Answering critics, Microsoft patches XP

Microsoft Corp. has responded to criticism from users and issued a software patch for a major security vulnerability in the Windows XP operating system, reversing an earlier decision to require users to upgrade to Windows XP Service Pack 1 to remove the vulnerability.

The security hole exists in the Windows XP Help and Support Center and affects the Microsoft Windows XP Home Edition, Professional, and 64-Bit Edition operating systems, according to information posted on Microsoft's product support Web site.

By taking advantage of a flaw in code for a feature that sends information on new hardware to Microsoft, an attacker could remotely access a vulnerable machine from a Web page or a link in an e-mail formatted in HTML. Files on the vulnerable machine could be opened or deleted using the vulnerability, according to information posted on Microsoft's Web site.

Soon after the discovery of the vulnerability, Microsoft issued Service Pack 1 for Windows XP, which patched the vulnerability in addition to a number of other security holes in the XP operating system. Initially, the company refused to issue a separate patch for the vulnerability, citing company policy that favored the use of service packs over patches when fixing vulnerabilities.

The company almost immediately encountered resistance to the hard line approach from across its customer base, however.

Home users who connected to the Internet using dial-up modems objected to the large size of the service pack. According to Microsoft's Web site, the 30M-byte file would take about 90 minutes to download using a 56K-bps (bit-per-second) modem. Some business users balked at the prospect of rolling out such a large and sophisticated software update without thoroughly testing it on their own networks.

One software developer and security expert even published free software on the net to patch the vulnerability without Service Pack 1.

There were also scattered reports of computers or applications crashing following the upgrade.

Last week, however, Microsoft appeared to have abandoned their position on requiring the upgrade to Windows XP Service Pack 1, quietly releasing a security bulletin and a software patch for the Help and Support Center vulnerability that can be installed separately from the service pack. (See also posted a revised statement on their Web site regarding the vulnerability that explained the company's change of heart. (See"In this case, we heard from some customers that they have not yet found sufficient time to fully test and deploy Service Pack 1 in order to protect their systems," the statement read, in part. "In recognition of the heightened awareness and customer concern around this issue, Microsoft is working to release an independent fix for this vulnerability."

The revised statement also refuted claims that the company knew about and tried to conceal the vulnerability, and criticism over the refusal to post work-around instructions for the vulnerability in advance of the patch.

"It has been suggested that Microsoft has tried to hide this issue. This is not true," the statement read, pointing to a Microsoft Knowledge Base article on the vulnerability and noting that the list of fixed security holes that accompanied Service Pack 1 included a reference to the Help and Support Center vulnerability.

In response to the criticism for not posting a work-around for the vulnerability, Microsoft stated that no work-around short of a software fix was possible, and indicated that published fixes from third parties were not effective.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Paul Roberts

Show Comments

Cool Tech

Toys for Boys

Family Friendly

Stocking Stuffer

SmartLens - Clip on Phone Camera Lens Set of 3

Learn more >

Christmas Gift Guide

Click for more ›

Brand Post

Most Popular Reviews

Latest Articles


PCW Evaluation Team

Aysha Strobbe

Microsoft Office 365/HP Spectre x360

Microsoft Office continues to make a student’s life that little bit easier by offering reliable, easy to use, time-saving functionality, while continuing to develop new features that further enhance what is already a formidable collection of applications

Michael Hargreaves

Microsoft Office 365/Dell XPS 15 2-in-1

I’d recommend a Dell XPS 15 2-in-1 and the new Windows 10 to anyone who needs to get serious work done (before you kick back on your couch with your favourite Netflix show.)

Maryellen Rose George

Brother PT-P750W

It’s useful for office tasks as well as pragmatic labelling of equipment and storage – just don’t get too excited and label everything in sight!

Cathy Giles

Brother MFC-L8900CDW

The Brother MFC-L8900CDW is an absolute stand out. I struggle to fault it.

Luke Hill


I need power and lots of it. As a Front End Web developer anything less just won’t cut it which is why the MSI GT75 is an outstanding laptop for me. It’s a sleek and futuristic looking, high quality, beast that has a touch of sci-fi flare about it.

Emily Tyson

MSI GE63 Raider

If you’re looking to invest in your next work horse laptop for work or home use, you can’t go wrong with the MSI GE63.

Featured Content

Product Launch Showcase

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?