Microsoft patched critical Windows bug in XP SP3 early

The appearance and disappearance of a Windows XP installation snafu indicates that Microsoft patched a critical vulnerability in XP's still-unfinished Service Pack 3 (SP3) weeks before it fixed any other version of Windows. The glitch, which sent some PCs into an endless round of reboots, was strangely similar to one faced by Vista users in February. Attackers have already tried to exploit that bug, which was patched last Tuesday -- as it turned out, two weeks after the newest build of Windows XP SP3 was released with the flaw fixed.

According to reports from multiple users on a Microsoft support newsgroup, PCs began rebooting immediately after they had been updated to SP3. "I have just updated my pc from xp sp2 to sp3," said a user identified as "yaojinglin" in a message to a SP3 support forum last Thursday. "The installation was successful, but when I reboot my pc after the installation finished, my pc started to reboot again and again."

On the XP SP3 support threads, a Microsoft representative named Shashank Bansal stepped into the rebooting discussion, which was beginning to seem as endless as the rebooting itself. Bansal asked for more information, then offered an explanation: "This issue happens with 3311 build of XP SP3. It happens because KB948590 stops installation of SP3 version of gdi32.dll on the system due to file-version differences."

View: Full Story @ InfoWorld

Report a problem with article
Previous Story

Microsoft Exec Rages Against Vista Upgrade 'Hack'

Next Story

Windows XP SP3 Release Dates

11 Comments

Commenting is disabled on this article.

(Skyfrog said @ #4)
Why is SP3 taking so long?

Because it will make Microsoft no money Anyone can update XP to the latest patch level, so they have fulfilled their obligation. The people chomping at the bit for XP SP3 are also those very likely to pay for a Vista upgrade! Go figure! :suspicious:

(boho said @ #4.1)

Because it will make Microsoft no money Anyone can update XP to the latest patch level, so they have fulfilled their obligation. The people chomping at the bit for XP SP3 are also those very likely to pay for a Vista upgrade! Go figure! :suspicious:

Ever consider that Microsoft wants to be sure that SP3 won't **** up a billion computers???

No, of course not. A security roll up is ALWAYS about money.

(ahhell said @ #4.2)

Ever consider that Microsoft wants to be sure that SP3 won't **** up a billion computers???

No, of course not. A security roll up is ALWAYS about money.

The problem with that theory is that they had no trouble getting Vista SP1 out in much less time than it's taken SP3 (how long has it been since SP2 came out, over four years?). It's been in the RC stages for ages now it seems. I find it hard to believe that it's taken this long just because they are concerned about it not messing up computers.

This isn't really surprising ... beta software gets updates more frequently than "live" software, since there's less risk.