Problem solve Get help with specific problems with your technologies, process and projects.

Windows Server 2003: Shots are being fired

Some recent security vulnerabilities were discovered in MS's newest Windows OS.

There have been several interesting developments in the last week or so in regards to Microsoft and its new flagship...

product Windows Server 2003. At least two critical vulnerabilities have been discovered. One of these problems is focused on DirectX implementation and the other RPC. Both are serious, and both demand that you respond immediately and apply the patch (MS03-026 and MS03-030). The RPC bug is so serious that several experts claim that a worm exploiting this vulnerability could easily outpace the speed and total number of infects of Code Red by a factor of 10 or more.

Another issue that I find extremely interesting is that a team of Swiss researchers have discovered a means to crack a Windows password in about 13 seconds, surpassing the group's previous record by more than 90 seconds per password. The group discovered or developed a password-cracking scheme that takes advantage of the means by which Windows encrypts and stores passwords. Windows always encrypts using the same encryption scheme and always stores the passwords in the same manner, method and format. This rigidity has led to an inherent vulnerability in the password protection implementation that these researchers have exploited. Unfortunately, without a change to the Windows security accounts storage mechanism, there is no countermeasure or workaround for this new exploit.

One last item of interest: Microsoft has dropped its limitations on liability for customers. In fact, if a customer is sued over the disclosure of intellectual property because of flaws in Microsoft products, Microsoft will pay for all related legal bills. This is a significant change to the liability clause in previous license agreements. Experts doubt this change will result in Microsoft shelling out millions. Especially since even under the previous liability restrictions, not a single customer has been able to show intentional oversight or gross negligence on the part of Microsoft's products.

About the author
James Michael Stewart is a partner and researcher for ITinfopros, a technology-focused writing and training organization.

For more on this topic, visit these resources:
This was last published in July 2003

Dig Deeper on Microsoft Windows security

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.