Microsoft Releases Major Windows Server 2003 Update

Microsoft released the full first service pack for Windows Server 2003 late Wednesday, emphasizing the server software update's security features and touting improvements in overall performance and reliability of as much as 50 percent, depending on overall workload. The update's main objective, says the company, is to "reduce customer pain centered on server security."

Windows Server 2003 Service Pack 1 is available for immediate download and was released to manufacturing on Wednesday, according to a company statement; the release is also available via the automatic Windows Update feature. Microsoft is offering differentiated versions for updating multiple servers and for Itanium-based servers; the company recommends using Windows Update to handle installation on single servers.

Also, the 64-bit versions of Windows Server 2003 and Windows XP Professional Edition were released to manufacturing, and end users can expect to see those first through Microsoft OEMs in late April, at around the same time that Microsoft unveils details of the 64-bit version of Windows Server 2003 at the WinHEC conference, the company said.

The SP1 release is primarily based around long-awaited security improvements that let system administrators lock down ports more easily, identify potential malicious users, and cut inbound connections while applying patches, among other capabilities. Also included as part of the software is the Windows Firewall version that first shipped with the SP2 update to Windows XP.

"With Windows Server 2003 Service Pack 1, our development team took the time to treat the root cause of many security issues, not just the symptoms. This service pack is very significant and should help address certain classes of exploits," said Bob Muglia, senior vice president of the Windows Server Division at Microsoft, in a statement.An interesting set of fixes in Windows Server 2003 SP1 targets end-user programs. The release includes updates to Internet Explorer that guard against automatic window resizing spoofs and malicious code, as well as an Outlook Express fix that lets users choose to render HTML e-mail as plain text and limit downloading of external HTML content, which can forestall user identification and executable schemes against mail recipients. Administrators can also choose lockdown features for IE from the server management console, according to Microsoft documents.

Among other key features in the SP1 release are:

Also included is a metabase auditing system for Internet Information Services, Windows Server 2003's built-in Web server, that lets administrators target potential incursions should the system's XML-based, hierarchical store of configuration information become corrupted.

Microsoft put the SP1 release through extensive testing with a wide range of server-based applications, according to the company's release, and Muglia urged administrators to install the update immediately. "Service Pack 1 is a major component of our overall strategy to help keep customers as secure as possible," Muglia said. "I encourage all of our Windows Server 2003 customers to deploy Service Pack 1."

However, it is likely that many Windows Server administrators -- particularly those who didn't experiment with any of the update's public release candidates -- will wait to test the server package against custom-built applications, as well as to assess bug reports from the Windows server community.0