Published: August 09, 2004 | Updated: September 15, 2004

By Starr Andersen, Technical Writer; Vincent Abella, Technical Editor

This document is Part 1 of “Changes to Functionality in Windows XP Service Pack 2” and provides an introduction to Microsoft® Windows® XP Service Pack 2 (SP2). You can obtain the other parts of the paper in the Microsoft Download Center, at

This document applies to Microsoft Windows XP Service Pack 2 (SP2) for the 32-bit versions of Windows XP Professional and Windows XP Home Edition. It does not describe all of the changes that are included in the service pack, but instead highlights those changes that will have the most impact on your use of Windows XP SP2 and provide references to additional information.


On This Page

What’s New in This Version
Other Resources and Feedback
Component Sections
Scope of This Document
Overview of Windows XP Service Pack 2 Security Technologies

What’s New in This Version

  • Added new sections: Distributed Transaction Coordinator, Internet Information Services.

  • Revised sections: Windows Firewall, Setup, Resultant Set of Policy, Windows Update, Internet Explorer Feature Control Settings in Group Policy, Internet Explorer URLAction Security Settings in Group Policy, Internet Explorer MIME Handling Enforcement, Internet Explorer Network Protocol Lockdown, Internet Explorer Local Machine Lockdown.

  • For information regarding changes in previous versions, see Appendix A, "Document History.”


In Windows XP Service Pack 2, Microsoft is introducing a set of security technologies that will help to improve the ability of computers running Windows XP to withstand malicious attacks, especially those from viruses and worms. The technologies include these improvements:

  • Network protection

  • Memory protection

  • E-mail handling

  • Web browsing security

  • Computer maintenance

Together, these security technologies will help to make it more difficult to attack Windows XP, even if the latest updates are not applied.

In addition, this service pack also includes updates designed to improve the performance and stability of several Windows features.

Other Resources and Feedback

If you have any other questions that are not answered by this paper, “Windows XP Service Pack 2 Resources for IT Professionals” on TechNet at has links to many other resources regarding Windows XP SP2. This page is updated periodically with the most recent information that is available.

In addition, we appreciate feedback on our documentation and our product. The following resources are available to you for providing feedback:

  • Windows XP Service Pack 2 Newsgroups. Newsgroups are a great place to ask questions of other users and find general information about other user’s experiences with Windows XP SP2. You can examine some of the newsgroups using a Web browser on the Microsoft Web site at

  • Product Support Services. If you are having a problem with your computer after installing Windows XP Service Pack 2, check the product support Web site on first to see if your issue has been identified in the Frequently Asked Questions or by a KB article. If not, you can contact Product Support Services to get help with your issue. To start, see “Windows XP Support Center” on the Microsoft Web site at

  • Microsoft Wish Program. If you have a suggestion about how to improve a feature in Windows that you would like considered for the next service pack or major Windows version, you can contact the Microsoft Wish Program and tell them your idea. To find out how to send a comment or suggestion, see “How to Contact the Microsoft Wish Program” on the Microsoft Knowledge Base at

  • Documentation feedback. If you have any comments or suggestions about Windows XP Service Pack 2 documents, on the Web version of this document, on the Microsoft Web site at, at the bottom of the page, click Comments and tell us what you think. Note that this is only for comments on the documentation, not the product itself.

Component Sections

Part 1: Introduction

Part 2: Network Protection Technologies

Part 3: Memory Protection Technologies

Part 4: E-mail Handling Technologies

Part 5: Web Browsing Security

Part 6: Computer Maintenance

Part 7: Updated features

Part 8: Conclusion and Appendices

Scope of This Document

This document specifically focuses on the changes between earlier versions of Windows XP and Windows XP Service Pack 2 (SP2) and reflects the current thinking of Microsoft about Service Pack 2 and its implications for developers. Examples and details are provided for several of the technologies that are experiencing the biggest changes: such as remote procedure calls (RPC), DCOM, Windows Firewall (previously called Internet Connection Firewall or ICF), and data execution prevention.

Additional information is available to developers on the Microsoft Web site at The goal for Service Pack 2 is to build on the Trustworthy Computing efforts of Microsoft that have previously been applied to Windows Server 2003. For an overview of the Microsoft Trustworthy Computing initiative, see “Trustworthy Computing Defined,” on the Microsoft Web site at

Overview of Windows XP Service Pack 2 Security Technologies

In Windows XP Service Pack 2, Microsoft is delivering several improved security technologies that help protect customers against malware and other risks to their computer. These technologies are not intended to replace periodic security updates as they are released, but rather to help strengthen Windows XP's overall defenses against malicious attacks.

  • Network protection. These security technologies help to provide better protection against network-based attacks, like MSBlaster, through a number of innovations, including enhancements to Windows Firewall and a reduced RPC attack surface. These enhancements include turning on Windows Firewall in default installations of Service Pack 2, closing ports except when they are in use, improving the user interface for configuration, improving application compatibility when Windows Firewall is on, and enhancing enterprise administration of Windows Firewall through Group Policy. The attack surface of the Remote Procedure Call (RPC) service is reduced, and you can run RPC objects with reduced credentials. The DCOM infrastructure also has additional access control restrictions to reduce the risk of a successful network attack.

  • Memory protection. Some attacks by malicious software leverage software security vulnerabilities that allow too much data to be copied into areas of the computer’s memory. These vulnerabilities are typically referred to as buffer overruns. Although no single technique can completely eliminate this type of vulnerability, Microsoft is employing a number of security technologies to mitigate these attacks from different angles. First, core Windows components have been recompiled with the most recent version of our compiler technology, which provides added protection against buffer overruns. Additionally, Microsoft is working with microprocessor companies to help Windows support hardware-enforced data execution prevention (DEP) on microprocessors that contain the feature. Data execution prevention uses the CPU to mark all memory locations in an application as non-executable, unless the location explicitly contains executable code. This way, when an attacking worm or virus inserts program code into a portion of memory marked for data only, an application or Windows component will not run it.

  • E-mail handling. Security technologies help to stop viruses (such as SoBig.F) that spread through e-mail and instant messaging. These technologies include default settings that have enhanced security, improved attachment control using the Attachment Execution Service (AES) API. This results in security and reliability enhancements for communications applications such as Microsoft Outlook, Outlook Express and Windows Messenger. As a result, potentially unsafe attachments that are sent through e-mail and instant messages are isolated so that they are less likely to affect other parts of the system.

  • Browsing security. Security technologies that are delivered in Microsoft Internet Explorer provide improved protection against malicious content on the Web. One enhancement includes locking down the Local Machine zone to help prevent the running of malicious scripts and fortifying against harmful Web downloads. Additionally, better user controls and user interfaces are provided that help prevent malicious ActiveX® controls and spyware from running on customers’ systems without their knowledge and consent.

  • Computer maintenance. A very important part of any security plan is keeping computers updated with the latest software and security updates and understanding the role they play in protecting your computer. Ensuring that you have current knowledge of security attacks and trends is also important. For example, some software updates that mitigated known viruses and worms were available days or weeks before any significant attacks began. New technologies are being added to help the end user stay up-to-date. These technologies include Security Center, which provides a central location for information about the security of your computer, and Windows Installer, which provides more security options for software installation.

Microsoft understands that security technologies are only one aspect of a sound defense-in-depth security strategy. The security technologies outlined here are the next steps being taken in the Trustworthy Computing initiative to make customers’ systems more resilient to malicious attacks.