Microsoft accelerates Windows security update

The second Windows XP service pack will include a number of changes designed to allay security fears

A Microsoft executive has said the company will launch Service Pack 2 for Windows XP in December, months earlier than the company forecast on its Service Pack roadmap.

At the Citrix iForum in Florida on Tuesday, Microsoft's corporate vice president of content, Richard Kaplan, who is in charge of the and Windows Update Web sites, told delegates that Windows XP SP2 would be available by the end of the year. The service pack was originally planned for this year, but had been put back to 2004.

Kaplan admitted that Microsoft's record on security has "not been good enough", but he claims the company is improving. Security is now the number one priority for Microsoft and that will be demonstrated with SP2, he said, revealing that the update will contain enhanced memory protection in an attempt to reduce the operating system's vulnerability to buffer overflow exploits. "One of the primary way worms get onto the system is by what they call a buffer overflow. There is a new technology that lets us lock out people's ability to install code in Windows using a buffer overflow," he said.

Additionally, SP2 will switch on Windows XP's built-in firewall by default and provide better control over ActiveX scripts: "Automatic downloading of ActiveX controls that you don't know about and don't care about -- we are going to make this much, much easier to control."

Kaplan also said that Microsoft will, except in extreme cases, only release patches once a month: "You should install patches on your schedule rather than our schedule," he said.