Microsoft Creates Security Bulletin Rating System
Microsoft launched a new security bulletin of the rating system, it said that the organization will provide it with information and advice to help them decide whether or not they need to apply for software patches.
Prior to this, Microsoft has installed by default to IT organizations, most of the patch update, it announced, regardless of whether an organization is not, it is actually being repaired by these loopholes. This has resulted in confusion and frustration of IT managers, who have been selected from the 60 security-related software patches in 1999 and 100 in 2000. Thus, so far, in 2001, Microsoft released 52 security-related software updates.
"They will usually tell you apply a patch, in any case, would have any effect on whether, in fact you are so that they can say, We told you install this If there are any circumstances, commented: "Bill tillson, Windows NT systems management business managers and primus mainframe solutions, in the just-concluded first round of the Code Red attack in July. "I am very sorry, but sometimes results [approach] is to make you doubt the importance of patch [general]." Microsofts security bulletin rating system intended to assess the seriousness of potential loopholes According to the Windows NT 4.0 or Windows 2000 Server or directly on the Internet located behind a firewall, or in an intranet, or is a client systems (Windows NT 4.0, Windows 2000 Professional, Windows XP), can be directly exposed to the Internet or located behind a firewall.
In each of the above response, Microsoft proposed to designate a "critical", "moderate" or "low" rating to the new vulnerability, because they are found. Severity rating will mainly depend on Microsoft said that according to the potential for damage - for example, refused service (D oS), the web site was tampered with, the system compromise, the disclosure of data, execution of arbitrary code, etc. - this can be considered with the successful use of a particular vulnerability in a specific context.
For example, the indexing service loopholes, and Code Red, and the subsequent version, the successful use may be assigned a "critical" rating for the Internet-oriented servers, the "key" or "moderate" rating in the server behind a firewall, and the "low" rating, the only system to customers (which, apart from a very few exceptions, are rarely deployed in IIS Web services).
At the same time, the spate of Internet Explorer software giant loophole repair nearly two weeks ago, is probably the "low" to "moderate" rating of the severity of the Internet and intranet-based server, but may be given a "critical" rating system for customers only.
Microsoft said it will initially be excluded from the information systems related to the severity of the environment and, from its announcement of the new security rating system, but said that it would like to include such information security bulletin release sometime in the future . IE flaw recently provided an example of why this information is very important. Windows NT 4.0 Terminal Services Edition, or Windows 2000 Server / Advanced Server System supports multiple client meetings, using Microsofts Terminal Services components are integrated as by the vulnerability of and. According to people Russ Cooper, editor-in-chief of Windows NT BugTraq mailing list, Microsofts new security bulletin of the rating system, and marked the downturn, of course, a range of software giant.
"Has been talk that Microsoft had no choice but to recommend that BO has been applied to every computer is afraid of the responsibility will fall on their heads if they said, this one is not really that important. "Cooper said. "Jerry Yang said that they did so, and said: We will take that risk. We are not always to the right, you must to be decided by you, but we will tell you. " In the aftermath of the Code Red and Nimda worms follow-up, industry observers urged to reconsider the role of the organization, they have been deployed illegal immigrants. Wrote in an advisory notice, the company Gartner Group analyst Joe very crowded, going so far as to remind customers consider dumping Gartners total.
"Gartner suggested that the two companies by the Code Red and Nimda immediately investigate alternatives, including mobile Web applications to the network server software from other vendors, such as iPlanet and Apache," he wrote.
Expected to a strong flow of defections from the Windows NT 4.0 / windows 2000 and IIS, Microsoft in the past two months, was certified to become more serious about the security branch operations, and its Windows NT 4.0 and Windows 2000 platform. Software giant introduced two security patches for checking tools, in early August, launched an illegal immigrant "lock" tool in late August 2000, and opened its rating system security bulletin last week.
Microsofts own efforts, in spite of this, the NT Bugtraq, Cooper said that many Windows administrators simply do not have the necessary knowledge and experience to fully protected and sharpen their Windows NT 4.0 and Windows 2000 systems.
"If you look at the NT or 2000, the average administrator is moving from desktop support, so when they do not have a lot of experience and knowledge," he says.
-
Top 10 Internet Security Trends for 2007-
Microsoft Pulls Together Promotional Mobile Admin Pack-
Virtualization Done Differently-
Salesforce.com Launches Summer '07 Release-
Microsoft, Kodak Near Settlement on Windows XP-
DVD-Only Distribution Planned for Exchange 12-
Microsoft-
Microsoft Names Chief Privacy Strategist-
THINKPIECE: Quality counts, especially in outsourcing-
Certification Nostalgia-
Honey, I Shrunk the IT Budget:
Companies Scaled Back W2K Rollouts in 2001-
Microsoft Gives Roadmap for 2002-
MIT Extends OpenCourseWare to High Schools-
NetIQ Ships Group Policy Administrator v5-
Microsoft Releases Open XML SDK-
Chinese Arrest Three in Wi-Fi Exam Cheating Caper-
A Peek Into the Sounds of Windows Vista-
Vista Market Share On Steady Growth Curve-
Evans Data Survey Finds NT-Based Workstations Popular-
Microsoft's Annual Report Touts .NET Initiative