A Web site that leaked details of Windows XP Service Pack 3 over the weekend claimed that the update includes several new features, including some borrowed from Windows Vista.

According to NeoSmart Technologies, Windows XP SP3 build 3205, which was released to beta testers on Sunday, includes four new features among the 1,000-plus individual hot fixes and patches that have been issued since XP2’s debut three years ago.

Features backported from Vista, said NeoSmart, include Network Access Protection (NAP), an enterprise policy enforcement technology that inspects client PCs before they access a corporate network, then updates the machines if necessary or blocks them if they don’t meet specified security criteria.

Other additions range from a kernel module containing several encryption algorithms that can be accessed by third-party developers, to a new Windows activation model that doesn’t require users to enter a product key.

Microsoft had previously announced SP3 support for NAP, which is part of Windows Vista and will be included in the not-yet-finalized Windows Server 2008.

Windows XP SP3, which Microsoft has said will be released early in 2008, will be one more move by the developer to extend the lifespan of the six-year-old operating system. Last month, for example, Microsoft gave Windows XP a five-month reprieve by pushing back the end of retail sales and sales of XP-powered PCs by large resellers to June 30, 2008.

And last week, Microsoft debuted a new “get-legal” program that lets companies purchase large quantities of Windows XP Professional licenses through their usual resellers.

Microsoft was not immediately available for comment on the leak, or the new features touted by NeoSmart.

Source : PC World

ZDnet reported that MSN Messenger is vulnerable to a critical high webcam flaw that can exploit to cause a heap-based buffer overflow via specially crafted data sent to a user. Secunia warns that successful exploitation may allow execution of arbitrary code, but requires that the victim accepts the incoming Webcam invitation. Microsoft urged all MSN users to update to Windows Live Messenger 8.1 or later as in the investigation, it shows that this version onwards is not vulnerable to the flaw.

Below is what Microsoft spokesman said

Our investigation so far shows that the latest version, Windows Live Messenger 8.1, is not vulnerable to this issue, he added, urging Windows Live Messenger 8.0 users to upgrade to Messenger 8.1.

We have encouraged customers to upgrade to Windows Live Messenger 8.1 beginning February 2007, the spokesman said.

Once we’re done investigating, we will take appropriate action to help protect customers. This may include providing a security update through the monthly release process, an out-of-cycle update or additional guidance to help customers protect themselves.