Microsoft is warning developers that security-related changes in the next service pack for Windows XP may cause some problems with existing applications.
Service pack 2 introduces a number of changes to Windows XP, including disabling rarely-used features, closing network ports by default and enabling XP’s built-in firewall, running applications and services with reduced privileges, and adding defensive layers. It’s possible these changes could cause some applications to break.
Web applications could also be affected, as Internet Explorer will be configured not to allow pop-up windows and with more restrictive settings for local content. Microsoft says controls and dialogues will also be rewritten in an effort to reduce the chances of users unwittingly installing spyware or other malware on their computers.
Most changes, however, will affect desktop applications. Networking changes include enabling XP’s firewall by default, RPC interface restrictions, and introducing access controls for DCOM.
Microsoft says software that needs to accept inbound IP connections should ask the user for permission at install time. Use of the RPC and DCOM ports, which have been the target of recent worms, is discouraged, and RPC access will be blocked in the firewall’s default installation.
The company is also planning memory protection features in the service pack, using the execution protection (NX) flag on chips that support it. Microsoft warns that software that generates dynamic code, such as just-in-time (JIT) runtimes, may not work on systems that support NX. The .Net runtime is not affected.
A technote outlining the changes is available on the MSDN website. Microsoft hasn’t announced a release date for service pack 2, which could include other changes that affect existing applications.