[ISN] Beta for Windows XP security updates goes out to testers

From: InfoSec News (isn@private)
Date: Fri Dec 19 2003 - 05:47:27 PST

  • Next message: InfoSec News: "[ISN] 1st Ever Cybercrime and Information Security Survey"

    By John Fontana
    Network World Fusion
    True to its promise, Microsoft Thursday delivered the first beta of
    Service Pack 2 for Windows XP.
    The service pack - a finished version of which is scheduled to ship in
    the middle of 2004 - includes a number of updates designed to make the
    operating system more secure. The software was made available through
    the Microsoft Developer Network (MSDN).
    During a Webcast Tuesday, Mike Nash, Microsoft’s corporate vice
    president for the security business unit, said the beta was not
    feature-complete but that he hoped it would generate enough feedback
    from corporate users and developers to help Microsoft clean up and
    finalize the code.
    Microsoft officials are positioning this service pack as a
    representation of the company’s commitment to make its software more
    secure following a number of noteworthy attacks over the past 12
    Key among the features in the service pack are an upgraded and renamed
    Windows Firewall, which is now turned on by default; safer Web
    browsing features including enhancements to Internet Explorer to block
    pop-ups and unintended downloads; memory protection to reduce
    buffer-overflow vulnerabilities; and safer e-mail and instant
    messaging through better protection against malicious attachments and
    Instant Messenger file transfers.
    For corporate users, several of the features of the service pack can
    be centrally administered through Active Directory Group Policy,
    including the firewall and pop-up blocking.
    Other networking enhancements include changes to Remote Procedure Call
    (RPC), which will now run with reduced privileges and not accept
    unauthenticated connections by default, and tighter control over
    permission policies so the Component Object Model can not be exploited
    for network attacks. Also, the Messenger Service, a network
    administration tool that has been used by spammers to send pop-up ads
    to users, will be turned off by default.
    The service pack beta also includes enhancements to Automatic Update
    that will make it easier and faster to download critical updates from
    Windows Update, new security settings for Windows Media Player 9, a
    Bluetooth update to support more wireless products and a new wireless
    LAN client that makes it easier to connect Windows XP to wireless
    Given that the service pack will not be available for deployment for
    more than six months, Microsoft is recommending users make a few
    changes now to help protect themselves, such as turning on the
    firewall in XP and regularly checking for and installing critical
    software updates.
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomo@private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Fri Dec 19 2003 - 08:34:19 PST