Microsoft sticks to plan, denies emergency patch for XP SP2

Some had hoped it would bend the rules to fix critical flaw

1 2 Page 2
Page 2 of 2

Earlier in the day, however, Budd had been more forthcoming. "Now that those products are no longer publicly supported, we do not call them out in our security bulletins, and we do not provide support for those products, which means that there is no security update for those products," Budd said during the Webcast, which kicked off at 4 p.m. ET.

An audio recording of the Webcast is available on Microsoft's site.

However, Microsoft confused some customers when the Download Center description for the shortcut bug fix initially listed both Windows XP SP3 and Windows XP SP2 as supported operating systems.

"That's actually an error on the Download Center text, and something that we are addressing as soon as possible," Budd said during the Q&A portion of the Webcast. Microsoft later revised the download's system requirements section by striking the reference to XP SP2.

Because users running Windows XP SP2 will never be offered an update for the shortcut bug -- or for any other future vulnerabilities for that matter -- Microsoft has been urging customers to upgrade to XP SP3 or a newer version such as Windows 7.

Failing that, users who decide to stick with XP SP2 have several options, including doing nothing, implementing the shortcut-disabling workaround that Microsoft first recommended, or installing Sophos' free tool that blocks malicious shortcuts from executing attack code.

The Sophos tool works on Windows XP SP2, but not on Windows 2000.

Minus a patch, workaround or other protection, Windows XP SP2 users will remain vulnerable to current and future exploits. "Users need to work on an upgrade strategy, as without patch support they will become increasingly susceptible to attacks from malware," Kandek said.

Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer or subscribe to Gregg's RSS feed . His e-mail address is gkeizer@ix.netcom.com.

Copyright © 2010 IDG Communications, Inc.

1 2 Page 2
Page 2 of 2
Download: EMM vendor comparison chart 2019
  
Shop Tech Products at Amazon