News

Security Patch Leads to W2K Instability

Microsoft Corp. issued a stern self-admonishment over the weekend for a botched security patch that contained errors leading to Windows 2000 system instabilities.

The tone reflects Microsoft's awareness of the tense and critical atmosphere among customers and analysts about the software company's security practices.

"Microsoft deeply apologizes for any problems this has caused. We assure you that a thorough investigation is being conducted into the cause of this problem and aggressive steps are being taken to prevent it from happening again," the company wrote in a security bulletin sent out Friday to explain the problems with the patch that was posted the previous day.

The original patch for Microsoft Security Bulletin MS01-52, released Oct. 18, addressed a vulnerability that left Windows NT 4.0 and Windows 2000 systems open to a denial of service attack.

Embarrassingly enough for Microsoft, the patch was an early example of the company's new security bulletin system, which now ranks the severity of vulnerabilities. It merited a low risk ranking over the Internet and represented a "moderate risk" for intranets.

An attacker could exploit the vulnerability by sending malformed data to a port used by the multi-user terminal services component of the Windows server operating systems. (See related story about the bulletin).

The Windows NT 4.0 patch had no errors and was reposted to the download site, according to the second bulletin on Friday. Microsoft reported that teams worked around the clock to rebuild the Windows 2000 patch, which was reposted Monday.

Heavy criticism has been leveled against Microsoft's security system in recent months as a series of destructive worms have taken down Microsoft servers worldwide.

A recent bulletin from the analyst firm Gartner encouraged enterprises to consider replacing Microsoft's Web server, IIS, with competitive products such as Sun-Netscape's iPlanet or the open-source Apache due to the Microsoft platform's chronic security problems.

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.

Featured

  • AI, IoT and Machine Learning To Challenge Traditional Networking

    The next phase of networking will depend on IT learning to wrangle modern technologies in ways that simplify operations and help humans make decisions, according to a new report by Cisco.

  • Coming in 2020: .NET 5, The Next Phase of Microsoft's .NET Framework

    .NET 5 (no "Core" and no "Framework") will mark the transition from the aging, proprietary, Windows-only .NET Framework to a modern, open source, cross-platform .NET.

  • What Computing Will Look Like in 2030: Top 5 Tech Predictions for the Next Decade

    For better or worse, the next 10 years will bring more intelligent devices to more areas of our daily lives. From the proliferation of AI to what that means for user privacy, here are Brien's tech predictions for 2020 and beyond.

  • Azure Arc: A Deeper Look at Microsoft's Multicloud Play

    Arguably one of Microsoft's biggest announcements this year was the introduction of Azure Arc at Ignite. But is this really a game-changer or is Microsoft just falling for the multicloud buzz?

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.