Less than two months after launching its Windows Server 2003 operating system, Microsoft has released a security patch to fix a vulnerability that could let malicious sites run damaging code on the server. Although security experts--even those at Microsoft itself--had pointed to the company's latest server OS as the first test of the software giant's massive Trustworthy Computing initiative, representatives maintained that the patch did not mean the release had been a failure in its security practices.
"It actually highlights positive progress in Trustworthy Computing," said Microsoft's U.K. security chief, Stuart Okin, explaining that Server 2003 is significantly hardened in comparison to previous versions of Windows.
The vulnerability has less effect on Server 2003 because it relies on services that are switched off by default in that version of Windows, explained Okin. Earlier versions of Windows have services switched on by default, which can be used to form part of an attack. The company has already issued tools to lock down previous versions of Windows, but these are not universally applied.
View: The full story
News source: c|net