Microsoft claims SP1 will cure server security ills
Microsoft claims SP1 will cure server security ills
Microsoft has introduced its first Service Pack for its Windows Server 2003 (SP1), claiming that it provides customers with significant security enhancements as well as reliability and performance improvements.
The company says that SP1 builds on earlier security updates by addressing additional core security issues, by providing a reduced attack surface, better protected system services with stronger default settings, and reduced privileges.
"With Windows Server 2003 Service Pack 1, our development team took the time to treat the root cause of many security issues, not just the symptoms. This service pack is very significant and should help address certain classes of exploits," said Bob Muglia, senior vice president of the Windows Server Division at Microsoft.
Muglia added that SP1 is a major component of Microsoft's overall security strategy, and as such, the company wants to encourage all of its Windows Server 2003 customers to deploy it.
"We consistently find that customers look forward to a first service pack after a product release to bolster the security of the Windows environment," said Al Gillen, research director for system software at IDC. "In the case of Windows Server 2003 SP1, Microsoft has brought forward not just the normal collection of updates, but several tools that promote more-secure network configuration and a streamlined way to administer the latest security releases."
The new functionality in SP1 includes a Security Configuration Wizard, which reduces the attack surface by gathering information about specific server roles, then automatically blocking all services and ports not needed to perform those roles.
It also includes a Windows Firewall, giving customers network-wide control through Group Policy and serving as a host (software) firewall around each client and server computer on a customer's network.
Finally, the PSSU (Post-Setup Security Updates) in SP1 addresses the vulnerable period between between the installation of servers and application of the latest security updates. SP1 blocks all inbound connections to the server after installation until Windows Update has delivered the latest security updates to the new computer.
Related Article:
Microsoft tempers Exchange letdown with anti-spyware beta release