Home > Windows > Microsoft Investigates Windows Server Flaw Microsoft Investigates Windows Server Flaw Submitted by Tudy 2004-12-01 Windows 27 Comments Microsoft is investigating a security flaw in Windows server software that could allow an attacker to gain complete control over systems running the software, the company says. About The Author Eugenia Loli Ex-programmer, ex-editor in chief at OSNews.com, now a visual artist/filmmaker. Follow me on Twitter @EugeniaLoli 27 Comments 2004-12-01 10:51 pm Flaw is in WINS server, which is off by default and not usually used on internet facing servers. I know how people don’t like to RTFA. 2004-12-01 11:22 pm Let us stop counting. These news of windows flaws are boring now. We get one every week, maybe more. My question is: What is the point? 2004-12-01 11:59 pm So the Microsoft-haters can notch their bedposts. 2004-12-02 12:15 am >>Let us stop counting. These news of windows flaws are boring now. We get one every week, maybe more. My question is: What is the point?<< One point: A lot of prospective clients of the software company I work for ask if they can run our software on their existing windows flavour server and have internet access and email, etc. Of course they can, but… we point out the problems with running their business critical software on a windows server, especially if that server is exposed to the internet. So these reports of flaws in MS software get added to our list of reasons it would be a good idea to migrate to something more robust, easier to maintain and secure, etc, etc. Our suggestion is RHL for a number of reasons in addition to the growing list of flaws in MS windows products. 2004-12-02 12:31 am There isn’t much in the way of news coming out MS except for an occasional comment by Balmer on the state of the IT industry. 2004-12-02 12:47 am ya so you microsofties can come up with silly excuses like security isnt a MS problem, its user problem or user process or such kind of high sounding crap For people like me who do work with Microsoft technology daily we have no problem admitting there is a security problem with MS. For years they never gave it a second thought. Thats bound to cause some long term effects on the products. I’d also say that yes security is a user problem and its a user process. Its a user problem because most users don’t know about security so for them its a major problem. It is also a process because the only way a user can be secure on any platform is through education on the use of the platform. That applies to *nix or any OS. 2004-12-02 1:00 am With the constant barrage of security problems and exploits that come with Microsoft products, when does the risk of losing sensitive data bring the TCO high enough to be comparable to migrating software (rewriting if necessary) to another, more secure product? 2004-12-02 1:25 am ya so you microsofties can come up with silly excuses like security isnt a MS problem, its user problem or user process or such kind of high sounding crap Most of the time it is (something, I might add, that applies to all OSes). 2004-12-02 1:28 am Most of the time it is (something, I might add, that applies to all OSes). —– like constant exploits in IE, broken by design security in outlook which auto executes scripts, macro viruses in words and so on? no way! 2004-12-02 1:53 am Who in hell does not know that windows is full of flaws. Is there still people out there thinking if they should change. If you are a simple user like me, I use whatever. If it works for what I need, Linux or Windows. I do not have a need to use openBSD or anythin like it. If your work is important(bussiness, high security needed), then the answer is more than obvious. So again, What is the point? 2004-12-02 2:11 am like constant exploits in IE, broken by design security in outlook which auto executes scripts, macro viruses in words and so on? no way! Uh what version of outlook are you running ? Outlook hasn’t auto run scripts in a good 3 years or longer. Sure you can turn it on if you want but it doesen’t just run anything you open. IE is a whole other can of worms. I won’t argue with you there. Word by default disables scripts in documents unless you specify otherwise. 2004-12-02 2:17 am All operating systems have flaws. Granted, some flaws are more pronounced and expoitable than others. I think we should leave flaming to politics and let the systems “speak-for-themselves”. 2004-12-02 2:33 am outlook – office 98. I am not prepared to shell out more cash to Ms. switched to openoffice now ” Word by default disables scripts in documents unless you specify otherwise.” not this version 2004-12-02 2:49 am like constant exploits in IE, That’s one. Simple solution, too – don’t use IE. broken by design security in outlook which auto executes scripts, No, it doesn’t. macro viruses in words and so on? Only if the user executes them. 2004-12-02 2:55 am outlook – office 98. I am not prepared to shell out more cash to Ms. switched to openoffice now Office98 ? I think you mean 97 but whatever. So you are making statements about security on software that is going on 8 years old ? I’m sure no one is going to argue with you there. Its a bit misleading considering things have drastically changed since Office 97 was released. 2004-12-02 3:14 am Not enalbed on workstations and only can be exploited on local net and not from internet…. 2004-12-02 3:20 am A: No one uses Wins anymore. It is been almost completely replaced by DNS. B: Lets not forget about how many critical security flaws there have been in BIND, which happens to be used by Linux and most other Unix like operating systems. 2004-12-02 4:06 am Why in the name of PASCAL do you people keep fighting over Windows. Yes, if you have ever used a computer u know how bad it can be. Yes people will argue that it doesnt happen anymore with XP. I get errors with XP and in Linux and in every mothertucker software I use (especially my own). Now. I dont consider these news and nothing to create this argument. I have only 1 year and 1/2 using Linux. I like it. I have tried some distribution. Many annoying things, but I wil not start cursing windows. My argument is going no where just like this argument about windows. 2004-12-02 5:02 am ‘B: Lets not forget about how many critical security flaws there have been in BIND, which happens to be used by Linux and most other Unix like operating systems.’ Yep and that’s why there are excellent alternatives for BIND available such as ldapdns, djbdns and powerdns. They’re all more or less on par with BIND regarding functionality. Same for Sendmail: Postfix and Qmail are excellent. I must say though that i agree, especially if the service is disabled by default and not used much anymore, its not a big problem. 2004-12-02 5:48 am And why on earth would you have your WINS server directly connected to the internet in the first place? Maybe you should go ahead and hook your PDC up outside your firewall too… 😐 2004-12-02 6:11 am Office98 ? Yes there is one like that : It is Office 98 for Macintoshes and I consider it most secure MS application ( since my G3 266 Mhz Mac OS 8.5.1 dows not connect to networks of any kind). 2004-12-02 6:37 am windows has the largest group of users (that know it) and more development jobs go to windows server than unix/linux. Although, Unix is still more popular in the server world. This will keep closing security holes after security holes just like any other OS, linux included. Usually people make a big deal over and exploit in a service that runs on Windows and not one over a service that runs on UNIX… Perhaps if Microsoft released their code as shared source (letting people actually see it!) more exploits can be fixed. I hate Windows Server but I love Windows XP. Man, do I hate Windows Server. I really do, I hope it dies. 2004-12-02 6:59 am no comment 2004-12-02 7:17 am Lesson to all you perspective programmers out there. Design Design Design! If your design your code will follow sucks, expect maintance problems, security bugs, memory leaks and etc. Make it easy on all of us and really put some time into a proper design of how you will solve “the problem at hand” and not just hobble something together. 2004-12-02 10:49 am but where’s the news? it ain’t nothing new that! 2004-12-02 4:01 pm WINS/NETBIOS was an IBM invention. MS used it… If MS would stop the “backwards” compatabilty problem there wouldn’t be som many security issues. Also, if you are a decent sysadmin your servers won’t be in any “default” mode… once you take away IE/OExpress and anything less that a locked down IIS5.0 your server vulnerability profile is way low. Who’s gonna run IE/OE on a server anyway? 2004-12-02 4:21 pm I think you meant illegitimate, not illegal. Extra-marital sex hasn’t been illegal for a long time. Well, unless you live in Oklahoma or something.