370 likes | 553 Views
Microsoft Windows XP Service Pack 2 Release Candidate 2. David A. Greenberg Lead Security Engineer IT Security Office Office of the Vice President for Information Technology Indiana University. Service Pack 2 Goals. Provide all post SP1 updates and patches More regression testing
E N D
Microsoft Windows XPService Pack 2Release Candidate 2 David A. Greenberg Lead Security Engineer IT Security Office Office of the Vice President for Information Technology Indiana University
Service Pack 2 Goals • Provide all post SP1 updates and patches • More regression testing • Fixing known vulnerabilities not enough • New and enhanced technology added • Network and Memory Protection • Safer e-mail handling • More secure browsing • Additional enhancements
Installation Two distribution channels • Windows Update • http://v5.windowsupdate.microsoft.com/ • Full Network package • Can be extracted using: • Xpsp2.exe /U /X:c:\xpsp2 • update.msi can be used for a group policy deployment of SP2 • Update\update.exe /S can be used for slipstream
Network Protection • Alerter and Messenger Service Disabled • Distributed Component Object Model (DCOM) ACLs expanded
Network Protection • Remote Procedure Call (RPC) interface eliminates remote anonymous connections • WebDAV Redirector • Windows Media Player 9 Series • Windows Messenger • Windows Network Setup Wizard
Windows Installer 3.0 • Smaller and more reliable patches • Not prompted for install media as often • Improved patch removal ability • Sequencing • FTP and GOPHER is no longer supported • Installer service is no longer interactive
On by default Boot time security Global configuration Local subnet restriction Command line support Netsh Exceptions List No exceptions mode Multiple Profiles Domain and non-domain Unattended Setup Support Group Policy Support Windows Firewall
Remote Administration Tools • Blocked by default from remote locations • Computer Management • Device Manager • Event Viewer • Group Policy Management • Local Users and Groups • Services • Shared Folders • WMI Control
Memory ProtectionData Execution Prevention • Memory protection technology • Memory locations are marked as non-executable and executable. • Should help prevent or even eliminate buffer overruns.
Safer e-mail handlingOutlook Express • Plain text mode for reading e-mail • Behind the scenes security enhancement • Don’t download external HTML option • Developer changes to the way attachments are opened
Safer Web BrowsingInternet Explorer • Download and attachment enhancements • MIME file type agreement enforcement
Download and attachment enhancements • Users will see a redesigned pop up box when downloading and installing programs • Simple and Advanced view
Internet Explorer Information Bar • Replaces many balloon text and pop up boxes • Designed to be unobtrusive and less confusing
Pop up blocker • Enabled by default • Regardless of settings, pop ups can not open outside of visible desktop • Trusted sites and Local Intranet Zones never block pop ups
Automatic Updates • More choices, prioritized, consolidated • Critical updates (same as pre SP2) • Security updates • Update roll-ups • Service Packs • Future - Products including • Microsoft Office, Microsoft SQL Server
Automatic Updates • Background Intelligent Transfer Service (BITS) 2.0 • Less bandwidth needed • More configurable than version 1 • Automatic Updates configurable through group policy • Improved Update Applicability Rules
Windows Update • Windows Update • For components that shipped with the Operating System • Microsoft Update (planned) • Not currently available • For all other Microsoft products. • SQL, Exchange, Office
Security Center • Firewall • Virus Protection • Automatic Updates • Controlled through Group Policy in a domain environment
Windows XP SP2 http://www.microsoft.com/SP2Preview Changes in Functionality in Microsoft Windows XP Service Pack 2 http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/sp2chngs.mspx • Network and Memory Protection • Safer e-mail handling • More secure browsing • Additional enhancements
Microsoft Windows XPService Pack 2Release Candidate 2 David Greenberg Lead Security Engineer IT Security Office Office of the Vice President for Information Technology Indiana University