We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,258 News Articles

Microsoft fixes Windows bug in XP SP3 first

Attackers exploit Windows bug despite XP fix

"The KB [948590] mentioned was released post 3311," said Bansal, talking about the GDI fixes. "The KB carried a version of gdi32 higher than [the version included in] 3311 (as it was released later). This caused the [file version] difference."

The file version conflict caused the reboot error, but affected only users who had patched their copies of Windows XP SP2 with the GDI fixes, then subsequently tried to upgrade to SP3 using an older build of the service pack.

As Bansal had hinted, upgrading with XP SP3 Build 5508 would not create the endless reboot problem, because its version of gdi32.dll was the same as that rolled out last week as part of Patch Tuesday. Comparison of the gdi32.dll files showed as much: the file included with XP SP3 build 5508 was called version 5.1.2600.5508 and date-stamped as February 28. The patched version issued last week by Microsoft for the 32bit edition of Windows XP SP2 was called version 5.1.2600.3316 and dated February 20.

Last week, Microsoft's MS08-021 security bulletin - the one which explains the GDI vulnerabilities - noted that "Windows XP Service Pack 3 is not affected by this vulnerability". But on Friday, after PC Advisor's sister title Computerworld US asked Microsoft for more information about why XP SP3 was not affected by the GDI bugs, the company yanked the reference to XP SP3 from the bulletin.

A Microsoft spokeswoman said the mention had been a mistake. "The inclusion of Windows XP SP3, which is still in beta, was an editorial oversight," she said. However, she did not provide an explanation why other recent operating system updates - notably Vista SP1 and Server 2008 - had not been patched prior to their release.

The simplest explanation, said Andrew Storms, director of security operations at nCircle Network Security, was one of timing. "I prefer to stick with the simplest possibility - Microsoft already knew about the vulnerability and had already delivered [the patch] as part of SP3," Storms said on Friday.

That turned out to be true, as XP SP3 Build 5508 - with the patched gdi32.dll - was made available two weeks before Microsoft patched the component in the rest of its Windows portfolio.

However, according to the date stamps of the gdi32.dll files included with last week's patches, fixes for Vista SP1 and Server 2008 were finished February 21 and February 22, nearly three weeks after both operating systems were designated as release to manufacturing (RTM) and shipped to OEMs and duplicators.


IDG UK Sites

Black Friday 2014 tech deals UK Live: Best Black Friday deals from Apple, Amazon, Argos, eBay,...

IDG UK Sites

Black Friday feeding frenzy infects the UK

IDG UK Sites

VAT MOSS: Will I be affected by the EU VAT changes? Here are the facts for designers and artists

IDG UK Sites

Black Friday 2014 UK: Apple deals, Amazon deals & Black Friday tech offers