Microsoft has confirmed a vulnerability in the USB 2.0 driver of Windows XP Service Pack 2, which could cause laptops to consume more power than expected when using peripheral devices.
The flaw was discovered two weeks ago by an independent security expert. The vulnerability has been confirmed to affect Intel laptops running Windows XP Service Pack 2. Details related to this vulnerability have now been released. Intel denies that its chips and chipsets are related to this flaw, while Microsoft has acknowledged its responsibility in this matter.
In fact, Microsoft had previously issued a notification about this issue (Knowledge Base) back in July 2005; however, the notification was limited to PC manufacturers and partners, excluding general computer users. In this Knowledge Base article, Microsoft outlined several issues related to USB 2.0 that may prevent mobile processors from fully utilizing power-saving technology.
Security experts have also confirmed that the USB 2.0 vulnerability affects the Core Duo – Intel’s latest mobile processor that offers even greater energy efficiency than previous Pentium M versions. Tests have shown that the flaw impacts various Intel laptop models; however, there has been no confirmation regarding its effect on laptops equipped with AMD Turion or Athlon 64 chips.
Additionally, in the Knowledge Base, Microsoft proposed a possible solution, which involves modifying the USB 2.0 registry key. However, Microsoft later realized that the issue was more serious than initially thought and has since developed a separate patch (currently in progress).
According to an Intel representative, the severity of the issue depends on how USB 2.0 is handled in laptops. USB 2.0 relates to numerous components, including the operating system, central processor, chipset, and software… Intel is also working on a patch for this vulnerability.
Users of affected laptops are advised to contact their manufacturers for assistance. Some laptop manufacturers have implemented registry key modifications as per Microsoft’s notification; however, the effectiveness of these modifications may vary.
VH
