Windows Server 2003: Shots are being fired

Windows Server 2003: Shots are being fired

There have been several interesting developments in the last week or so in regards to Microsoft and its new flagship product Windows Server 2003. At least two critical vulnerabilities have been discovered. One of these problems is focused on DirectX implementation and the other RPC. Both are serious, and both demand that you respond immediately and apply the patch (

    Requires Free Membership to View

    Login

    SearchSecurity.com members gain immediate and unlimited access to breaking industry news, virus alerts, new hacker threats, highly focused security newsletters, and more -- all at no cost. Join me on SearchSecurity.com today!

    Michael S. Mimoso, Editorial Director

    By submitting your registration information to SearchSecurity.com you agree to receive email communications from TechTarget and TechTarget partners. We encourage you to read our Privacy Policy which contains important disclosures about how we collect and use your registration and other information. If you reside outside of the United States, by submitting this registration information you consent to having your personal data transferred to and processed in the United States. Your use of SearchSecurity.com is governed by our Terms of Use. You may contact us at webmaster@TechTarget.com.

MS03-026 and MS03-030). The RPC bug is so serious that several experts claim that a worm exploiting this vulnerability could easily outpace the speed and total number of infects of Code Red by a factor of 10 or more.

Another issue that I find extremely interesting is that a team of Swiss researchers have discovered a means to crack a Windows password in about 13 seconds, surpassing the group's previous record by more than 90 seconds per password. The group discovered or developed a password-cracking scheme that takes advantage of the means by which Windows encrypts and stores passwords. Windows always encrypts using the same encryption scheme and always stores the passwords in the same manner, method and format. This rigidity has led to an inherent vulnerability in the password protection implementation that these researchers have exploited. Unfortunately, without a change to the Windows security accounts storage mechanism, there is no countermeasure or workaround for this new exploit.

One last item of interest: Microsoft has dropped its limitations on liability for customers. In fact, if a customer is sued over the disclosure of intellectual property because of flaws in Microsoft products, Microsoft will pay for all related legal bills. This is a significant change to the liability clause in previous license agreements. Experts doubt this change will result in Microsoft shelling out millions. Especially since even under the previous liability restrictions, not a single customer has been able to show intentional oversight or gross negligence on the part of Microsoft's products.

About the author
James Michael Stewart is a partner and researcher for ITinfopros, a technology-focused writing and training organization.

For more on this topic, visit these resources:

This was first published in July 2003

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.

Back to top