Re: Do I need XP2.....Some more Brenda...
by John Robie - 10/5/04 8:10 AM
In Reply to: Re: Do I need XP2 by John Robie
reasons to install SP2:
In Windows XP Service Pack 2, Microsoft is introducing a set of security technologies that will help to improve the ability of computers running Windows XP to withstand malicious attacks, especially those from viruses and worms. The technologies include these improvements:
Web browsing security
Together, these security technologies will help to make it more difficult to attack Windows XP, even if the latest updates are not applied.
In addition, this service pack also includes updates designed to improve the performance and stability of several Windows features.
Whats New in This Version
Added new sections: Distributed Transaction Coordinator, Internet Information Services.
Revised sections: Windows Firewall, Setup, Resultant Set of Policy, Windows Update, Internet Explorer Feature Control Settings in Group Policy, Internet Explorer URLAction Security Settings in Group Policy, Internet Explorer MIME Handling Enforcement, Internet Explorer Network Protocol Lockdown, Internet Explorer Local Machine Lockdown.
Overview of Windows XP Service Pack 2 Security Technologies
In Windows XP Service Pack 2, Microsoft is delivering several improved security technologies that help protect customers against malware and other risks to their computer. These technologies are not intended to replace periodic security updates as they are released, but rather to help strengthen Windows XP's overall defenses against malicious attacks.
Network protection. These security technologies help to provide better protection against network-based attacks, like MSBlaster, through a number of innovations, including enhancements to Windows Firewall and a reduced RPC attack surface. These enhancements include turning on Windows Firewall in default installations of Service Pack 2, closing ports except when they are in use, improving the user interface for configuration, improving application compatibility when Windows Firewall is on, and enhancing enterprise administration of Windows Firewall through Group Policy. The attack surface of the Remote Procedure Call (RPC) service is reduced, and you can run RPC objects with reduced credentials. The DCOM infrastructure also has additional access control restrictions to reduce the risk of a successful network attack.
Memory protection. Some attacks by malicious software leverage software security vulnerabilities that allow too much data to be copied into areas of the computers memory. These vulnerabilities are typically referred to as buffer overruns. Although no single technique can completely eliminate this type of vulnerability, Microsoft is employing a number of security technologies to mitigate these attacks from different angles. First, core Windows components have been recompiled with the most recent version of our compiler technology, which provides added protection against buffer overruns. Additionally, Microsoft is working with microprocessor companies to help Windows support hardware-enforced data execution prevention (DEP) on microprocessors that contain the feature. Data execution prevention uses the CPU to mark all memory locations in an application as non-executable, unless the location explicitly contains executable code. This way, when an attacking worm or virus inserts program code into a portion of memory marked for data only, an application or Windows component will not run it.
E-mail handling. Security technologies help to stop viruses (such as SoBig.F) that spread through e-mail and instant messaging. These technologies include default settings that have enhanced security, improved attachment control using the Attachment Execution Service (AES) API. This results in security and reliability enhancements for communications applications such as Microsoft Outlook, Outlook Express and Windows Messenger. As a result, potentially unsafe attachments that are sent through e-mail and instant messages are isolated so that they are less likely to affect other parts of the system.
Browsing security. Security technologies that are delivered in Microsoft Internet Explorer provide improved protection against malicious content on the Web. One enhancement includes locking down the Local Machine zone to help prevent the running of malicious scripts and fortifying against harmful Web downloads. Additionally, better user controls and user interfaces are provided that help prevent malicious ActiveX controls and spyware from running on customers systems without their knowledge and consent.
Computer maintenance. A very important part of any security plan is keeping computers updated with the latest software and security updates and understanding the role they play in protecting your computer. Ensuring that you have current knowledge of security attacks and trends is also important. For example, some software updates that mitigated known viruses and worms were available days or weeks before any significant attacks began. New technologies are being added to help the end user stay up-to-date. These technologies include Security Center, which provides a central location for information about the security of your computer, and Windows Installer, which provides more security options for software installation.
Microsoft understands that security technologies are only one aspect of a sound defense-in-depth security strategy. The security technologies outlined here are the next steps being taken in the Trustworthy Computing initiative to make customers systems more resilient to malicious attacks.
The following Microsoft Security Bulletins are included in Service Pack 2.
MS04-025 (867801) - Cumulative Security Update for Internet Explorer
MS04-024 (839645) - Vulnerability in Windows Shell Could Allow Remote Code Execution
MS04-023 (840315) - Vulnerability in HTML Help Could Allow Code Execution
MS04-022 (841873) - Vulnerability in Task Scheduler Could Allow Code Execution
MS04-018 (823353) - Cumulative Security Update for Outlook Express
MS04-016 (839643) - Vulnerability in DirectPlay Could Allow Denial of Service
MS04-015 (840374) - Vulnerability in Help and Support Center Could Allow Remote Code Execution
MS04-014 (837001) - Vulnerability in the Microsoft Jet Database Engine Could Allow Code Execution
MS04-013 (837009) - Cumulative Security Update for Outlook Express
MS04-012 (828741) - Cumulative Update for Microsoft RPC/DCOM
MS04-011 (835732) - Security Update for Microsoft Windows
MS04-007 (828028) - ASN.1 Vulnerability Could Allow Code Execution
MS04-004 (832894) - Cumulative Security Update for Internet Explorer
MS04-003 (832483) - Buffer Overrun in MDAC Function Could Allow Code Execution
MS03-051 (813360) - Buffer Overrun in Microsoft FrontPage Server Extensions Could Allow Code Execution
MS03-049 (828749) - Buffer Overrun in the Workstation Service Could Allow Code Execution
MS03-048 (824145) - Cumulative Security Update for Internet Explorer
MS03-045 (824141) - Buffer Overrun in the ListBox and in the ComboBox Control Could Allow Code Execution
MS03-044 (825119) - Buffer Overrun in Windows Help and Support Center Could Lead to System Compromise
MS03-043 (828035) - Buffer Overrun in Messenger Service Could Allow Code Execution
MS03-041 (823182) - Vulnerability in Authenticode Verification Could Allow Remote Code Execution
MS03-040 (828750) - Cumulative Patch for Internet Explorer
MS03-039 (824146) - Buffer Overrun in RPCSS Service Could Allow Code Execution
MS03-034 (824105) - Flaw in NetBIOS Could Lead to Information Disclosure
MS03-032 (822925) - Cumulative Patch for Internet Explorer
MS03-030 (819696) - Unchecked Buffer in DirectX Could Enable System Compromise
MS03-027 (821557) - Unchecked Buffer in Windows Shell Could Enable System Compromise
MS03-026 (823980) - Buffer Overrun in RPC Interface Could Allow Code Execution
MS03-024 (817606) - Buffer Overrun in Windows Could Lead to Data Corruption
MS03-023 (823559) - Buffer Overrun in HTML Converter Could Allow Code Execution
MS03-021 (819639) - Flaw in Windows Media Player May Allow Media Library Access
MS03-020 (818529) - Cumulative Patch for Internet Explorer
MS03-018 (811114) - Cumulative Patch for Internet Information Service
MS03-015 (813489) - Cumulative Patch for Internet Explorer
MS03-014 (330994) - Cumulative Patch for Outlook Express
MS03-013 (811493) - Buffer Overrun in Windows Kernel Message Handling Could Lead to Elevated Privileges
MS03-010 (331953) - Flaw in RPC Endpoint Mapper Could Allow Denial of Service Attacks
MS03-008 (814078) - Flaw in Windows Script Engine Could Allow Code Execution
MS03-007 (815021) - Unchecked Buffer in Windows Component Could Cause Server Compromise
MS03-005 (810577) - Microsoft Security Bulletin MS03-005
MS03-004 (810847) - Cumulative Patch for Internet Explorer
MS03-001 (810833) - Unchecked Buffer in Locator Service Could Lead to Code Execution
MS02-072 (329390) - Unchecked Buffer in Windows Shell Could Enable System Compromise
MS02-071 (328310) - Flaw in Windows WM_TIMER Message Handling Could Enable Privilege Elevation
MS02-070 (329170) - Flaw in SMB Signing Could Enable Group Policy to be Modified
MS02-068 (324929) - Cumulative Patch for Internet Explorer
MS02-066 (328970) - Cumulative Patch for Internet Explorer
MS02-063 (329834) - Unchecked Buffer in PPTP Implementation Could Enable Denial of Service Attacks
MS02-062 (327696) - Cumulative Patch for Internet Information Service
MS02-055 (323255) - Unchecked Buffer in Windows Help Facility Could Enable Code Execution
MS02-050 (Q329115) - Certificate Validation Flaw Could Enable Identity Spoofing
Was this reply helpful? (0) (0)