Microsoft issued an update to MS-08-024 last night, modifying the Critical bulletin to include systems running Internet explorer 7 on Windows XP with Service Pack 3. In other Microsoft news, TechNet and MSDN subscribers are spitting fire over the recent announcement about XP SP3’s release date.
XP SP3 gets a security fix early, TechNet subscribers are slightly upset at having to wait. (IMG:J.Anderson)
You can see this as a negative, but adding SP3 to the security bulletins is actually positive. The addition to the affected software list means that Windows XP Service Pack 3 (32 or 64-bit) has its first security fix. It also means that Microsoft is paying attention, and being proactive. MS08-024 addresses a remote code execution flaw that exists in Internet Explorer 6 and 7. “The vulnerability could allow remote code execution if a user viewed a specially crafted Web page using Internet Explorer,” according to Microsoft. Systems with Internet Explorer 6 running windows XP SP3 (32 or 64-bit) are not affected according to the update.
Also updated was MS07-040, issued in 2007. MS07-040 addresses three issues. Two of these issues could allow remote code execution on client systems with .NET Framework installed, and one could allow information disclosure on Web servers running ASP.NET. Windows XP SP3 is not vulnerable if you run .NET version 3.0 with or without .NET SP1.
If you have already installed these updates, and upgrade to SP3 on XP, you are protected.
The release this week of SP3 to OEM’s is catching heat because TechNet and MSDN subscribers were left out of the release cycle. They will have to wait until general release to test the update. The news that the SP3 timetable for TechNet and MSDN was pushed up until May 2 enraged some users.
“Why is this even happening? Can they not see that after Vista SP1 there would be an outcry about their serious lack of respect for their subscribers? I can't understand why no-one has even attempted to clarify this and why it is the case. If the code was finished on the 13th and you clearly have RTM builds why cant they be added to the subscriber downloads? Why is it some time in ‘the next month’,” reads one post to the TechNet forums.
In February, Microsoft refused to let MSDN and TechNet subscribers download the Service Pack for Vista, remaining a sore spot for many IT shops who pay to get such early releases.
“This is utter stupidity. Hold back SP3 from those of us who have to support deployments. Have the MSDN/TechNet folks lost their minds or are they drinking the same "Vista is great" Kool-Aid as other MS employees. Release SP3 to MSDN/TechNet PRIOR to the public release or be ready for not XP to Vista migrations in 2009 but us to push for more Mac OS X deployments. I've had it with paying for access to YOUR products to support YOUR customers only to be slapped in the face like this. How did the ones who help support MS products now become the enemy?,” another post read.
Microsoft is remaining silent on the issue.
There are currently no comments for this article. Be the first to comment!
Advertising
There are currently no comments for this article. Be the first to comment!