SAN DIEGO — A second release candidate for Microsoft’s Windows XP
Service Pack 2 (XP SP2) could make its debut here as early as Wednesday if
developers could work out a nasty bug that affects gaming on 64-bit
hardware.
According to people familiar with the matter, beta testers running
games on 64-bit systems reported problems with the hardware-enforced
data execute protection (also known as NX, or no execute) which is
built into SP2 to thwart buffer overflow attack scenarios.
NX uses the CPU to mark all memory locations in an application as
non-executable unless the location explicitly contains executable code
and is seen as a crucial part of the service pack to guard against
Blaster-like virus attacks that have hammered corporate networks in
the past.
Microsoft product manager Tony Goodhew confirmed the NX protection
feature was causing problems for users running SP2 on 64-bit hardware.
“NX protection works to ensure that code can not be executed out of a
data segment. Basically you have to mark the page as executable for
the CPU to allow the code to run. If you try to run code out of a data
segment then an exception will be thrown,” Goodhew wrote on his blog.
“We’re working through how to deal with this so by the time SP2 RTMs
we should have a solution.”
During TechEd technological sessions Monday, the security-focused
goodies in XP SP2 dominated the discussions, with Microsoft providing
an in-depth look at client enhancements provided by the OS update.
The software giant also moved closer to a full release of Windows
Update V5, which features major improvements to the automatic updating
and patching process. A release candidate 2 of the newest Windows
Update also adds a new feature to resume interrupted downloads and a
streamlined user interface.
Microsoft officials believe the last minute SP2 kinks can be worked
out in time for an RC2 release “no later than next week” and a
release to manufacturing launch by the end of July.
As previously
reported XP SP2 will introduce technologies for network
protection, memory protection, e-mail handling, secure browsing and PC
maintenance. It also features a brand-new Windows Security Center that
allows the monitoring of firewalls, Automatic Update and third-party
anti-virus software and warns customers about the need to apply
patches.
Microsoft also used the TechEd spotlight to release a Platform
SDK for SP2 to allow developers to build and test pre-release
applications.
During his opening keynote on Monday, Microsoft CEO Steve Ballmer
talked up the coming service pack as an example of the company’s
commitment to security as its number one priority.
“Look, job one at
Microsoft is security,” Ballmer said. “You can trust from me, from the top of our
company, security is job one. The issues that you’ve been having keeping
these systems up in production through the attacks by these malicious
hackers is really unacceptable.”
Ballmer continued: “There is no immediate solution. We have an installed base of 600
million users. There is no way to snap our fingers — even if we had a
perfect release, we couldn’t snap our fingers together and get them
all migrated to the newest releases. And, in fact, we can’t count ever
on having a perfect release. We may think it’s perfect, but the day we
think it’s perfect and we don’t plan for a bright hacker figuring out
a way around it is a bad day.”
According to Ballmer, XP SP2 is proof of the core
quality and security of Microsoft’s flagship operating system.
“We’re working
on the tools to help you update and apply patches. We’re working on
resiliency and isolation, building layers that help you protect
systems, taking the basic concepts of firewalling and anti-virus to
the next level,” the chief said.