microsoft
Report a problem

Microsoft patched critical Windows bug in XP SP3 early

Steven Parker   on 15 April 2008 - 10:48 · 11 comments & 9255 views

Advertisement (Why?)
The appearance and disappearance of a Windows XP installation snafu indicates that Microsoft patched a critical vulnerability in XP's still-unfinished Service Pack 3 (SP3) weeks before it fixed any other version of Windows. The glitch, which sent some PCs into an endless round of reboots, was strangely similar to one faced by Vista users in February. Attackers have already tried to exploit that bug, which was patched last Tuesday -- as it turned out, two weeks after the newest build of Windows XP SP3 was released with the flaw fixed.

According to reports from multiple users on a Microsoft support newsgroup, PCs began rebooting immediately after they had been updated to SP3. "I have just updated my pc from xp sp2 to sp3," said a user identified as "yaojinglin" in a message to a SP3 support forum last Thursday. "The installation was successful, but when I reboot my pc after the installation finished, my pc started to reboot again and again."

On the XP SP3 support threads, a Microsoft representative named Shashank Bansal stepped into the rebooting discussion, which was beginning to seem as endless as the rebooting itself. Bansal asked for more information, then offered an explanation: "This issue happens with 3311 build of XP SP3. It happens because KB948590 stops installation of SP3 version of gdi32.dll on the system due to file-version differences."

View: Full Story @ InfoWorld

Post a comment · Send to friend Comments · There are 11 additional comments
#1 Ficman on 15 Apr 2008 - 11:04
Well let's hope we see SP3 sometime soon then...
#2 +Kirkburn on 15 Apr 2008 - 11:05
This isn't really surprising ... beta software gets updates more frequently than "live" software, since there's less risk.
(1 reply) #3 m-p{3} on 15 Apr 2008 - 11:53
I prefer they update it right now than post-SP3.
#3.1 buletov on 15 Apr 2008 - 12:16
Indeed.
(3 replies) #4 Skyfrog on 15 Apr 2008 - 12:40
Why is SP3 taking so long?
#4.1 boho on 15 Apr 2008 - 12:57
(Skyfrog said @ #4)
Why is SP3 taking so long?


Because it will make Microsoft no money Anyone can update XP to the latest patch level, so they have fulfilled their obligation. The people chomping at the bit for XP SP3 are also those very likely to pay for a Vista upgrade! Go figure!
#4.2 ahhell on 15 Apr 2008 - 13:01
(boho said @ #4.1)
(Skyfrog said @ #4)
Why is SP3 taking so long?


Because it will make Microsoft no money Anyone can update XP to the latest patch level, so they have fulfilled their obligation. The people chomping at the bit for XP SP3 are also those very likely to pay for a Vista upgrade! Go figure!




Ever consider that Microsoft wants to be sure that SP3 won't **** up a billion computers???

No, of course not. A security roll up is ALWAYS about money.
#4.3 Skyfrog on 15 Apr 2008 - 17:59
(ahhell said @ #4.2)
(boho said @ #4.1)
(Skyfrog said @ #4)
Why is SP3 taking so long?


Because it will make Microsoft no money Anyone can update XP to the latest patch level, so they have fulfilled their obligation. The people chomping at the bit for XP SP3 are also those very likely to pay for a Vista upgrade! Go figure!




Ever consider that Microsoft wants to be sure that SP3 won't **** up a billion computers???

No, of course not. A security roll up is ALWAYS about money.


The problem with that theory is that they had no trouble getting Vista SP1 out in much less time than it's taken SP3 (how long has it been since SP2 came out, over four years?). It's been in the RC stages for ages now it seems. I find it hard to believe that it's taken this long just because they are concerned about it not messing up computers.
#5 jingarelho on 15 Apr 2008 - 13:13
if SP3 **** up a billion computers they will tell you that the best choice would be upgrade to VISTA
(1 reply) #6 toadeater on 16 Apr 2008 - 01:14
Another day, another Windows critical vulnerability.
#6.1 GreyWolfSC on 16 Apr 2008 - 02:13
(toadeater said @ #6)
Another day, another Windows critical vulnerability.


Meanwhile, Secunia reports open vulnerabilities:
Windows XP has 208: http://secunia.com/product/22/
Linux kernel 2.6.x has 143: http://secunia.com/product/2719/
OSX has 116: http://secunia.com/product/96/
Vista has 29: http://secunia.com/product/13223/
OS9 has 1: http://secunia.com/product/832/

What exactly is your point? "Another day, another Windows critical vulnerability for each four OSX ones?"

Commenting has either been disabled on this article or you are not logged in. Click here to login or register, its free!

Note: Anonymous commenting is disabled in order to keep the quality of responses to a high standard.

Advertisement (Why?)