BugBlog Home
BJK Research Home
BJK Research Home

Did the BugBlog help you? Donate via PayPal to say thanks.

Even better, subscribe to the BugBlog Plus for even more coverage of bugs and their fixes.

Jump to the BugBlog archives

Dec 06
Nov 06
Oct 06
Sept 06
Aug 06
July 06
June 06
May 06
Apr 06
Mar 06
Feb 06
Jan 06
Dec 05
Nov 05
Oct 05
Sept 05
Aug 05
July 05
Jun 05
May 05
Apr 05
Mar 05
Feb 05
Jan 05
Dec 04
Nov 04
Oct 04
Sep 04
Aug 04
Jul 04
June 04
May 04
Apr 04
Mar 04
Feb 04
Jan 04
Dec 03
Nov 03
Oct 03
Sept 03
Aug 03
July 03
June 03
May 03
April 03
Mar 03
Feb 03
Jan 03
Dec 02
Nov 02


View vintage BugNet coverage here



The BugBlog is free- but if you want to help support its existence, subscribe to the BugBlog Plus. A three month subscription is only $5. XML The BugBlog Plus delivers five times the amount of bugs and fixes.

This is a special report on Windows XP Service Pack 2 -- listing chronologically the Service Pack 2 items covered in the free portion of the BugBlog.

2/28/2005 Images in Clipboard Causes Windows Crash

Microsoft says that a bug in the Graphics Device Interface (GDI) may cause Windows Server 2003 or Windows XP to crash when you copy an image to the clipboard. You may also see this error message, although the numbers in parentheses may be different:
STOP: 0x00000050 (bc7cf000, 00000000, bf964404, 00000001)
Microsoft has a hotfix for this, which will be in future service packs for the two products. If you can't wait for these, contact Microsoft Technical Support and ask for the hotfix described in Knoweldge Base article 872797. Note that you may be charged for this call.

2/21/2005 CardBus Removal May Trigger Error

Microsoft says you may get a Blue Screen of Death if you remove a CardBus Compact Flash adapter from your computer, after you have transferred a file or edited a file on the device. The error message will look something like

although the hex numbers in parenthesis may be different. Microsoft says this has been fixed in Windows XP Service Pack 2. However, there are no fixes for it for Windows 2000 or Windows Server 2003

2/7/2005 Windows XP SP2 Slows Down DVD Writing

According to a story in PC World, Windows XP Service Pack 2 slows down Nero AG's InCD4 DVD-burning software. This software is included with many DVD-RW drives, including Sony, Plextor, and Lite-On. Nero says this is because of a cache bug in SP2. Read the details, and get a link to a fix, at http://www.pcworld.com/howto/article/0,aid,119265,00.asp

1/25/2005 Windows XP SP 2 Slows Down Some File Uploads

Windows XP Service Pack 2 may slow down some file uploads. If you are using Internet Explorer 6 to upload a file using an SSL (Secure Socket Layer) connection to a website whose URL starts with https:// and uses an active server page (.asp) or a script to process the file, the upload may take much longer than expected, according to Microsoft. They have a hotfix for this, along with a Registry edit. To find out about the hotfix, and to get the instructions and safeguards for editing the Registry, see http://support.microsoft.com/?kbid=889334


1/11/2005 Critical Patch for Windows HTML Help

Microsoft has a critical update for the HTML Help, that will help plug a hole where an attacker, via Internet Explorer, may be able to remotely run their own code on your computer. This affects Internet Explorer 6 on Windows 2000 Service Pack 3 and 4, Windows XP Service Pack 1 and 2, and Windows Server 2003. The problem specifically is a cross-domain vulnerability in the HTML Help ActiveX control. Links to the update for each version of Windows are at http://www.microsoft.com/technet/security/bulletin/MS05-001.mspx

1/8/2005 IE Bug Gets Elevated to Extremely Critical

Security researchers at Secunia have escalated their warning on some Microsoft Internet Explorer bugs to Extremely Critical, which is their highest level. The bugs are in HTML Help, in the drag and drop from the Internet Zone, and a way to circumvent Windows XP SP 2 security, and all have been reported earlier. However, now some example code that shows how to exploit these is circulating. If attackers put everything together, it's possible they could take over your computer. Although Microsoft is releasing security updates on January 11, they have not said whether one of them is to fix IE. You can read the full write-up at http://secunia.com/advisories/12889/

12/31/2004 Last Bug of the Year is Another IE Problem

The Trojan.Phel.A is a new Trojan horse program that appears to target Windows XP Service Pack 2 computers via an already-known bug called the Internet Explorer HTML Help Control Local Zone Security Restriction Bypass Vulnerability. You can read the details about it from Symantec at http://securityresponse.symantec.com/avcenter/venc/data/trojan.phel.a.html. It would appear from published reports that this vulnerabiltiy, through IE HTML Help, is different from the one reported 12/27 in the BugBlog. Symantec has updated their virus definitions to look for this. A complete fix is available at http://www.mozilla.org.

12/27/2004 Another Attack Against Internet Explorer

Details of a new way to assault Microsoft Internet Explorer have been posted to the Full Disclosure mailing list. This attack can be done even against computers upgraded to Windows XP Service Pack 2, and can be done without user intervention (Edit 12/28: to be attacked, you will need to visit a malicious web page, although you won't have to click or do anything on that page.) It would appear that the attack makes use of known problems with Microsoft's Active X technology, and can be used to place a file in a computer's Startup folder. You can read a news account at eWeek at http://www.eweek.com/article2/0,1759,1745693,00.asp. Nothing official from Microsoft yet. One workaround is to use Mozilla or Firefox.

12/17/2004 Special: Bug in the Windows XP SP2 Firewall

Microsoft has released a critical update for Windows XP Service Pack 2. They have found that if you are using the Windows Firewall included in SP2 and you make a dial-up connection to the Internet, you may be inadvertantly allowing file and print sharing with the entire Internet. If you have Windows XP Service Pack 2 installed, you will need to get the KB886185 update from http://windowsupdate.microsoft.com/.


12/17/2004 Another IE Cross-Site Scripting Bug

The Security researchers at Secunia have posted details on another bug in Microsoft Internet Explorer. In this case, a bug in the DHTML Edit ActiveX control may allow a cross-site scripting attack, which may allow a malicious website to put script into another browser session. They say this affects fully patched systems with Windows XP Service Pack 1 and Service Pack 2. Secunia credits this find to Paul from greyhats, and has also posted a test at http://secunia.com/advisories/13482/, to see if you are vulnerable.

12/3/2004 HTTP Bug in Windows XP Service Pack 2

Microsoft says that a bug in Http.sys may cause either Windows XP Service Pack 2, Windows XP Tablet PC Edition 2005 or Windows Server 2003 to crash. You may get this error message
This will happen if you have TDI filter drivers installed (these typically come with antivirus or firewall programs) and these drivers respond with STATUS_PENDING to particular TDI input/output requests. Microsoft has a hotfix available for download for Windows XP Service Pack 2. Get it at http://support.microsoft.com/?kbid=887742

11/23/2004 Memory Size Missing with Windows XP SP2

Microsoft says that after you install Windows XP Service Pack 2, the amount of memory on your system may appear incorrectly, or not appear at all, in the System Properties dialog box. However, there are two other places where the memory size appears correctly. You can go to Start, All Programs, Accessories, System Tools, System Information. You can also go to Start, Run, and type Msinfo32.exe, and then click OK

11/22/2004 Windows XP Scanner Wizard Misses a Trick

In Windows XP, the Scanner and Camera Wizard has an option that lets you use a networked scanner. However, the improved Windows Firewall in Windows XP Service Pack 2 and in the Windows XP Tablet PC Edition 2005 blocks the port, TCP Port 21, that a networked scanner would use. If the Windows Firewall is turned on, the networked scanner is blocked, but the Wizard isn't smart enough to sense that. As a workaround, you must create a Windows Firewall exception for the scanner. See http://support.microsoft.com/?kbid=873188 for details on how to do that.

11/19/2004 SonicWALL Hits the Wall with Windows XP Service Pack 2

If you try to use the SonicWALL Complete Anti-Virus program on either a Windows XP Service Pack 2 computer or a Windows XP Tablet PC 2005 computer, you may run into problems. At installation time, you may get this error message
Unable to Create Cabinet Installer Object. Agent Service may not be running properly
Microsoft says this is because the MyAgtSvc from SonicWALL tries to run without run or activation permissions, which doesn't work under SP2's increased security. SonicWALL has fixed this with an update you can get at http://www.sonicwall.com/alert/service_bulletin_windowsXP_SP2_update.html.

11/18/2004 More Security Problems for Internet Explorer

The Secunia security website has issued a bulletin highlighting two bugs in Microsoft Internet Explorer in Window XP Service Pack 2 (SP2) systems. The first bug shows a way that attackers may be able to bypass the warning that the web browser gives when downloading certain files. The second bug can spoof a file extension, making you think you are saving an HTML file when you are saving some other file type. The bugs were reported by cyber flash. Microsoft has not announced any patches for these yet. As a workaround, Secunia says to disable Active Scripting support and the "Hide extension for known file types" option.

11/16/2004 Problems Installing SP2 on HP Computers

If you try to upgrade to Windows XP Service Pack 2 on some Hewlett-Packard computers with the Out of Box Experience (OOBE) you may have problems. When the computer restarts, you may see this error message
Windows XP Setup is incompatible with this version of Windows. For more information, contact Microsoft.
Microsoft says this is because Hewlett-Packard installs the Recovery Console files using the Windows XP Service Pack 1 files that are found in C:\Windows\I386. There is a workaround for this that involves editing the Registry. To see the steps, and important safeguards about the Registry, see http://support.microsoft.com/?kbid=870898.

10/23/2004 Updates After XP SP 2 May Cause a Crash

Microsoft says that after installing Windows XP Service Pack 2, you may lock up your computer if you try installing any of these other updates from Microsoft (as noted by their Knowledge Base number): 307154; 842520; 842933; 870997; 883507; 883523; 884020; 884575; 884851; 884868; 885523; 885626; 824838; 883517; 885267; 883529. You may also run into this problem when you install certain filter drivers, such as the Ibmfilter.sys driver. If this crash happens to you, Microsoft says to restart the computer, and then use Add/Remove Programs to remove the update you just installed that caused the crash. Then go to http://support.microsoft.com/?kbid=885894 and download the additional update and install that.


10/22/2004 Windows XP SP2 Security Flaw Via Internet Explorer

There is a bug in the Local Security Zone of Microsoft Internet Explorer 6 running on a Windows XP Service Pack 2 system. The malware.com web site, run by someone with the nóm-de-hack of http-equiv, posted news where someone could use the HTML Help control to help bypass the security in the Local Zone. Matched with another bug, which uses drag-and-drop to get hostile code onto a computer, may allow an attack on a Windows XP SP 2 computer. To actually pull off the attack, a victim would need to copy content, possibly disguised as an audio or video file, from a web site. Other experts say the fix for this should be relatively easy. See eWeek at http://www.eweek.com/article2/0,1759,1681218,00.asp for details

10/5/2004 Netsh.exe Workaround for Service Pack 2

After installing Windows XP Service Pack 2, you won't be able to use Netsh.exe for renaming ports. Microsoft says this is intentional. Instead of renaming a port, Microsoft says you can delete the port and then add it back with the new port name. For more information, see http://support.microsoft.com/?kbid=884908 or http://support.microsoft.com/?kbid=875357

9/30/2004 IE Pop-up Blocker Doesn't Play Favorites

After installing Windows XP Service Pack 2, if you have the Internet Explorer 6.0 Pop-up Blocker settings set to High, the pop-up blocker will block some features of the Microsoft Office Online web site. Clicking the Help link in the upper-right hand corner of that web page normally opens up a Help window, but it is blocked by IE. You can override the pop-up blocker by pressing the CTRL key when you click that link. You can also configure the pop-up blocker to allow pop-ups from Microsoft.com.

9/27/2004 Running Out of Room for SP2

Microsoft says that if you do not have enough hard disk space to install Windows XP Service Pack 2, an express or custom installation of the Service Pack may just stop, without giving you any error message. However, there will be clues in the Svcpack.log file, if you examine it. (It should be in your \Windows folder.) If you go to the end, you may see these entries:
150.782: There is not enough space on the disk.
150.782: Service Pack 2 installation did not complete.
150.782: Update.exe extended error code = 0x70

Microsoft says you need space on both the drive that holds your \Windows folder, plus you need 30 MB on the first primary system partition -- that's the drive that holds Ntldr and Boot.ini. If you need details on the space requirements, see http://support.microsoft.com/?kbid=837783.

9/26/2004 Hotfix for SP2 Loopback Bug is Downloadable

The hotfix for Windows XP Service Pack 2 that takes care of the incompatibilities with programs that connect to IP addresses in the loopback range ( is now freely available for download. (Before, you had to contact Microsoft Technical Support to get it, as the 8/18/2004 BugBlog explained.) Go to http://support.microsoft.com/?kbid=884020 for the link and explanation.

9/21/2004 Ad Program Trips up Service Pack 2

Microsoft says there are incompatibilities between the third-party advertising program Total Velocity Corporation T.V. Media and Windows XP Service Pack 2. If you install the service pack, the computer may crash with this error
STOP: c0000135 {Unable To Locate Component}
This application has failed to start because winsrv was not found. Re-installing the application may fix this problem.

Microsoft says you will need to use the Recovery Console to uninstall the service pack, then you will need to uninstall T.V. Media. Microsoft says that "T.V. Media is a third-party advertising program that you may not want to continue running." See http://support.microsoft.com/?kbid=885523 for details on how to do that.

9/17/2004 Norton AntiVirus Won't Scan at Startup

If you have configured Symantec Norton AntiVirus 2003 to do a scan for viruses on startup, this will no longer work when you have upgraded to Windows XP Service Pack 2. Manual scans will still work, as well as daily, weekly, and monthly. For now, Symantec says to switch to some option other than scan at startup.

9/14/2004 Back to School for Microsoft Class Server

Microsoft says that if you install Windows XP Service Pack 2, you may disrupt the Preview feature and the Find Feature in Microsoft Class Server 3.0. They say the Learning Resource and Assignment Preview feature and the Find Learning Resource feature won't work correctly, and the Teacher may stop responding. (We've all had teachers who do that.) There is a Class Server 3.0 update of 8/25/2004 that fixes this. It's available in the Microsoft Download Center.

9/10/2004 Windows XP SP2 and UMAX Scanners

If you upgrade to Windows XP Service Pack 2 on a computer that has a UMAX scanner driver installed, you will be prompted to restart the computer, and then the computer will go into a cycle of continous restarts. Microsoft says you need to start the computer in safe mode, get rid of the UMAX driver, remove Windows XP Service Pack 2, and then reinstall Windows XP Service Pack 2. They say you need to check with UMAX for information on the UMAX driver.

9/9/2004 Windows XP Service Pack 2 Gets Confused with USB 2.0

When you upgrade to Windows XP Service Pack 2, Microsoft says the USB 2.0 drivers will appear with the earlier version numbers. However, Microsoft does say the files have been updated. Microsoft does have a series of steps on how to reinstall the drivers at http://support.microsoft.com/?kbid=873169. However they also say you can just unplug any of your USB device, and then plug them back in. This should start the Plug and Play utility, and you can pray that this will update the driver numbers correctly.

9/8/2004 Apple Security Fix for CoreFoundation

Apple's 9/7/2004 security update for Mac OS X fixes two bugs in the CoreFoundation. One bug may trick OS X into loading a user-supplied library with plug-ins. This could lead to a privilege elevation. Apple credits Kikuchi Masashi for finding this. Another bug could cause a buffer overflow, which may allow a local attacker to run their own code. This bug was discovered by aaron@vtty.com. These fixes are for Mac OS X 10.2.8, OS X 10.3.4, OS X 10.3.5, OS X Server 10.2.8, OS X Server 10.3.4, and OS X Server 10.3.5. There's more coverage of the 9/7/2004 Security Fix in the BugBlog Plus.

9/6/2004 Dell Updates for Windows XP SP2

If you are going to upgrade your Dell computer to Windows XP Service Pack 2, make sure to read the important set of cautions from Dell at http://support.dell.com/support/topics/global.aspx/support/kb/en/document?dn=1090448. In particular, you will need to update the drivers for the ATI Mobility Radeon 9800 graphics card, which is in some Inspiron laptops, and the driver for the Dell TrueMobile 300 Bluetooth Internal card.

The BugBlog is free- but if you want to help support its existence, please make a donation via PayPal using the button at left. Better yet, subscribe to the BugBlog Plus. A three month subscription is only $5.

9/4/2004 SP2 Pop-Up Blocker May Block Windows Update

After installing Windows XP Service Pack 2, the pop-up blocker that is installed may interfere with the Microsoft Windows Update Site. Visit there and you may see this error in Internet Explorer
HTTP Error 500 - Internal Server Error, Error 0x8ddd0010
To see a workaround for this, go to http://support.microsoft.com/?kbid=883820.

8/31/2004 Windows XP SP2 Unrolls Driver Rollback

Once you install Windows XP Service Pack 2, any information saved by Device Manager about previous drivers is lost. Microsoft says no backup file is created for third-party drivers, and thus you won't be able to roll back to a previous driver. Microsoft says if you need to go back, you will have to reinstall the third-party driver. If you need a refresher course for that, see http://support.microsoft.com/?kbid=873171.

8/28/2004 Windows XP Security Center Can Be Tricked

PC Magazine has confirmed, following a tip, that the new Windows Security Center in Windows XP Service Pack 2 can be spoofed. There are ways to make it look like things are still secure, when they aren't. Microsoft has downplayed this bug; a paraphrase of their response might be "Well, if they can do this, they can do worse than this, so we aren't going to worry." You can read the full story from PC Magazine, and the Microsoft response, at http://www.pcmag.com/article2/0,1759,1639276,00.asp.

8/24/2004 Dantz Retrospect Networked Backups and Windows XP Service Pack 2

When using Dantz Retrospect to backup networked Windows XP computers, you will need to make some configuration changes if you upgrade to Windows XP Service Pack 2. The new Windows Firewall will need to be configured to allow the networked backup. You can see the steps involved at http://www.dantz.com/en/support/kbase.dtml?id=28189. Note that this does not affect Dantz Retrospect when backing up standalone computers.

8/23/2004 Windows XP Service Pack 2 Doesn't Like Adobe Help Files

Adobe says that after you have upgraded to Windows XP Service Pack 2, you may get security warnings in Microsoft Internet Explorer when you try to use Help in an Adobe application. The warning may be something like
"To help protect your security, Internet Explorer has restricted this file from showing active content that could access your computer. Click here for options."
"Security Warning: The information you have entered is to be sent over an unencrypted connection and could easily be read by a third party. Are you sure you want to continue sending this information?"
The problem, according to Adobe, is that the new security in SP2 blocks frames in HTML files as a security precaution, even in HTML Help files stored locally. Since the content you are trying to access was installed on your computer when you installed the Adobe application, there should be no risk involved when clicking Help in an Adobe application. So you can continue on by clicking Yes. You can read more from Adobe about this at http://www.adobe.com/support/techdocs/330621.html.

8/22/2004 Windows XP Service Pack 2 Stops Microsoft Outlook Smart Tags

When you install Windows XP Service Pack 2, Outlook 2003 may lose its smart tags. Microsoft says the tightened security in SP2 stops the smart tags. To bring them back, you will first need to reinstall Office 2003 Service Pack 1. Then you will need to do some Registry edits that are described at http://support.microsoft.com/?kbid=884197.

8/20/2004 Security Problem in Microsoft IE 6 Even After SP2

Security researchers http-equiv have shown another vulnerability in Microsoft Internet Explorer. It is possible to exploit a fault in drag and drop events within IE to move damaging content into a computer's Start folder, so that it will execute the next time that computer boots. Security researchers at Secunia report that this exploit works on fully patched systems using Internet Explorer 6 and Windows XP Service Pack 2. You can see the details at http://secunia.com/advisories/12321/. As a workaround, you may want to consider Mozilla for your browser.

8/18/2004 First Hotfix for Windows XP SP2 Bug

The first post-Service Pack 2 hotfix for Windows XP (or you can look at it as the first pre-Service Pack 3 hotfix) has been released by Microsoft. This fixes a bug introduced by Windows XP Service Pack 2 that may prevent programs from working with IP addresses in the loopback range other than If you have a program that needs to connect to one of these addresses, you may want to contact Microsoft Technical Support and ask for the hotfix described in Knowledge Base article 884020. Note that you may get charged for this call.

8/17/2004 Extra: Windows XP SP2 Auto Update Delayed

Microsoft has informed their largest customers, via email, that the Automatic Update deployment of Windows XP Service Pack 2 will be delayed at least until August 25. This gives customers more time to block the auto updates while they work to settle incompatibilities between their current applications and the stricter security standards of SP 2. You can read more at ZD Net at http://zdnet.com.com/2100-1104_2-5312747.html.

8/13/2004 Symantec Gets Enterprise Apps Ready for SP2

Symantec has released updates for many of their enterprise products so that they are compatible with Windows XP Service Pack 2. These products have updates available: Symantec Client Security 2.0; Symantec Client Security 2.0 Business Packs; Symantec AntiVirus Corporate Edition 9.0; Symantec AntiVirus 9.0 Business Packs. You can get these updates at http://www.symantec.com/techsupp/enterprise/sp2/compatibility.html. Symantec says that updates for these products should be available by mid-August to mid-September: Symantec Client Security 1.1.1; Symantec Client Security 1.1.1 Small Business; Symantec AntiVirus Corporate Edition 8.1.1; Symantec AntiVirus 8.1.1 Small Business; Symantec Client Security 1.0.1; Symantec AntiVirus Corporate Edition 8.0.1; Norton AntiVirus Corporate Edition 7.61. Check that same URL for news of when these become available.

8/12/2004 SP2 Firewall Blocks Some Games

The new Windows Firewall in Windows XP Service Pack 2, when left to its default settings, will cause a number of online games to stop working. The reason is that the firewall shuts ports that the game normally uses to communicate with other gamers. (Shutting open ports is generally a good thing. However, ports also need to be open for legitimate traffic.) Games affected include: Lego Chess Chess Advantage III; EA Games Need for Speed Hot Pursuit 2; Atari Unreal Tournament 2003, and Unreal Tournament Game of the Year; VALUSoft Illegal Street Drag 1.0; Atari Scrabble 3.0; and Activision StarFleet Command III 1.0. In general, Microsoft says to check the game's documentation to see what ports need to be opened. Then go to http://support.microsoft.com/default.aspx?kbid=842242 for instructions on how to open the ports.

8/9/2004 Windows XP SP2 Released

Windows XP Service Pack 2 has officially been RTM'ed. That means Released to Manufacturing. It has been sent out to the Microsoft Developers Network, meaning the OEM computer manufacturers such as Dell, and the megacustomers with thousands of licenses, have it now. It will be made available over the Automatic Update feature of Windows XP first. Later it will be available on CD. There will be extra BugBlog updates on the fixes, as well as the incompatibilities and new problems, that are included in the Service Pack. Full coverage will be in the BugBlog Plus

This special report only contains SP2 coverage from the free portion of the BugBlog. Subscribers to the BugBlog Plus get almost five times the coverage.