What's new in XP SP3? Not much, according to the first version of the service pack's release notes, which are available on Microsoft's Web site.
As befits a service pack, especially the last of its kind -- this will undoubtedly be the final SP for XP -- SP3 is mostly about patches and hotfixes and other updates that have been issued incrementally since 2004, when Microsoft pushed Windows XP SP2 out the door.
But there are some new features. Most notably, it appears that Microsoft has kept its promise to upgrade the random number generator. Last November, remember, a team of Israeli researchers, led by Benny Pinkas at the University of Haifa, argued that attackers could exploit a weakness in Windows 2000's pseudo-random number generator (PRNG) to predict encryption keys. After some hemming and hawing, Microsoft acknowledged that Windows XP shared the bug, and said it would fix the flaw in SP3.
In the release notes, under the heading of "Microsoft Kernel Mode Cryptographic Module," Microsoft said that SP3 now "implements and supports the SHA2 hashing algorithms (SHA256, SHA384, and SHA512) in X.509 certificate validation." And that the "Federal Information Processing Standard (FIPS) 140-1 standard has been replaced by FIPS 140-2, and these modules have been validated and certified according to this standard."
FIPS, which stands for Federal Information Processing, is a US government security standard.
How long before SP3 goes final? Microsoft's not saying. All along, the six-month spread of the first half of 2008 has been as much as the company would admit.
But we think it's close. Here are the tea leaves we're reading:
- Microsoft seeded Vista SP1 RC Refresh to testers via Windows Update on January 9, then posted it for public download January 11. A little more than three weeks later it shipped the service pack out the door. Using a similar timetable puts XP SP3 as wrapping up around the middle of March. If Microsoft takes SP3 RTM on a Monday, as it did Vista SP1, we've circled March 17.
- The stress test of WU is a second clue; we've already covered that.
To ditch SP3 and return to (presumably) SP2, open "Add or Remove Programs" from Control Panel, check the "Show Updates" box, then scroll to the bottom of the listing. Select "Windows XP Service Pack 3" and then click the "Remove" button.
The PC needs to reboot, but after that the machine should return to its prior state.