XP Service packs
Hi
We all understand the importance of service packs for XP, 3 being the latest. But how important is it in a company, today I have come across 6 machines, 3 have SP2, 1 has SP1 and 2 have no SP
The only danger I can see is if anyone from inside the workplace brings in a virus on CD or pen drive
Q. Service pack 3 still may not be commonly installed as its quite new but how many of you IT people have PC's on your network with only SP2, SP1 or even no SP's installed, in a busy IT environment were there is always work to do I can understand if this falls by the way side, but is this as bad as it sounds
Lee H
We all understand the importance of service packs for XP, 3 being the latest. But how important is it in a company, today I have come across 6 machines, 3 have SP2, 1 has SP1 and 2 have no SP
The only danger I can see is if anyone from inside the workplace brings in a virus on CD or pen drive
Q. Service pack 3 still may not be commonly installed as its quite new but how many of you IT people have PC's on your network with only SP2, SP1 or even no SP's installed, in a busy IT environment were there is always work to do I can understand if this falls by the way side, but is this as bad as it sounds
Lee H
.
Comments
-
Silver Bullet Member Posts: 676 ■■■□□□□□□□Most larger companies will test updates/patches/SPs to check for compatibility issues on their apps, etc.. before pushing them out to the client machines. They will also use an update system such as SMS or WSUS.
Doesn't sound like there is an update/patch plan there. -
aordal Member Posts: 372If you have machines on your network that are running no SP or just SP1 they are a threat to the rest of your network. The reason being is M$ stopped supporting them, aka stopped patching them. It's a big deal if you have lots of these on your network, if it's a small company I advise you start rolling out SP2 asap. If you are running AD then you can set up WSUS 3.0 SP1 (it's free).The only danger I can see is if anyone from inside the workplace brings in a virus on CD or pen drive
As far as SP3 it's not as hot of a deal right now because SP2 is still supported, but when M$ announces a date (and they will) when SP2 is no longer supported it's important that you upgrade to SP3. -
dave0212 Member Posts: 287If you are running AD then you can set up WSUS 3.0 SP1 (it's free).
You dont need AD for WSUS it just makes it easier to configure all your system via GP to point to itThis week I have achieved unprecedented levels of unverifiable productivity
Working on
Learning Python and OSCP -
dynamik Banned Posts: 12,312 ■■■■■■■■■□SP1 and SP2 are very important. I can't imagine anyone is not using those unless there are some incompatibility issues with critical software. SP3 was more a collection of updates with a few minor additions (that most people won't notice) in functionality. It doesn't even sound like those are getting updates since I believe some require SP1 or SP2.
-
NetAdmin2436 Member Posts: 1,076At a minimum they should all have XP SP2 for the enhanced security. SP2 included the built in firewall which you should be running on all clients.WIP: CCENT/CCNA (.....probably)
-
blargoe Member Posts: 4,174 ■■■■■■■■■□SP2 has been the requirement for quite some time for receiving patches from Microsoft.
I wouldn't even bother with upgrading them in place, personally I would just rebuild the computers with a new install that included SP3. Those ones running SP0 are probably infected with something by now if they get on the internet much.
It's also possible they are using pirated copies of windows and MS added the product key to the blacklist which prevents them from installing the latest sp and patches.IT guy since 12/00
Recent: 11/2019 - RHCSA (RHEL 7); 2/2019 - Updated VCP to 6.5 (just a few days before VMware discontinued the re-cert policy...)
Working on: RHCE/Ansible
Future: Probably continued Red Hat Immersion, Possibly VCAP Design, or maybe a completely different path. Depends on job demands... -
HeroPsycho Inactive Imported Users Posts: 1,940NetAdmin2436 wrote: »At a minimum they should all have XP SP2 for the enhanced security. SP2 included the built in firewall which you should be running on all clients.
Remember, XP SP2 didn't include the firewall for the first time. That wasn't the change in respect to it. The change was that it was enabled by default for the first time.
It also hardened a lot of the services and installed fixes for numerous security threats.
That's why it was/is so important to install.
I agree that XP SP3 is not absolutely critical to install at this time, although it can add a few valuable features, like a more secure wifi connection manager and support for NAP if you're looking to deploy that.Good luck to all! -
Psoasman Member Posts: 2,687 ■■■■■■■■■□AT THE MINIMUM you should have SP2 installed. I have seen very few compatibility problems with SP2..usually with specialized software.
We tested SP3 in our lab at work for months before the admins approved it for install. -
the_Grinch Member Posts: 4,165 ■■■■■■■■■■WIP:
PHP
Kotlin
Intro to Discrete Math
Programming Languages
Work stuff -
Lee H Member Posts: 1,135I kind of knew already guys how important these SP's are but in a network environment were all PC's get internet via a proxy and relevant anti virus installed, so only threat of virus's is in-house, providing the AV is up to date
Not my call to update these machines though, am here to roll out laptop's. But they have been notified, I guess there just too busy most of the time to update these machines it probably happens in every company
Thanks for all your input guys
Lee H. -
dynamik Banned Posts: 12,312 ■■■■■■■■■□Viruses aren't the only threat, and no scanner is perfect.
Plus, people can always bring things in on flash drives, CD/DVDs, etc. The proxy server isn't the single point of entry. -
HeroPsycho Inactive Imported Users Posts: 1,940I kind of knew already guys how important these SP's are but in a network environment were all PC's get internet via a proxy and relevant anti virus installed, so only threat of virus's is in-house, providing the AV is up to date
Not my call to update these machines though, am here to roll out laptop's. But they have been notified, I guess there just too busy most of the time to update these machines it probably happens in every company
Thanks for all your input guys
Lee H
And since when are proxies and AV fullproof?Good luck to all! -
tiersten Member Posts: 4,505I kind of knew already guys how important these SP's are but in a network environment were all PC's get internet via a proxy and relevant anti virus installed, so only threat of virus's is in-house, providing the AV is up to date
I assume since they've not bothered to do their service packs that they've also not got anything like 802.1x. -
Lee H Member Posts: 1,135Funny you should mention, we do and its unsecured. But i have tried to conect and it doesnt, I think maybe the mac address on my wifi phone needs adding to some list somewhere, does that sound right.
-
Daniel333 Member Posts: 2,077 ■■■■■■□□□□Hi
We all understand the importance of service packs for XP, 3 being the latest. But how important is it in a company, today I have come across 6 machines, 3 have SP2, 1 has SP1 and 2 have no SP
The only danger I can see is if anyone from inside the workplace brings in a virus on CD or pen drive
Q. Service pack 3 still may not be commonly installed as its quite new but how many of you IT people have PC's on your network with only SP2, SP1 or even no SP's installed, in a busy IT environment were there is always work to do I can understand if this falls by the way side, but is this as bad as it sounds
Lee H
Normally you would push the service pack out through SMS, group policy or something like that. You are not likely to see an IT person manually install it. So it's really a non-issue. The only time consuming part is maybe testing any random software you might have.
XP and XP Service Pack 1 are no longer supported I believe. So if they find a critical flaw, it's not likely to be patched. But if you are on SP2 or 3 it will be. Also, if you call with a problem and they find you on a dated service pack, they are going to give you the run around.
this explains it well
Microsoft Windows: End of support for Windows 98, Windows Me, and Windows XP Service Pack 1
You are getting security enhancements, system stability and beefed up firewall protection. In addition you gain some group policy enhancments so Windows XP plays nicely with Vista and 7.
Anyhow, I've had no legit problems with Sp3 in a roll out to 40 companies amounting to about 4,000 users. That ain't bad. Any Windows company should certainly be in the process of testing their software on SP3 now and rolling out soon.-Daniel -
arwes Member Posts: 633 ■■■□□□□□□□Posting in an old thread, yay! I finally got around to releasing SP3 for XP in WSUS this past Friday and I've already had to uninstall it from several workstations. Dell must really not bother with offering updated drivers for older products these days. Got one user with a Latitude D810 and uses ATI Catalyst Control Center stuff to rotate her second monitor. That stopped working in SP3. And then anyone who uses a Dell 5100cn or 3100cn can no longer print. No updated drivers from Dell. Anyone have this kind of problem from other manufacturers?[size=-2]Started WGU - BS IT:NDM on 1/1/13, finished 12/31/14
Working on: Waiting on the mailman to bring me a diploma
What's left: Graduation![/size] -
undomiel Member Posts: 2,818At that point I would try the drivers straight from ATI and see if they make a difference. I can't think of anything in particular in SP3 that should interfere with display rotation.Jumping on the IT blogging band wagon -- http://www.jefferyland.com/
-
arwes Member Posts: 633 ■■■□□□□□□□When I tried that I got a message that more or less told me to contact the manufacturer for updated drivers. I think the latest ones Dell had were from 2005.[size=-2]Started WGU - BS IT:NDM on 1/1/13, finished 12/31/14
Working on: Waiting on the mailman to bring me a diploma
What's left: Graduation![/size] -
Paul Boz Member Posts: 2,620 ■■■■■■■■□□I do on-site pen tests and thank god every time I find unpatched boxes. If you have XP service pack 1 metasploit will own you every time. Same goes for 2k installs.
Lack of patch management is negligent. Not just from a virus standpoint, but from a "there are tons of holes in the operating system that need to be patched" standpoint.CCNP | CCIP | CCDP | CCNA, CCDA
CCNA Security | GSEC |GCFW | GCIH | GCIA
pbosworth@gmail.com
http://twitter.com/paul_bosworth
Blog: http://www.infosiege.net/ -
HeroPsycho Inactive Imported Users Posts: 1,940I do on-site pen tests and thank god every time I find unpatched boxes. If you have XP service pack 1 metasploit will own you every time. Same goes for 2k installs.
Lack of patch management is negligent. Not just from a virus standpoint, but from a "there are tons of holes in the operating system that need to be patched" standpoint.
Fun PowerShell one liner you can run with the Quest AD cmdlets:
get-qadcomputer -OSName "*XP*" | where-object {$_.OSServicePack -notlike "*2"} | select name,OSServicePack
It's obviously adaptable for other OS's and service pack levels.
I ran that where I'm contracting, and seeing numerous XP RTMs still on the network made me cry.Good luck to all!