Riprendo doverosamente il post di Renato sul blog Technet che annuncia appunto la disponibilità definitiva del Windows XP Service Pack 3 sia su Windows Update che sul Microsoft Download Center. Dico "definitiva" perché avrete notato in questi giorni una anomala sospensione della sua disponibilità (e di quella del SP1 di Windows Vista): un problema di compatibilità dell'ultimo minuto relativa al prodotto Microsoft Dynamics Retail Management System ha richiesto di fermare le rotative per mettere in campo il meccanismo di filtering ed evitare che i clienti dotati di questo prodotto possano inavvertitamente installare questi service pack. Quindi vi raccomando, questa volta più che mai (anche tenuto conto della distanza dal suo precedente service pack e quindi della sua corposità...), di consultare le informazioni disponibili pre-installazione (Release Notes, - di solito ignorate...;-)... - , FAQ e note relativa alla gestione di pre-release di IE, tutte opportunamente raccolte da Renato e Giorgio sul blog Technet).
Background Intelligent Transfer Service (BITS) 2.5
BITS 2.5 is required by Microsoft System Center Configuration Manager 2007 and Windows Live™ OneCare™. BITS 2.5 helps improve security. If you use BITS to transfer data, the new features also improve flexibility. Microsoft Knowledge Base article 923845 describes BITS 2.5.
IPSec Simple Policy Update for Windows Server 2003 and Windows XP
This update helps simplify the creation and maintenance of IPSec filters, reducing the number of filters that are required for a server and domain isolation deployment. The Simple Policy Update removes the requirement for explicit network infrastructure permit filters and introduces enhanced fallback to clear behavior. Microsoft Knowledge Base article 914841 describes this previously released update in more detail.
Digital Identity Management Service (DIMS)
DIMS make it possible for users who log on to any domain-joined computer to silently access all of their certificates and private keys for applications and services.
Wi-Fi Protected Access 2 (WPA2)
This update to Windows XP provides support for WPA2, the latest standards-based wireless security solution derived from the IEEE 802.11i standard. Microsoft Knowledge Base article 893357 describes this update.
e quelle nuove:
Network Access Protection (NAP)
NAP is a policy enforcement platform built into Windows Vista, Windows Server 2008, and Windows XP SP3 with which you can better protect network assets by enforcing compliance with system health requirements. Using NAP, you can create customized health policies to validate computer health before allowing access or communication; automatically update compliant computers to ensure ongoing compliance; and optionally confine noncompliant computers to a restricted network until they become compliant. For more information about NAP, see Network Access Protection: Frequently Asked Questions.
CredSSP Security Service Provider
CredSSP is a new Security Service Provider (SSP) that is available in Windows XP SP3 via Security Service Provider Interface (SSPI). CredSSP enables an application to delegate the user’s credentials from the Client (via Client side SSP) to the target Server (via Server side SSP). Windows XP SP3 involves only the Client side SSP implementation and is currently being used by RDP 6.1 (TS), though it can be used by any third party application willing to use the Client side SSP to interact with applications running Server side implementations of the same on Vista / LH Server. There is a technical specification of this SSP available at the Microsoft Download Center. [...]
Descriptive Security Options User Interface
The Security Options control panel in Windows XP SP3 now has more descriptive text to explain settings and prevent incorrect settings configuration. Figure 1 shows an example of this new functionality.
Figure 1. Security options explanatory text
Enhanced security for Administrator and Service policy entries
In System Center Essentials for Windows XP SP3, Administrator and Service entries will be present by default on any new instance of policy. Additionally, the user interface for the Impersonate Client After Authentication user right will not be able to remove these settings.
Microsoft Cryptographic Module
Implements and supports the SHA2 hashing algorithms (SHA256, SHA384, and SHA512) in X.509 certificate validation. This has been added to the crypto module rsaenh.dll. XP SP2 crypto modules Rsaenh.dll/Dssenh.dll/Fips.sys had been certified according to FIPS 140-1 specifications. The Federal Information Processing Standard (FIPS) 140-1 standard has been replaced by FIPS 140-2, and these modules have been validated and certified according to this standard. For more information, see the Microsoft Kernel Mode Cryptographic Module.
Windows Product Activation
As in Windows Server 2003 SP2 and Windows Vista, users can now complete operating system installation without providing a product key during a full, integrated installation of Windows XP SP3. The operating system will prompt the user for a product key later as part of Genuine Advantage. As with previous service packs, no product key is requested or required when installing Windows XP SP3 using the update package available through Microsoft Update. [...]
Ho in cantiere una nuova edizione del mio Microsoft Security Portal dove aggiungerò queste nuovi puntatori, stay tuned!