[SECURITY-L] Windows 2000 security fixes released

[Daniela Regina Barbetti]

----- Forwarded message from Nelson Murilo <nelson em pangeia.com.br> -----

From: Nelson Murilo <nelson em pangeia.com.br>
Subject: [S] Windows 2000 security fixes released
To: seguranca em pangeia.com.br
Date: Fri, 1 Feb 2002 00:23:36 -0200


[http://news.com.com/2100-1001-826495.html]

By Joe Wilcox 
Staff Writer, CNET News.com
January 30, 2002, 2:40 PM PT

Microsoft on Wednesday issued an important collection of security
fixes for Windows 2000.

The release of the 17MB downloadable Windows 2000 Security Rollup
Package (SRP1) comes as Microsoft steps up its emphasis on security.  
In an e-mail to Microsoft's 47,000 employees earlier this month,
Chairman Bill Gates called for putting security ahead of adding new
features to products.

Among the fixes: several denial-of-service and buffer-overflow
patches, telnet and file-transfer protocol tweaks and
authentication-error repairs, among others.

SRP1 is a cumulative collection of security fixes released since
Microsoft issued Windows 2000 Service Pack 2 in May. Service packs are
collections of fixes and enhancements periodically released for
Windows. Service Pack 3 for Windows 2000 is currently in beta testing.

Given the increased emphasis on security, and the amount of time since
the last service, the release of the security fixes is appropriate,
say analysts.

"I think it's good, but how well it's accepted depends on how much the
word gets out," Technology Business Research analyst Bob Sutherland
said.

In October, Microsoft unveiled the Strategic Technology Protection
program, for the purpose of getting out consolidated security fixes to
its customers. At the same time, the company said that with the
release of Service Pack 3, it would significantly beef up Windows
2000's security features and the OS's capability to receive new
updates.

The newer Windows XP, by contrast, already has built-in plumbing that
lets the system quickly receive security and bug fixes. With the new
OS, officially launched Oct. 25, Microsoft made the Windows Update
feature more automatic. With older Windows versions, including 2000,
people had to go out to a Web site to retrieve enhancements or fixes.  
With XP, updates can be retrieved automatically and installed when the
user is ready.

Microsoft's ability to quickly deliver timely security fixes or
updates for Windows 2000 could be crucial for thousands of businesses
deploying the operating system. While XP is gaining ground with
consumers, businesses are holding to their Windows 2000 adoption
plans. Gartner estimates that only about 16 percent of PCs sold to
businesses this year will have XP; more than 40 percent are expected
to pack Windows 2000.

Still, Microsoft faces a host of challenges as it tries to knuckle
down on security. The company has been besieged with a host of recent
glitches affecting Excel and PowerPoint, secure digital content,
Windows XP and Internet Explorer, among other products.

But security experts and analysts praised Microsoft's newfound
emphasis on security.

"Microsoft's announcement they're all about security is definitely
reflective of the final acknowledgement they have serious problems
both internally and externally," Sutherland said.




----- End forwarded message -----