Almost two weeks ago, Microsoft posted the final release of Windows Vista SP2 to its private servers. The only users able to download the service pack are Microsoft Connect subscribers (members of the closed beta program) and Technet and MSDN subscribers (paid account holders–accounts start in the $2500-range). The company has not released word on when the Vista SP2 release will be made available to all other users, but some reports indicate that the security and feature enhancement pack may not debut until June.
The gap between the private and public releases begs a nagging question: why is Microsoft withholding a significant update, which includes security enhancements relevant to all, in addition to functionality enhancements, from general users?
Not only does this delay keep the vast majority of systems vulnerable to exploits and deprive users of useful new features and performance enhancements, it also creates the potential for worse security exploits when the update is publicly released. Those with malicious intent will have likely already gained access to the final release, and found new methods of working around its more stringent security standards before users have even had a chance to update.
As written by “Colonel Michael,” a poster to Microsoft’s TechNet forums:
“It has been going on 2 weeks already since its release, and news articles are stating the probability that you will not release it to the public until June. The “leaked” product is already in the hands of those with malicious intent. By the time it reaches the large masses, the hacked computers, the zombie computers, will have already been updated with the “zombie fixes”. So when SP2 does get installed, the zombie masters will still maintain control of the computers”