[ISN] Windows 2000 security fixes released

From: InfoSec News (isnat_private)
Date: Thu Jan 31 2002 - 02:10:42 PST

  • Next message: InfoSec News: "[ISN] FBI Raid Silences Teen Anarchist's Site"

    http://news.com.com/2100-1001-826495.html
    
    By Joe Wilcox 
    Staff Writer, CNET News.com
    January 30, 2002, 2:40 PM PT
    
    Microsoft on Wednesday issued an important collection of security
    fixes for Windows 2000.
    
    The release of the 17MB downloadable Windows 2000 Security Rollup
    Package (SRP1) comes as Microsoft steps up its emphasis on security.  
    In an e-mail to Microsoft's 47,000 employees earlier this month,
    Chairman Bill Gates called for putting security ahead of adding new
    features to products.
    
    Among the fixes: several denial-of-service and buffer-overflow
    patches, telnet and file-transfer protocol tweaks and
    authentication-error repairs, among others.
    
    SRP1 is a cumulative collection of security fixes released since
    Microsoft issued Windows 2000 Service Pack 2 in May. Service packs are
    collections of fixes and enhancements periodically released for
    Windows. Service Pack 3 for Windows 2000 is currently in beta testing.
    
    Given the increased emphasis on security, and the amount of time since
    the last service, the release of the security fixes is appropriate,
    say analysts.
    
    "I think it's good, but how well it's accepted depends on how much the
    word gets out," Technology Business Research analyst Bob Sutherland
    said.
    
    In October, Microsoft unveiled the Strategic Technology Protection
    program, for the purpose of getting out consolidated security fixes to
    its customers. At the same time, the company said that with the
    release of Service Pack 3, it would significantly beef up Windows
    2000's security features and the OS's capability to receive new
    updates.
    
    The newer Windows XP, by contrast, already has built-in plumbing that
    lets the system quickly receive security and bug fixes. With the new
    OS, officially launched Oct. 25, Microsoft made the Windows Update
    feature more automatic. With older Windows versions, including 2000,
    people had to go out to a Web site to retrieve enhancements or fixes.  
    With XP, updates can be retrieved automatically and installed when the
    user is ready.
    
    Microsoft's ability to quickly deliver timely security fixes or
    updates for Windows 2000 could be crucial for thousands of businesses
    deploying the operating system. While XP is gaining ground with
    consumers, businesses are holding to their Windows 2000 adoption
    plans. Gartner estimates that only about 16 percent of PCs sold to
    businesses this year will have XP; more than 40 percent are expected
    to pack Windows 2000.
    
    Still, Microsoft faces a host of challenges as it tries to knuckle
    down on security. The company has been besieged with a host of recent
    glitches affecting Excel and PowerPoint, secure digital content,
    Windows XP and Internet Explorer, among other products.
    
    But security experts and analysts praised Microsoft's newfound
    emphasis on security.
    
    "Microsoft's announcement they're all about security is definitely
    reflective of the final acknowledgement they have serious problems
    both internally and externally," Sutherland said.
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
    of the mail.
    



    This archive was generated by hypermail 2b30 : Thu Jan 31 2002 - 06:05:42 PST