Windows XP Service Pack 2 (SP2) became available for download on August 10 and available for deployment via Microsoft Software Update Services (SUS) on August 16. On August 18, Microsoft added SP2 to the Automatic Updates service--but only for Windows XP Home Edition, not for Windows XP Professional Edition. Microsoft delayed XP Pro in deference to corporate customers that wanted additional time to test and prepare for SP2's impact. The new date is reportedly today--August 25. The obvious question is "How many and which corporations are using Automatic Updates, as opposed to SUS or Microsoft Systems Management Server (SMS), to deploy patches to their users' workstations?" Evidently many, including IBM, which has reportedly issued a memo instructing its employees to hold off installing SP2. As mentioned in last week's Security UPDATE, Microsoft has released a tool to block SP2 from being installed by PCs running Automatic Updates and Windows Updates.
Further complicating the already chaotic release of SP2 was the publication by heise Security of a flaw in SP2 that reportedly lets Windows be tricked into running untrusted code. You can read more about this flaw at
http://www.heise.de/security/artikel/50051
