Microsoft Patches the Patch

More fixes on the way.

Huh. Interesting.

I've had SP2 on this computer for over a week now and no problems here *knock on computer desk* The pop up blocker works great. My cable connection works fine even behind my router AND the firewall. And it's survived my two sons as well...*LOL*

When is SP3 coming out?

When is SP3 coming out?

2009.

The Microsoft support folks got a week of training on dealing with patch problems before it was released.

My company looked at it and decided they'd need some time to come up with fixes of their own before giving the patch to us so it wouldn't bust half our applications in the meantime.

SNAFU

This looks like a good place for some penguins - before Bush2000 tells all of these people how this broken patch is actually a new feature.

My company said the same thing. They also said that they may never install it, as IT may be able to fix the problems better themselves.

I'm still running 2000 Pro at work, and I'm happy with it. I tell IT, please don't make me upgrade to something that doesn't run any better, just because there is a new toy on the blocck.

I liked NT 4.0, for that matter.

I look at these MS "fixup" threads and shake my head in amazement with what people put up with. Slack or die.

This looks like a good place for some penguins - before Bush2000 tells all of these people how this broken patch is actually a new feature.

Don't worry. He's busy suing all those open source patent infringers.

This was to be expected. Glad I've got Auto Updates disabled otherwise they'll be patches downloading continuously the way it's going with this SP2.

SP2 Stuff....

Microsoft Patches the Patch

Windows XP Service Pack 2 gets a 'hotfix' for VPNs, part of the never-ending process of software development.

Stuart J. Johnston, special to PC World
Thursday, August 19, 2004

Microsoft is only partway into delivering the long-awaited Service Pack 2 for Windows XP to users, yet it has already begun releasing fixes for problems that the mammoth update can cause, however inadvertently. The company has issued what is likely the first of several "hotfix" patches, which developers and analysts say are just a fact of PC life.

"Writing software is a complicated endeavor done by humans, [and] we don't see SP2 as the be-all and end-all, that there will no longer be a need for future patches," says Rob Enderle, principal analyst for technology analysis firm The Enderle Group.

So if you're looking for Windows XP SP2 to solve all present and future problems, keep dreaming. Meanwhile, though, only a tiny fraction of Windows XP users will need to get the new hotfix, released earlier this week not long after SP2 became available. A hotfix is a patch that addresses a specific problem, usually for only one or a few customers, and is not generally distributed to the vast majority of users.

Fixing a Glitch
This first hotfix for Windows XP SP2 patches a problem that SP2 creates for some users of virtual private networks, telecommunications software that is generally used to let workers connect securely--usually to a corporate computer--from a remote location such as home or the road.

The good news is that very few users actually need this patch, according to Ryan Burkhardt, lead program manager for Windows XP SP2 at Microsoft. Additionally, most, if not all, affected VPN users will get the hotfix through their employer's IT department.

Its release, especially so soon after the service pack's rollout, is a reminder that no software is ever perfect, and over time it will need to be patched repeatedly. In addition, because of the popularity of Windows, many people--both crackers and legitimate security researchers--are constantly searching for as yet undiscovered security flaws that can be exploited.

For instance, earlier this week German Internet security portal Heise Security published a security bulletin describing two holes in SP2.

Are they actually bugs? That's still in question, because Microsoft usually does not acknowledge previously unknown security flaws until it has tested and verified the problems and is ready to patch them.

Serving Customers
Security has been a dominant focus, as well as a major source of pain, for the software giant over the past few years, particularly as the world moved onto the Web. Microsoft has touted SP2 for nearly a year as a heavyweight advance in securing users' PCs from attack.

However, Microsoft execs like to say that their toughest competition is the huge installed base of previous versions of its own products. Despite all the focus on Windows XP, that statement is quite true.

Last January, Microsoft buckled under user demands and agreed to continue to provide patches rated "critical" on its four-tier severity rating scale for Windows 98, Windows 98 Second Edition, and Windows Millennium Edition. The company extended the support a year and a half beyond its intended expiration, until June 30, 2006.

But although Microsoft has been diligent about patching its more recent Windows versions since that announcement, its developers have lagged in posting patches for Windows 98 and Me users. Two recently announced security holes have not yet been patched for those older systems. One patch, MS04-023, is five weeks behind the Windows XP equivalent, while a second patch, MS04-025, is nearly three weeks late.

A Microsoft spokesperson reaffirmed promises that the company will continue to release critical updates for Windows 98, 98 SE, and Me, but declined to commit to a timeframe. Nor would the spokesperson say whether patches might arrive at the same time as patches for newer Windows versions. She also declined to comment on why the patches for the older operating systems are running behind--although it's likely Microsoft's developers have been focused on deploying XP SP2 and quickly patching any consequent bugs.

Harder to Reach
If you use Windows 98, 98 SE, or Me, however, you're far from alone. More than 40 million PC users worldwide still run the older operating systems, says research firm IDC. And Microsoft CEO Steve Ballmer recently said an estimated 650 million PCs are in use globally, which would mean that roughly 1 in 16 users still has one of those older systems.

Luckily, say analysts, many of those users of aging software are not connected to the Internet. Many who are online use only dial-up connections, so they are likely to spend less time online and are at smaller risk of attack than business or home users with broadband connections.

Nevertheless, Microsoft has an admitted responsibility to keep protecting those customers, industry watchers say.

"It's still a large number of people who potentially are impacted," says Dan Kusnetzky, vice president of system software research at IDC.

Related Topics: Windows Bugs: http://www.pcworld.com/resource/browse/0,cat,1223,sortIdx,1,00.asp

Well, that's good news. We'll have to see what happens. I imagine some will still take a wait and see before deciding whether or not to install XP SP 2.