This week Microsoft released the first hotfix for the Windows Server 2003 family -- MS03-020. This hotfix addresses a security issue with Internet Explorer Versions 5.01, 5.5 and 6.0. The
What I find most interesting about this hotfix is the propaganda around it. Microsoft claims that the presence of a hotfix for Windows Server 2003 is proof that the Trustworthy Computing initiative is working. Well, I guess in a way that is true. But only in the sense that they issued a patch quickly after discovering the problem. I also see this hotfix as a sign that the efforts behind Trustworthy Computing have not been as extensive as we were led to believe. The presence of such a basic flaw in a commonly used tool, namely Internet Explorer, shows that the code review was not as detailed or thorough as it should have been or was claimed to have been.
I'm not saying that Trustworthy Computing is a flop. But I am saying that we as a technical community should not place our hopes for security on Microsoft or on any single vendor; especially if they have a track record of releasing products with problems and spinning the information about those problems to place themselves in a better light.
About the author
James Michael Stewart is a partner and researcher for ITinfopros, a technology-focused writing and training organization.
For more information, visit these resources:
- News & Analysis: State of the overhaul -- Microsoft updates patch progress
- News & Analysis: Windows Server 2003 gets first patch
- Web Security Tip: Web security benefits from Windows Server 2003
This was first published in June 2003