RealTime IT News

Windows XP SP2 Inches Closer

SAN DIEGO -- A second release candidate for Microsoft's Windows XP Service Pack 2 (XP SP2) could make its debut here as early as Wednesday if developers could work out a nasty bug that affects gaming on 64-bit hardware.

According to people familiar with the matter, beta testers running games on 64-bit systems reported problems with the hardware-enforced data execute protection (also known as NX, or no execute) which is built into SP2 to thwart buffer overflow attack scenarios.

NX uses the CPU to mark all memory locations in an application as non-executable unless the location explicitly contains executable code and is seen as a crucial part of the service pack to guard against Blaster-like virus attacks that have hammered corporate networks in the past.

Microsoft product manager Tony Goodhew confirmed the NX protection feature was causing problems for users running SP2 on 64-bit hardware.

"NX protection works to ensure that code can not be executed out of a data segment. Basically you have to mark the page as executable for the CPU to allow the code to run. If you try to run code out of a data segment then an exception will be thrown," Goodhew wrote on his blog. "We're working through how to deal with this so by the time SP2 RTMs we should have a solution."

During TechEd technological sessions Monday, the security-focused goodies in XP SP2 dominated the discussions, with Microsoft providing an in-depth look at client enhancements provided by the OS update.

The software giant also moved closer to a full release of Windows Update V5, which features major improvements to the automatic updating and patching process. A release candidate 2 of the newest Windows Update also adds a new feature to resume interrupted downloads and a streamlined user interface.

Microsoft officials believe the last minute SP2 kinks can be worked out in time for an RC2 release "no later than next week" and a release to manufacturing launch by the end of July.

As previously reported XP SP2 will introduce technologies for network protection, memory protection, e-mail handling, secure browsing and PC maintenance. It also features a brand-new Windows Security Center that allows the monitoring of firewalls, Automatic Update and third-party anti-virus software and warns customers about the need to apply patches.

Microsoft also used the TechEd spotlight to release a Platform SDK for SP2 to allow developers to build and test pre-release applications.

During his opening keynote on Monday, Microsoft CEO Steve Ballmer talked up the coming service pack as an example of the company's commitment to security as its number one priority.

"Look, job one at Microsoft is security," Ballmer said. "You can trust from me, from the top of our company, security is job one. The issues that you've been having keeping these systems up in production through the attacks by these malicious hackers is really unacceptable."

Ballmer continued: "There is no immediate solution. We have an installed base of 600 million users. There is no way to snap our fingers -- even if we had a perfect release, we couldn't snap our fingers together and get them all migrated to the newest releases. And, in fact, we can't count ever on having a perfect release. We may think it's perfect, but the day we think it's perfect and we don't plan for a bright hacker figuring out a way around it is a bad day."

According to Ballmer, XP SP2 is proof of the core quality and security of Microsoft's flagship operating system.

"We're working on the tools to help you update and apply patches. We're working on resiliency and isolation, building layers that help you protect systems, taking the basic concepts of firewalling and anti-virus to the next level," the chief said.