14 DAY TRIAL // The third and final service pack for Windows XP is not even out, and Microsoft is already hammering away at it plugging security soles. Although it debuted in full development alongside Windows Vista SP1, Windows XP Service Pack 3 is yet to be finalized with the delivery planned by mid-2008. Since the end of March 2008, Microsoft managed to sweep XP SP3 under the rug, but until the past month, the service pack was very much still a work in progress.
Case in point the first security vulnerability affecting XP SP3, fixed even before the service pack was finalized. Sometime between late February and the end of March, the Redmond company solved an issue in the Windows graphics device interface. When it released Microsoft Security Bulletin MS08-021 labeled with a maximum severity rating of Critical, Microsoft stated that despite the fact that all Widows operating system, either on the server or on the client's side were affected, XP SP3 was not.
The reason for this, spotted by ComputerWorld over on the Microsoft Forum is the fact that update 948590 had already been integrated into XP SP3 when the company released Release Candidate 2 Build 5508. Microsoft's Shashank Bansal, answering to an user report of failed integration of KB948590 with XP SP3, revealed that the "issue happens with 3311 build of XP SP3. RC2 Refresh build 5508 does not encounter this issue. It happens because KB948590 stops installation of SP3 version of gdi32.dll on the system due to file version differences."
The security bulletin designed to patch the GDI vulnerabilities affected a wide array of Windows operating systems including Vista SP1 and Windows Server 2008. Also XP SP3 RC2 Build 3311 seems to have been vulnerable, but the issue was solved with the release of XP SP3 RC2 Refresh Build 5508. "The KB mentioned was released post 3311. As 3311 build carried updated released till the date it went public, the new KB was not included. The KB carried a version of gdi32 higher than 3311 (as it was released later). This caused the difference," Bansal added.
Windows XP Service Pack 3 Release Candidate 2 Refresh can be downloaded from here.