[ISN] Microsoft: Unauthorized Windows XP SP3 'Preview' Bad News

[InfoSec News]

http://www.informationweek.com/story/showArticle.jhtml?articleID=172301710

By Gregg Keizer 
TechWeb News 
Oct. 17, 2005 

Microsoft warned users to stay away from an unauthorized "preview" of
Windows XP Service Pack 3, just as the site which hosts the collection
updated the package to version 3.

"Anyone who installs this thinking they are getting SP3 (even as a
preview) is being grossly mislead and is posing a significant
potentially non-recoverable risk to their PC and data," wrote Mike
Brannigan, who identified himself on a Microsoft newsgroup as an
employee of the Redmond, Wash.-based developer.

Microsoft has not released an SP3 update to Windows XP, although it
recently confirmed it would do so sometime after Windows Vista
launches late in 2006.

"Frankly this 'package' should be avoid [sic] and you should continue
to use Windows Update and the download site to get the most up-to-date
and correctly issued Microsoft fixes and patches," he added.

The preview -- dubbed Windows XP SP3 Preview Pack -- is a collection
of hotfixes and other updates that Microsoft has released since the
debut of SP2 more than a year ago. The pack, which was updated to
version 3 on Monday, can be downloaded from the Hotfix.net Web site.

Brannigan dismissed the preview, saying that it also included a number
of private hotfixes generated for users with very specific problems.  
"The hotfixes are not as rigorously tested at public released ones,"  
he wrote. Installing all the 'privates' may make your machine LESS
stable and will also put you out of support from Microsoft or an OEM
as you are installing incorrectly issued private hotfixes."

For his part, Ethan Allen, the creator and administrator of
Hotfix.net, defended the 'preview' in a posting on his site. "This is
NOT an official SP3 package from Microsoft, but rather just a
collection of hotfixes that will most likely be in SP3 releasing in
2006. Use at your own risk."