TECH TIPS
Windows Server 2003: Shots are being fired
James Michael Stewart
07.29.2003
Rating: -3.80- (out of 5)
|
There have been several interesting developments in the last week or so in regards to Microsoft and its new flagship product Windows Server 2003. At least two critical vulnerabilities have been discovered. One of these problems is focused on DirectX implementation and the other RPC. Both are serious, and both demand that you respond immediately and apply the patch (MS03-026 and MS03-030). The RPC bug is so serious that several experts claim that a worm exploiting this vulnerability could easily outpace the speed and total number of infects of Code Red by a factor of 10 or more.
Another issue that I find extremely interesting is that a team of Swiss researchers have discovered a means to crack a Windows password in about 13 seconds, surpassing the group's previous record by more than 90 seconds per password. The group discovered or developed a password-cracking scheme that takes advantage of the means by which Windows encrypts and stores passwords. Windows always encrypts using the same encryption scheme and always stores the passwords in the same manner, method and format. This
To continue reading for free, register below or login
To read more you must become a member of SearchSecurity.com
rigidity has led to an inherent vulnerability in the password protection implementation that these researchers have exploited. Unfortunately, without a change to the Windows security accounts storage mechanism, there is no countermeasure or workaround for this new exploit.
One last item of interest: Microsoft has dropped its limitations on liability for customers. In fact, if a customer is sued over the disclosure of intellectual property because of flaws in Microsoft products, Microsoft will pay for all related legal bills. This is a significant change to the liability clause in previous license agreements. Experts doubt this change will result in Microsoft shelling out millions. Especially since even under the previous liability restrictions, not a single customer has been able to show intentional oversight or gross negligence on the part of Microsoft's products.
About the author
James Michael Stewart is a partner and researcher for ITinfopros, a technology-focused writing and training organization.
For more on this topic, visit these resources:
|
|
Rate this Tip
|
To rate tips, you must be a member of SearchSecurity.com.
Register now
to start rating these tips. Log in if you are already a member.
|
DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.
|
|
|
|
|
|
|
