FYI...

MS Issues First SP2 Patch...for VPN users...
- http://www.techweb.com/article/printableArticle.jhtml?articleID=47902349&site_section=700028
September 23, 2004
"Microsoft has posted its first fix for Windows XP Service Pack 2 (SP2), the massive update that went out to users last month. The update fixes a flaw discovered almost immediately after SP2's release in August that affected users of virtual private networks (VPNs). A temporary fix was released shortly after that, but the most recent is considered a permanent patch by Microsoft. The update to SP2, said the Redmond, Wash.-based developer, fixes the problem the OS had when programs connected to a loopback address other than 127.0.0.1. SP2 blocks all IP addresses in the loopback address range except for 127.0.0.1, and drops an error message on the user.

The patch to SP2 was not listed in the normal location on Microsoft's Web site -- its Security center -- but instead was tucked into the Download section."

>>> http://www.microsoft.com/downloads/details.aspx?amp;displaylang=en&familyid=17D997D2-5034-4BBB-B74D-AD8430A1F7C8&displaylang=en
"...Overview
This update helps resolve an issue on computers running Windows XP Service Pack 2. Programs that connect to IP addresses in the loopback address range may not work as expected and you may receive an error message indicating you cannot establish a connection..."

FYI...

MS Previews Embedded XP SP2
- http://www.techweb.com/article/printableArticle.jhtml?articleID=49400465&site_section=700027
October 04, 2004
"Figuring to entice developers building on hardware that requires an embedded OS, Microsoft on Monday released a free preview of Windows XP that's designed for use on thin clients, kiosks, and other non-PC hardware. Saddled with the moniker of Windows XP Embedded with Service Pack 2, the new OS features the same security enhancements found in the client version of SP2, said Microsoft...Among the tools in SP2 that Horn touted for embedded developers were the integrated firewall -- now enabled by default -- support for Bluetooth networking, and a new quick-boot feature that reduces startup and shutdown times..."
>>> http://msdn.microsoft.com/embedded/getstart/prodoverview/future/techpreview/xptechpreview/default.aspx?print=true

--------------------------

Additionally, as of date/time of this post, with 2186 entries, (now up to) 23% of respondants had serious trouble: http://isc.sans.org/xpsp2.php?

.

FYI...

(PC World) Is XP's Fix Safe?
- http://www.pcworld.com/resource/printable/article/0,aid,117990,00.asp
October 06, 2004
"Windows XP Service Pack 2 promises to protect you from the most pervasive worm attacks, stop pop-up ads, and tighten security in Windows' Achilles' heel, Internet Explorer. But given the problems many users experienced with XP's first service pack, some people have been waiting to hear whether this update is more likely to hurt than help. The news is mostly positive: With SP2 finally making its way onto millions of computers, early reports suggest that the upgrade has gone smoothly for the majority of those who have installed it. But for at least a significant number of people, SP2 has spelled trouble, triggering software conflicts, system slowdowns, network outages, and in some cases boot failures. Blame for the difficulties (some of which are still emerging) may rest with software and hardware vendors, or with Microsoft itself. But regardless of who's at fault, if you were hoping that the decision to install SP2 would be easy, think again..."

(Also has an excellent list of links to "SP2 Online Resources", though some have already been posted in this thread)

.

FYI...from the PC World article:

Get the Latest...from Your PC Manufacturer -Before- Installing WinXP/SP2
>>> http://www.microsoft.com/windowsxp/sp2/oemlinks.mspx?pf=true
(List last Updated: September 8, 2004)

Nice job, AplusWebMaster. I've seen you in The Tavern I believe, but hardly bump into you elsewhere. I even came to be here almost by accident now.
I'm still having a rough time figuring out your stance re: M$, but it's good to see someone doing their homework concerning the fixes and the fixes for the fixes.
Knowing of the growing feud between Mozilla and M$, I followed your website link to try to order the XP SP2 CD for a second time, using the FireFox browser which is now the default on my main machine.
I received a security warning about the certificate possibly not being from Microsoft. Is this somehow related to the download being buried as I saw mentioned on your site? Or more to do with the aforementioned feud?
Not really knowing what to do, I resorted to starting IE and finishing my order.

I'll be back.
CFC

i ordered and recived my service pack two cd,s useing firefox? i did click except the ms certs this time only lol

FYI...

- http://www.us-cert.gov/cas/bulletins/SB04-294.html#windowsXP
SecurityFocus Bugtraq ID, 11410, October 13, 2004
Risk: Medium
"A default configuration vulnerability exists that may allow malicious users to create a listening port to provide remote access to a vulnerable computer. This is due to a weakness in the Internet Connection Firewall (ICF).

No workaround or patch available at time of publishing.

A Proof of Concept exploit has been published...

Vendor & Software Name:
Microsoft
Windows XP Home SP2
Windows XP Media Center Edition SP2
Windows XP Professional SP2..."

FYI...

WinXP SP2 Adoption Slow In Enterprise, Picks Up In SMB
Most sites continue to delay at 90-day milestone
- http://www.crn.com/showArticle.jhtml?articleId=51202859&printableArticle=true
Nov. 04, 2004
"Three months after the debut of Windows XP SP2, most enterprises continue to delay deployments of the code -- yet activity in the SMB market is beginning to pick up. ISVs and partners say large corporations are postponing the second Windows service pack because of application compatibility problems and the extensive amount of testing necessary. What's more, large companies can do without SP2 for some time since they already have enterprise-level firewalls and other security applications, observers say. Gartner Group, for example, advises customers to wait until new No Execute (NX) processors ship in 2005. "A lot of customers are holding off," said Todd Swank, Director of Marketing for Northern Computer Technologies, Burnsville, Minn. "This is bigger than a service pack and some people say it's like a brand new operating system." ISVs in the desktop management space concur.
"We've made greater inroads into small and midsize organizations, but no one with 500 seats and above is going to deploy now, "said Brian Styles, CTO of ScriptLogic, an ISV whose Desktop Authority 6.0 application assists in Windows desktop deployments and management. "The bigger the organization, the slower the approach will be. The resellers that handle smaller accounts, like 100 and 200 users, are more aggressive with the rollout of SP2 because there's less risk..."

Thanks for responding.

I get them all the time too. If it is not something important, I've taken to canceling the download in todays internet. I've taken too many chances as it is already, and some of the legitimate ones are just as bad it seems.
It is just that it seems ironic that many malware freeware apps fall into this category, and Microsoft does it's best to keep the competition at bay! I sent several apps via email, including "Shoot The Messenger" which MSN and Hotmail reported as having viruses and blocked the attachments!

_________________

FYI...

Ten SP2 flaws leave XP users open to hackers
- http://www.vnunet.com/news/1159322
11 Nov 2004
"Security researchers claimed today that millions of Microsoft customers are at risk from 10 serious security vulnerabilities uncovered in Windows XP patched with Service Pack 2 (SP2). By exploiting all the vulnerabilities discovered in SP2 by security firm Finjan, attackers could "silently and remotely" take over an SP2 machine when the user simply browses a web page. Finjan claimed that hackers could also switch between Internet Explorer security zones to obtain rights of local zone Internet Explorer users. This could make it possible to elevate the privilege level of mobile code downloaded from the internet, thereby allowing the remote code to read, write and execute files on the user's hard drive.

According to Finjan, hackers could also bypass XP SP2's notification mechanism on the download and execution of .exe files, and therefore download files without any warning or notification. Finjan's Malicious Code Research Center, which claims to have identified the flaws, has provided Microsoft with full technical details and has been assisting the software giant to patch the holes.

Although it warned users about the alleged flaws, the security firm refused to provide specific details. "In order to prevent the creation of malicious viruses and worms, Finjan will not release any technical details about these vulnerabilities until they are fully patched by Microsoft," it stated. Shlomo Touboul, chief executive and founder of Finjan Software, added: "The recently released XP SP2 operating system offers certain security features. "However, it suffers because it is still basically the same operating system and has some major flaws which compromise end-user security."
> http://www.finjan.com/SecurityLab/

Additional info on the potential XP/SP2 vulns discovery from Finjan:

- http://www.finjan.com/company/NewsRoom/press_show.asp?press_release_id=165
SAN JOSE,CA Nov 10, 2004
"...Windows XP SP2 operating system is a continuation of the same Windows XP Operating System and Windows Kernel. All Windows versions have been developed with requirements for highest backward compatibility and open architecture, with maximum productivity and ease of use. In addition, Windows applications typically run with administrative permission with full and unlimited access to computer resources.

This, together with the emerging technology of mobile code has created a situation in which active content travels freely over the web and gains full control of host computers. These fundamentals create a green field for hackers shown by constantly increasing attacks and damage over the last few years. A security patch of Windows operating system without changing the rules of the game will not be enough to fight the recent complex malicious code attacks such as Scob, Mydoom, and others. End users and Enterprises must add an independent security layer that is not dependent on the above fundamentals..."

FYI...

Troubleshooting Windows Firewall in MS Windows XP SP 2
- http://www.microsoft.com/downloads/details.aspx?FamilyID=a7628646-131d-4617-bf68-f0532d8db131&DisplayLang=en
File Name: WF_Tshoot.doc
Download Size: 297 KB
Date Published: 11/11/2004
Version: 1.3
"This article describes how Windows Firewall works, the common problems with using Windows Firewall, and the set of tools used to troubleshoot Windows Firewall issues."

FYI...

You receive the Stop error "Stop 0x05 (INVALID_PROCESS_ATTACH_ATTEMPT)" in WinXP SP2 or Windows Server 2003
- http://support.microsoft.com/kb/887742
"This update addresses an issue in Windows XP Service Pack 2 that could cause the system to stop responding if certain TDI filter drivers, such as anti-virus software, are installed.
Article ID: 887742
Last Review: November 22, 2004
Revision: 1.0

Update for Windows XP (KB887742)
- http://www.microsoft.com/downloads/details.aspx?amp;amp;displaylang=en&familyid=d96edb1c-79f0-443b-ac96-8b5dca23f395&displaylang=en
File Name: WindowsXP-KB887742-x86-ENU.exe
Download Size: 447 KB
Date Published: 11/22/2004
Version: 887742

Windows Server 2003
There is no hotfix or update currently available to resolve this problem in Windows Server 2003..."