Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Microsoft Ships Windows Server 2003 SP1 Release Candidate

Microsoft on Monday debuted an almost-finished version of the first service pack for its Windows Server 2003 software, and like October's SP2 for the desktop Windows XP OS, stressed security in the update.

"This is more than the typical service pack," said Michael Cherry, an analyst with Directions on Microsoft, a Redmond, Wash.-based research group that specializes in tracking Microsoft's moves. "It has changes, some new features, not just a roll-up of previously-released security patches."

In that regard, Cherry said, the release candidate of Windows Server 2003 Service Pack 1 (SP1) is very much like the security-conscious Windows XP Service Pack 2 (SP2).

"SP1 includes those changes to XP SP2 that makes sense on the server side," Cherry said, including Data Execution Prevention (DEP), which is what was once called "no execute" or NX. DEP reduces the chance of an attack causing a buffer overflow, a now-common tactic by hackers to gain control of systems.

Other changes in Windows Server 2003 SP1 that resemble Windows XP SP2 range from revamped security on the vulnerable DCOM and RPC protocols (which were exploited by 2003's MSBlast worm) to a more secure Internet Explorer. SP1 also automatically blocks all incoming network traffic to a new server until the latest patches are downloaded and installed, a technique used to ensure that fast-acting network-attacking worms can't infiltrate an exposed server.

  • 1