XP SP2 Goes International

Unfazed by distribution hiccups and noisy security skeptics,
Microsoft is moving full steam ahead with the international
rollout of Windows XP Service Pack 2 (SP2).

One month after English language versions of the service pack shipped
to manufacturers, the software giant released SP2 to manufacturing in
German, Japanese, Korean, simplified Chinese and traditional Chinese.

“[We are] on track to localize the software into 25 different
languages within two months of RTM,” a Microsoft spokesman told
internetnews.com.

Microsoft has been
forced into damage-control mode by warnings from security experts that
potentially serious vulnerabilities remain in the service pack.

Last month, German research firm Heise Security issued
an advisory
for a pair of SP2 flaws with a warning that attackers
could launch malicious files from an untrusted zone. However, Microsoft
insisted the flaw warning was not in conflict with the design goals of
the new protections built into XP SP2.

Last week, a technology news magazine reported results of an internal
test that discovered a “highly critical vulnerability” that would allow
a malicious user to spoof the service pack’s new Windows Security
Center. Again, Microsoft rushed to debunk what it describes as
“misguided press reports” that were causing “undue concern.”

The company explained that the Windows Security Center added to the
Control Panel was not vulnerable. “In order for an attacker to spoof the
Windows Security Center, he or she would have to have local
administrator rights on the computer,” Microsoft said, noting that a
malicious hacker with admin access could pursue far more serious attacks
than just spoofing the Security Center.

“In Windows XP SP2, we have added functionality to reduce the
likelihood of unknown applications from running on the user’s system,
including turning Windows Firewall on by default, Data Execution
Prevention and Attachment Manager in Outlook Express, to name a few,”
the company added.

The spokesman said it was “simply unrealistic” to expect SP2 to
represent a permanent security solution and maintained that the service
pack contains “a number of significant security technologies and
behavior changes that help thwart attacks.”

Despite those hiccups and a modification
of its internal delivery schedule for XP Pro users, Microsoft said it
was pleased with the distribution so far.

“We have pushed SP2 out to
millions of customers [and] are steadily increasing Automatic Update
distribution. [We] have now begun pushing out SP2 to Windows XP Pro
customers,” the spokesman said.

Users having problems downloading the service pack can order
a free CD
with the update. The service pack on a CD is available for
Windows XP Home Edition, Professional, Media Center Edition, or Tablet
PC Edition.

“New machines preloaded with SP2 should begin arriving in the channel
in the September/October time frame,” said the spokesman. “The exact time it takes for SP2
machines to be available will vary from OEM to OEM.”

News Around the Web