Reports are suggesting that support for revamped memory protection in Win XP SP2 will fail to block a common type of security attack, and Microsoft does not that like at all. They are downplaying the significance of such claims, despite Alexander Anisimov of Russian security firm Positive Technologies last week publishing a paper that shows how the data execution protection (DEP) and heap overflow protection features that were so boasted about in SP2 can be defeated.
Positive Technologies said it discovered the problem in October 2004, notified Microsoft in December and went public last week. In a statement, Microsoft said that "early analysis" indicates that attempts to bypass its newly-introduced memory protection technology are "not a security vulnerability". It said it never claimed the technology was foolproof.
This technology is in fact only limited to a small number of processors, such as AMD K8, Intel Itanium and some Xeon processors, and may in fact not even work properly at all. Nevertheless, this should not stop you from installing SP2 without delay.