access protection, black-hole router detection, enhanced security for administrator and service policy entries and a kernel mode crypto driver, he wrote.

Additionally, he said, some of the "optional" updates released since SP2 will be installed with SP3 (MMC 3.0, MXSXML6, WPA2 support, etc.).

When asked why Microsoft is even bothering to release this update, considering that Vista is the newer OS, Windows proponent Paul Thurrott, on his website SuperSite for Windows, which tracks Microsoft releases, cites customer satisfaction with the earlier OS, particularly its relative security, stability and reliability.

"Many businesses will roll out new XP-based PCs in the coming years, and as anyone who's had to update an XP SP2 system can tell you, the 100-plus updates that Microsoft has shipped since SP2 can be a nightmare to deploy," he said.

The release of XP SP3 is also having an impact in the network access control (NAC) sector. Some market researchers point to Microsoft's inclusion of a NAC client in the update as a sure sign that enterprise NAC deployment is certain to grow. This upgrade will allow XP users to deploy NAP (network access protection), Microsoft's NAC-like security technology, using the NAP endpoint-reporting software. NAP is already available in Vista and Server 2008.

Microsoft first postponed the release of XP SP3 in early 2006 until 2007, then once again until this year. Microsoft recently said it delayed the release because of a compatibility problem between its Dynamics Retail Management System, an electronic point-of-sale (POS) system for small- and mid-size retailers, and Windows XP SP3 and Vista SP1.

Regarding the delay in the release of SP3, the Microsoft spokesperson said,
"Following last week's discovery of a compatibility issue between bothWindows XP SP3 and Windows Vista SP1 and Microsoft Dynamics RMS,Microsoft created and deployed a filter on Windows Update that will notoffer either service packs to Microsoft Dynamics RMS customers.  A fixfor this issue is currently in testing at Microsoft and with customersand we hope to make it publicly available this month. Until then,Microsoft is advising Microsoft Dynamics RMS customers to not installeither service pack. Microsoft Dynamics RMS customers running Windows XP SP3 or WindowsVista SP1 should contact Microsoft Customer Support Services foradditional information."



Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.