The first security update for Windows Server 2003

A recent hotfix might signal that Microsoft's security issues are not behind them.

This week Microsoft released the first hotfix for the Windows Server 2003 family -- MS03-020. This hotfix addresses a security issue with Internet Explorer Versions 5.01, 5.5 and 6.0. The exploitation of the named vulnerability grants the attacker the ability to run code on the victim's computer. Microsoft has assigned a rating of critical to this issue. Thus, while the vulnerability is not focused on the core elements of Windows Server...

2003, it does reveal that Microsoft's new flagship network operating system still has a few kinks.

What I find most interesting about this hotfix is the propaganda around it. Microsoft claims that the presence of a hotfix for Windows Server 2003 is proof that the Trustworthy Computing initiative is working. Well, I guess in a way that is true. But only in the sense that they issued a patch quickly after discovering the problem. I also see this hotfix as a sign that the efforts behind Trustworthy Computing have not been as extensive as we were led to believe. The presence of such a basic flaw in a commonly used tool, namely Internet Explorer, shows that the code review was not as detailed or thorough as it should have been or was claimed to have been.

I'm not saying that Trustworthy Computing is a flop. But I am saying that we as a technical community should not place our hopes for security on Microsoft or on any single vendor; especially if they have a track record of releasing products with problems and spinning the information about those problems to place themselves in a better light.

About the author
James Michael Stewart is a partner and researcher for ITinfopros, a technology-focused writing and training organization.


For more information, visit these resources:
This was first published in June 2003
This Content Component encountered an error

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close