Windows XP SP3 Overview
I guess by now many would have head about the Microsoft Windows XP SP3 pushout. Many might ask, so what is this about? Is this another major fix that is going to break some other applications?
The answer is NO!
Before we begin describing why not, let's go ahead to look at what are the updates.
Previously Released Functionality
|
Functionality |
Description |
|
MMC 3.0 |
MMC 3.0 is a framework that unifies and simplifies day-to-day system management tasks in Windows by providing common navigation, menus, toolbars, and workflow across diverse tools. Microsoft Knowledge Base article 907265 describes this functionality in detail. |
|
MSXML6 |
MSXML6 provides better reliability, security, and conformance with the XML 1.0 and XML Schema 1.0 W3C Recommendations. It also provides compatibility with System.XML 2.0. |
|
Microsoft Windows Installer 3.1 v2 (3.1.4000.2435) |
Windows Installer 3.1 is a minor update to Windows Installer 3.0, which Microsoft released in September 2004. Windows Installer 3.1 contains new and enhanced functionality. Additionally, Windows Installer 3.1 addresses some issues that Microsoft found in Windows Installer 3.0. Microsoft Knowledge Base article 893803 describes this functionality. |
|
Background Intelligent Transfer Service (BITS) 2.5 |
BITS 2.5 is required by Microsoft System Center Configuration Manager 2007 and Windows Live™ OneCare™. BITS 2.5 helps improve security. If you use BITS to transfer data, the new features also improve flexibility. Microsoft Knowledge Base article 923845 describes BITS 2.5. |
|
IPSec Simple Policy Update for Windows Server 2003 and Windows XP |
This update helps simplify the creation and maintenance of IPSec filters, reducing the number of filters that are required for a server and domain isolation deployment. The Simple Policy Update removes the requirement for explicit network infrastructure permit filters and introduces enhanced fallback to clear behavior. Microsoft Knowledge Base article 914841 describes this previously released update in more detail. |
|
Digital Identity Management Service (DIMS) |
DIMS make it possible for users who log on to any domain-joined computer to silently access all of their certificates and private keys for applications and services. |
|
Peer Name Resolution Protocol (PNRP) 2.1 |
This update enables Windows XP SP3–based programs that use PNRP to communicate with Windows Vista programs that use PNRP. Microsoft Knowledge Base article 920342 describes this previously released update. |
|
Remote Desktop Protocol 6.1 |
Remote Desktop Protocol (RDP) used for communication between the Terminal Server and the Terminal Server Client. RDP is encapsulated and encrypted within TCP. This update better facilitates communication between machines running Windows XP and Windows Vista. Knowledge Base article 186607 describes RDP. Knowledge base article 951616 describes RDP 6.1. |
|
Wi-Fi Protected Access 2 (WPA2) |
This update to Windows XP provides support for WPA2, the latest standards-based wireless security solution derived from the IEEE 802.11i standard. Microsoft Knowledge Base article 893357 describes this update. |
New and Enhanced Functionality
|
Functionality |
Description |
|
"Black Hole" Router Detection |
Windows XP SP3 includes improvements to black hole router detection (detecting routers that are silently discarding packets), turning it on by default. |
|
Network Access Protection (NAP) |
NAP is a policy enforcement platform built into Windows Vista, Windows Server 2008, and Windows XP SP3 with which you can better protect network assets by enforcing compliance with system health requirements. Using NAP, you can create customized health policies to validate computer health before allowing access or communication; automatically update compliant computers to ensure ongoing compliance; and optionally confine noncompliant computers to a restricted network until they become compliant. For more information about NAP, see Network Access Protection: Frequently Asked Questions. |
|
CredSSP Security Service Provider |
CredSSP is a new Security Service Provider (SSP) that is available in Windows XP SP3 via Security Service Provider Interface (SSPI). CredSSP enables an application to delegate the user’s credentials from the Client (via Client side SSP) to the target Server (via Server side SSP). Windows XP SP3 involves only the Client side SSP implementation and is currently being used by RDP 6.1 (TS), though it can be used by any third party application willing to use the Client side SSP to interact with applications running Server side implementations of the same on Vista / LH Server.
There is a technical specification of this SSP available at the Microsoft Download Center.
Note that CredSSP is turned OFF by default in Windows XP SP3. To enable CredSSP, administrators can modify the following registry keys:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
In the value “Security Packages” of type REG_MULTI_SZ, add “tspkg” in addition to SSP-specific data already present.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders]
In the value “SecurityProviders” of type REG_SZ, add “credssp.dll” in addition to SSP-specific data already present.
|
|
Descriptive Security Options User Interface |
The Security Options control panel in Windows XP SP3 now has more descriptive text to explain settings and prevent incorrect settings configuration. Figure 1 shows an example of this new functionality. |
|
Enhanced security for Administrator and Service policy entries |
In System Center Essentials for Windows XP SP3, Administrator and Service entries will be present by default on any new instance of policy. Additionally, the user interface for the Impersonate Client After Authentication user right will not be able to remove these settings. |
|
Microsoft Cryptographic Module |
Implements and supports the SHA2 hashing algorithms (SHA256, SHA384, and SHA512) in X.509 certificate validation. This has been added to the crypto module rsaenh.dll.
XP SP2 crypto modules Rsaenh.dll/Dssenh.dll/Fips.sys had been certified according to FIPS 140-1 specifications. The Federal Information Processing Standard (FIPS) 140-1 standard has been replaced by FIPS 140-2, and these modules have been validated and certified according to this standard. For more information, see the Microsoft Kernel Mode Cryptographic Module. |
|
Windows Product Activation |
As in Windows Server 2003 SP2 and Windows Vista, users can now complete operating system installation without providing a product key during a full, integrated installation of Windows XP SP3. The operating system will prompt the user for a product key later as part of Genuine Advantage.
As with previous service packs, no product key is requested or required when installing Windows XP SP3 using the update package available through Microsoft Update.
Note The Windows Product Activation changes in Windows XP SP3 are not related to the Windows Vista Key Management Service (KMS). This update affects only new operating system installations from integrated source media. This update affects the installation media only and is not a change to how activation works in Windows XP. |
Click here to download complete overview
Basically the new features isn't particularly noteworthy, and the rest has been available already through Windows Update.
SP3 functions primarily as a collection of past fixes with a few security additions. SP3 is most certainly essential for anyone who hasn't applied SP2, and for those who haven't kept up with the Windows Update downloads, but if you've been on top of things, SP3 won't do much for you.
The most obvious new additions are the latest versions of Microsoft's browser and media player—Media Player 11 and Internet Explorer 7.0—both of which have been downloadable for quite some time. You'll also notice (if you look hard enough) new and clearer descriptions of some settings in the Control Panel Security Options applet, changes designed to help users avoid configuring system security incorrectly. The only other significant user-interface modification lies with the taskbar, which no longer has the Address Bar—a change Microsoft describes as a regulatory request.
Click here to read more from PC Mag