Microsoft Releases Major Windows Server 2003 Update

The first service pack for the server software includes numerous security fixes, as well as application updates to Internet Explorer and Outlook Express -- all meant to "reduce customer pain

March 31, 2005

3 Min Read
Network Computing logo

Microsoft released the full first service pack for Windows Server 2003 late Wednesday, emphasizing the server software update's security features and touting improvements in overall performance and reliability of as much as 50 percent, depending on overall workload. The update's main objective, says the company, is to "reduce customer pain centered on server security."

Windows Server 2003 Service Pack 1 is available for immediate download and was released to manufacturing on Wednesday, according to a company statement; the release is also available via the automatic Windows Update feature. Microsoft is offering differentiated versions for updating multiple servers and for Itanium-based servers; the company recommends using Windows Update to handle installation on single servers.

Also, the 64-bit versions of Windows Server 2003 and Windows XP Professional Edition were released to manufacturing, and end users can expect to see those first through Microsoft OEMs in late April, at around the same time that Microsoft unveils details of the 64-bit version of Windows Server 2003 at the WinHEC conference, the company said.

The SP1 release is primarily based around long-awaited security improvements that let system administrators lock down ports more easily, identify potential malicious users, and cut inbound connections while applying patches, among other capabilities. Also included as part of the software is the Windows Firewall version that first shipped with the SP2 update to Windows XP.

"With Windows Server 2003 Service Pack 1, our development team took the time to treat the root cause of many security issues, not just the symptoms. This service pack is very significant and should help address certain classes of exploits," said Bob Muglia, senior vice president of the Windows Server Division at Microsoft, in a statement.An interesting set of fixes in Windows Server 2003 SP1 targets end-user programs. The release includes updates to Internet Explorer that guard against automatic window resizing spoofs and malicious code, as well as an Outlook Express fix that lets users choose to render HTML e-mail as plain text and limit downloading of external HTML content, which can forestall user identification and executable schemes against mail recipients. Administrators can also choose lockdown features for IE from the server management console, according to Microsoft documents.

Among other key features in the SP1 release are:

  • A Security Configuration Wizard that lets server administrators assess specific server roles and cut out ports and services not needed for a given server to perform.

  • Post-Setup Security Updates (PSSU), Microsoft's new system for temporarily disabling connections to servers while the automatic Windows Update feature sends patches and security updates for installation.

  • Stiffened authentication procedures for remote procedure call (RPC) and Distributed Component Object Model (DCOM) services, whose basic essence -- allowing remote calls to or launching of programs across a network to another machine -- have made them the frequent target of malicious hackers using such exploits as the MS Blaster worm.

  • Support for "no execute" hardware from companies such as Intel and Advanced Micro Devices that prevents, at the processor level, malicious code from launching attacks from areas of computer memory that should have no code running in it.

  • And a system known as Network Access Quarantine Control that lets administrators identify out-of-date virtual private network accounts and assets.

Also included is a metabase auditing system for Internet Information Services, Windows Server 2003's built-in Web server, that lets administrators target potential incursions should the system's XML-based, hierarchical store of configuration information become corrupted.

Microsoft put the SP1 release through extensive testing with a wide range of server-based applications, according to the company's release, and Muglia urged administrators to install the update immediately. "Service Pack 1 is a major component of our overall strategy to help keep customers as secure as possible," Muglia said. "I encourage all of our Windows Server 2003 customers to deploy Service Pack 1."

However, it is likely that many Windows Server administrators -- particularly those who didn't experiment with any of the update's public release candidates -- will wait to test the server package against custom-built applications, as well as to assess bug reports from the Windows server community.0

SUBSCRIBE TO OUR NEWSLETTER
Stay informed! Sign up to get expert advice and insight delivered direct to your inbox

You May Also Like


More Insights