Beta for Windows XP security updates goes out to testers

[InfoSec News <isn () c4i org>]

http://www.nwfusion.com/news/2003/1218msbeta.html

By John Fontana
Network World Fusion
12/18/03

True to its promise, Microsoft Thursday delivered the first beta of
Service Pack 2 for Windows XP.

The service pack - a finished version of which is scheduled to ship in
the middle of 2004 - includes a number of updates designed to make the
operating system more secure. The software was made available through
the Microsoft Developer Network (MSDN).

During a Webcast Tuesday, Mike Nash, Microsoft’s corporate vice
president for the security business unit, said the beta was not
feature-complete but that he hoped it would generate enough feedback
from corporate users and developers to help Microsoft clean up and
finalize the code.

Microsoft officials are positioning this service pack as a
representation of the company’s commitment to make its software more
secure following a number of noteworthy attacks over the past 12
months.

Key among the features in the service pack are an upgraded and renamed
Windows Firewall, which is now turned on by default; safer Web
browsing features including enhancements to Internet Explorer to block
pop-ups and unintended downloads; memory protection to reduce
buffer-overflow vulnerabilities; and safer e-mail and instant
messaging through better protection against malicious attachments and
Instant Messenger file transfers.

For corporate users, several of the features of the service pack can
be centrally administered through Active Directory Group Policy,
including the firewall and pop-up blocking.

Other networking enhancements include changes to Remote Procedure Call
(RPC), which will now run with reduced privileges and not accept
unauthenticated connections by default, and tighter control over
permission policies so the Component Object Model can not be exploited
for network attacks. Also, the Messenger Service, a network
administration tool that has been used by spammers to send pop-up ads
to users, will be turned off by default.

The service pack beta also includes enhancements to Automatic Update
that will make it easier and faster to download critical updates from
Windows Update, new security settings for Windows Media Player 9, a
Bluetooth update to support more wireless products and a new wireless
LAN client that makes it easier to connect Windows XP to wireless
hotspots.

Given that the service pack will not be available for deployment for
more than six months, Microsoft is recommending users make a few
changes now to help protect themselves, such as turning on the
firewall in XP and regularly checking for and installing critical
software updates.



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.