The first security update for Windows Server 2003

This week Microsoft released the first hotfix for the Windows Server 2003 family -- MS03-020. This hotfix addresses a security issue with Internet Explorer Versions 5.01, 5.5 and 6.0. The

    Requires Free Membership to View

    Login

exploitation of the named vulnerability grants the attacker the ability to run code on the victim's computer. Microsoft has assigned a rating of critical to this issue. Thus, while the vulnerability is not focused on the core elements of Windows Server 2003, it does reveal that Microsoft's new flagship network operating system still has a few kinks.

What I find most interesting about this hotfix is the propaganda around it. Microsoft claims that the presence of a hotfix for Windows Server 2003 is proof that the Trustworthy Computing initiative is working. Well, I guess in a way that is true. But only in the sense that they issued a patch quickly after discovering the problem. I also see this hotfix as a sign that the efforts behind Trustworthy Computing have not been as extensive as we were led to believe. The presence of such a basic flaw in a commonly used tool, namely Internet Explorer, shows that the code review was not as detailed or thorough as it should have been or was claimed to have been.

I'm not saying that Trustworthy Computing is a flop. But I am saying that we as a technical community should not place our hopes for security on Microsoft or on any single vendor; especially if they have a track record of releasing products with problems and spinning the information about those problems to place themselves in a better light.

About the author
James Michael Stewart is a partner and researcher for ITinfopros, a technology-focused writing and training organization.

For more information, visit these resources:

This was first published in June 2003

Join the conversationComment

Share
Comments

    Results

    Contribute to the conversation

    All fields are required. Comments will appear at the bottom of the article.

    Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.

    Back to top