Microsoft Corp. is flatly denying what it calls "misguided reports" of a flaw in its new Windows XP Service Pack 2 upgrade that exposes security information to hackers. The flaw, announced in trade publications last week, allegedly affects the new Windows Security Center, a kind of dashboard for Windows users to monitor security settings. They said a coding defect in the Windows Management Instrumentation database - which the Security Center mines for information - allows hackers to manipulate the dashboard's display. But Friday, the Redmond, Wash.-based software giant acknowledged another SP2 snafu that prevents the upgrade from working with computers operating 64-bit microprocessors made by Advanced Micro Devices and suggested delaying SP2's installation in those machines until the matter can be addressed. With the defect reported Wednesday, hackers could turn the computer into a "zombie" for spam or virus distribution or sift it for private information, without detection, the trade publications said. Microsoft first responded to the allegation by saying only that its technicians were investigating the matter. Then it issued a statement disputing the trades' claim as ill-informed. Any security compromise in this instance, Microsoft said, likely would be the fault of the computer user, not the software. "In order for an attacker to spoof the Windows Security Center, he or she would have to have local administrator rights on the computer," Microsoft said in its statement, informs STLtoday. According to PCWorld, Windows XP is a safe and secure operating system. Really, it is--as long as you don't connect it to the Internet. To be fair, other operating systems, including Linux and Mac OS X, are vulnerable to online attacks, too. But Windows gets more attention, and hackers were quick to discover serious flaws in the OS that made possible the Blaster and Sasser worms, along with a legion of other exploits. Trying to make Windows more secure, Microsoft released Windows XP Service Pack 1 in 2003, and Service Pack 2 recently. Whereas SP1 focused on remedying antitrust violations with bundled Windows utilities, almost all of SP2 is devoted to beefing up Internet security. SP2 doesn't thoroughly shield you from attacks, but it's definitely worth installing for its firewall improvements, Internet Explorer pop-up blocking, and security-configuration changes. Once you've installed it, you'll probably want to tweak some of SP2's new settings, and to know where--tweaked or not--the reinforced OS remains vulnerable. SP2's most noticeable change to Windows XP is its introduction of a new Security Center Control Panel applet (see FIGURE 1). Security Center itself doesn't do much, but it provides a single location where you can view the status of the Windows Firewall (formerly known as Internet Connection Firewall) and of Windows' Automatic Updates service. The utility also tracks if you have an antivirus program installed, running, and updated. If any of these three key security tools has been disabled or is less than fully functional, Security Center changes their corresponding status lights from green to either red or amber. The program also displays a warning icon in the system tray. A red light means that you should probably take steps to beef up security in the indicated area. An amber light signifies a service that is only partly enabled, or that a third-party product handles. The service pack is notable mostly for a variety of new security features, including fixes to many known problems, a new version of the Windows Firewall that is turned on by default, and a new security center. You can read all about these features in our full Windows XP SP2 report. Instead, I want to focus on what it's like living with the final version of SP2, on the other new features, and on the controversy over some of these security features. People who were beta-testing SP2, members of Microsoft TechNet, home users with automatic updates on, and many corporate customers have been able to get SP2 for a couple of weeks now, and many of us at PC Magazine have been running this version. Along the way, we've fielded a lot of questions from Windows users, publishes ABCNEWS.
Read earlier news stories by PRAVDA.Ru