Windows 2000 SP2, IIS Security Patch Issued
Microsoft this week issued the second service pack for Windows 2000. SP2 includes a slew of fixes for the operating system itself, networking and directory services.
Microsoft this week issued the second service pack for Windows 2000. SP2 includes a slew of fixes for the operating system itself, networking and directory services. But in issuing this new release, Microsoft highlights two encryption updates. The first is automatic upgrade of Windows 2000 servers to 128-bit encryption upon installation of the service pack; the encryption can not be removed through deinstallation. SP2 also has high encryption support for Windows 2000 encryption-based services, including Kerberos, Encrypting file System, CryptoAPI, and IPSec. Microsoft says that this service pack is not required.
Following the release of Win2K SP2, ENTmag.com reports that Microsoft released an IIS security patch to fix code execution, denial of service, and information disclosure vulnerabilities that have been plaguing companies using IIS 4.0 and IIS 5.0. These security patches will be added to Windows 2000 Service Pack 3.
To download Windows 2000 Service Pack 2, go to http://www.microsoft.com/windows2000/downloads/servicepacks/sp2/default.asp.
To read about the IIS security patch, go to ENTmag.com, http://www.entmag.com/breaknews.asp?ID=4514.