The first security update for Windows Server 2003

The first security update for Windows Server 2003

This week Microsoft released the first hotfix for the Windows Server 2003 family -- MS03-020. This hotfix addresses a security issue with Internet Explorer Versions 5.01, 5.5 and 6.0. The

    Requires Free Membership to View

    Login

    SearchSecurity.com members gain immediate and unlimited access to breaking industry news, virus alerts, new hacker threats, highly focused security newsletters, and more -- all at no cost. Join me on SearchSecurity.com today!

    Michael S. Mimoso, Editorial Director

    By submitting your registration information to SearchSecurity.com you agree to receive email communications from TechTarget and TechTarget partners. We encourage you to read our Privacy Policy which contains important disclosures about how we collect and use your registration and other information. If you reside outside of the United States, by submitting this registration information you consent to having your personal data transferred to and processed in the United States. Your use of SearchSecurity.com is governed by our Terms of Use. You may contact us at webmaster@TechTarget.com.

exploitation of the named vulnerability grants the attacker the ability to run code on the victim's computer. Microsoft has assigned a rating of critical to this issue. Thus, while the vulnerability is not focused on the core elements of Windows Server 2003, it does reveal that Microsoft's new flagship network operating system still has a few kinks.

What I find most interesting about this hotfix is the propaganda around it. Microsoft claims that the presence of a hotfix for Windows Server 2003 is proof that the Trustworthy Computing initiative is working. Well, I guess in a way that is true. But only in the sense that they issued a patch quickly after discovering the problem. I also see this hotfix as a sign that the efforts behind Trustworthy Computing have not been as extensive as we were led to believe. The presence of such a basic flaw in a commonly used tool, namely Internet Explorer, shows that the code review was not as detailed or thorough as it should have been or was claimed to have been.

I'm not saying that Trustworthy Computing is a flop. But I am saying that we as a technical community should not place our hopes for security on Microsoft or on any single vendor; especially if they have a track record of releasing products with problems and spinning the information about those problems to place themselves in a better light.

About the author
James Michael Stewart is a partner and researcher for ITinfopros, a technology-focused writing and training organization.

For more information, visit these resources:

This was first published in June 2003

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.

Back to top