FYI...

Microsoft: SP2 download flaw is social engineering
- http://software.silicon.com/security/print.htm?TYPE=story&AT=39126081-39024655t-40000024c
November 23, 2004
"Microsoft has said it will take "appropriate action" to fix a problem in Internet Explorer and Windows XP SP2 that allows a malicious website to bypass the browser's warnings about downloading potentially harmful content. The problem was first reported to Microsoft on 15 November by security company Finjan. At the time, Microsoft said Finjan's security advisory was "misleading and possibly erroneous". On Monday, French website K-otik published exploit codes that could take advantage of the same vulnerability.

On Tuesday, a Microsoft spokesperson said that the company still believes the claims are misleading because "significant user interaction and user interface steps have to occur before any malicious code can be executed". However, the software giant did admit that it was possible to bypass the security warnings in IE - even when using Windows XP with Service Pack 2..."

FYI...

Critical Update for Windows XP/SP2...New XPSP2 Firewall Patch...
- http://isc.sans.org/diary.php?date=2004-12-15
Updated December 15th 2004 21:42 UTC
"Several diary readers sent e-mail letting us know of a new (critical) patch to the XPSP2 firewall that was not mentioned in yesterday's patch release.
"After you set up Microsoft Windows Firewall in Microsoft Windows XP Service Pack 2 (SP2), you may discover that your computer can be accessed by anyone on the Internet when you use a dial-up connection to connect to the Internet."

- Oops.-

Details can be found at http://support.microsoft.com/kb/886185 ..."
APPLIES TO
• Microsoft Windows XP Home Edition Service Pack 2 (SP2)
• Microsoft Windows XP Service Pack 2
• Microsoft Windows XP Tablet PC Edition 2005
• Microsoft Windows XP Media Center Edition Service Pack 2 (SP2)

to any one useing sp2 i recomend that they use a real fire wall!! not sp2,s built in one way holy one!
If you are not using a software based firewall, get one. ZoneAlarm from /downloads-file-42.html is a favorite - and again, there is a free version. Some prefer the free Sygate Personal Firewall from http://www.uant.net/firewall/sygateguide.html

Happy New Year!

With all that's been done and said on the XP/SP2 install, the stats are that a full 25% -will- have serious problems: http://isc.sans.org/xpsp2.php

So, if you haven't done it yet, plan on "doing your homework" first, read the tips in this thread (and the ISC link above), then cross your fingers and do it. Good luck - we'd all "...rather be lucky than good, anytime".

i got it installed on my computer but three programs did ot work under sp2 my other 300+ did but my system was spyware and problem fre before installing service pack 2 you will need an absolute clean problem free system before doing this.

FYI...

- http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/sp2aumng.mspx
Updated: January 17, 2005
"...Please note that the mechanism to temporarily disable delivery of Windows XP SP2 is only available for a period of 240 days (8 months) from August 16, 2004. At the end of this period (after April 12, 2005), Windows XP SP2 will be delivered to all Windows XP and Windows XP Service Pack 1 systems..."

FYI...

Drop In Bots Due To Windows XP SP2, Says Symantec
- http://www.techweb.com/wire/security/159903590
March 21, 2005
"Microsoft's rollout of Windows XP SP2 in August 2004 was the most likely reason the number of bots actively involved in scanning dropped precipitously in the second half of 2004, said Symantec in a report the security company released Monday...While Symantec tracked an average of 30,000 machines daily that were actively involved in botnet scanning during the first half of 2004, the number plummeted to just 5,000 per day in the second. The bulk of the drop occurred mid-August, said Symantec, with a significant drop on August 19. "The timing of this drop corresponds closely with the availability of Windows XP Service Pack 2," said the report. Microsoft officially launched SP2 August 6, 2004, and rolled it out in stages throughout that month. Symantec said the decrease was largely due to a fall-off in the number of bots scanning TCP ports 135 and 445; many bot exploits, including the nefarious Gaobot, target vulnerabilities accessible through these Windows ports to infect new machines..."

.

FYI...

Another reason to upgrade XP to SP2
- http://isc.sans.org/diary.php?date=2005-03-28
Updated March 28th 2005 17:54 UTC
"...Vulnerability announced in XPSP1 that would allow a remote (authenticated) non-administrative attacker to shut down an XPSP1 system running remote desktop. Details are available at:

Non-administrative users can remotely shut down a WinXP SP1 based computer by using the TSShutdn.exe command
- http://support.microsoft.com/kb/889323/
SYMPTOMS
A non-administrative user can remotely shut down a Microsoft Windows XP Service Pack 1 (SP1)-based computer by using the TSShutdn.exe command.
CAUSE
This problem occurs because the Remote Desktop does not check the Force shutdown from a remote system user right.
...A supported hotfix is now available from Microsoft, but it is only intended to correct the problem that is described in this article. Only apply it to systems that are experiencing this specific problem. This hotfix may receive additional testing. Therefore, if you are not severely affected by this problem, we recommend that you wait for the next Windows XP service pack that contains this hotfix. To resolve this problem immediately, contact Microsoft Product Support Services to obtain the hotfix..."

FYI...

Business Adoption Of Windows XP SP2 Still Low
- http://www.informationweek.com/shared/printableArticle.jhtml?articleID=160403344
April 4, 2005
"Business adoption of Microsoft's Windows XP Service Pack 2 operating-system upgrade remains low, according to the results of a survey released Monday by AssetMetrix Inc., a vendor that helps companies analyze their computing infrastructures. The survey of 136,000 PCs at 251 companies in North America found that Windows XP SP2 had been deployed on only about 9% of those computers. Modest uptake of SP2 might be expected in the broad context of Windows computing environments because many companies continue to use Windows 2000, Windows 98, and earlier versions of Microsoft's operating system. Yet, SP2 adoption was moderate even among companies that have deployed Windows XP, with only 24% of Windows XP machines upgraded to SP2 at the companies surveyed..."

EDIT/ADD:
- http://www.theregister.com/2005/04/04/sp2_survey/
4th April 2005
"...Users still reluctant to deploy XP SP2...will have to stop using automatic updates after 12 April but that creates a number of possible issues, including possible incompatibilities with future products such as Internet Explorer 7, or a potential support gap when Microsoft support for Windows XP Service Pack 1 is withdrawn in September 2006."

FYI...

- http://www.theregister.com/2005/04/08/ms_april_patch_preview/
8th April 2005
"...Are corporates (and consumers) baulking at SP2 deployment despite its heavily-touted security benefits? Not so says Gibbons who cites a recent Microsoft survey of 800 firms which found that 77 per cent planned to deploy SP2 in the first half of 2005. "The deployment of SP2 in the home market is even higher. In December 2004, 68 per cent of consumers using XP had installed SP2," she said..."

FYI...

Windows XP SP2 Blocker Tool Expires on April 12th
- http://isc.sans.org/diary.php?date=2005-04-11
Updated April 12th 2005 06:31 UTC
"The Automatic-Download of Microsoft XP Service Pack 2 may soon happen on your network if your organization has opted out of the original update and does not maintain their own SMS or SUS servers. Read the following articles to make sure you're aware of what this update might mean for your organization.
The Microsoft TechNet - Disabling Delivery of Windows XP Service Pack 2 and a WindowsITPro article.
There has been some light speculation that smaller organizations not running centralized patch management infrastructure such as an SMS or SUS server, and Microsoft XP clients running with default Auto-Update (AU) settings in place which will prompt the downloading of updates including SP2 and then require user involvement might cause some degree of network congestion for organizations having limited network bandwidth..."

- http://www.windowsitpro.com/Articles/Print.cfm?ArticleID=45798

- http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/sp2aumng.mspx

Ahem! (cough, cough)...

- http://isc.sans.org/diary.php?date=2005-04-24
Updated April 25th 2005 05:03 UTC
"...The removal of raw sockets was one of the "features" included in Service Pack 2. Intrepid hackers soon found a way around this feature. The MS05-019 critical security patch closes this loophole. Fyodor, of nmap fame, has a couple of comments on the situation..."

- http://seclists.org/lists/nmap-hackers/2005/Apr-Jun/0000.html
Apr 23 2005
"... Pick your poison: Install MS05-019 and cripple your OS, or ignore the hotfix and remain vulnerable to remote code execution and DoS..."

FYI...

XP SP3 to arrive before Longhorn
- http://www.theinquirer.net/?article=22947
02 May 2005
"... information was handed out by Steve Ballmer, and the event was Surfa Lugnt, also known as Swedish National Data Security Day. Ballmer allegedly also said that IE7 would have anti-phishing technology built in. No-one really knows what SP3 will contain. It probably can't contain anything huge, since the next wave of upgrades due to be ported back to XP - the Aero UI, the file system and the like - won't be done until Longhorn is done. It seems likely that it will just be IE7 and some security features..."

- http://www.f-secure.com/weblog/#00000548
Friday, April 29, 2005
XP SP3?
"...Mr. Ballmer made some interesting remarks: Microsoft might indeed ship SP3 for Windows XP before longhorn comes out. Also, upcoming version 7 of Internet Explorer should have anti-phishing technology built-in."

"Did you know?..."

- http://www.securityfocus.com/news/11115
May 9 2005
"...Microsoft revealed on Thursday some details of the company's struggle to develop Service Pack 2, the massive security update released last August to harden Windows XP. Among the revelations: The software giant made more than 400 significant changes to the way Windows XP operates...In all, the software giant changed or removed 428 software features in the operating system to reduce potential vulnerability... Of those design change requests -- referred to internally as DCRs -- 51 were in Internet Explorer and 107 were in the networking functions of Windows XP... A lot of legacy code still remains in Windows XP because the company cannot risk breaking customers' applications... However, the company aims to mitigate the risk of the older code by either continuing to rewrite it, or to only install the code when the user requests the installation..."