09.17.09
Gemini version available ♊︎Windows Server 2003 — Just Like Windows XP — Gets Neglected by Microsoft
Done so soon or gone too soon?
Summary: While Windows XP is not supported for security anymore, Windows Server 2003 development stops too
MICROSOFT has not only laid off many employees but it also lost many key developers [19], who were familiar with important code. That is one theory and possible explanation for the fact that XP is left vulnerable from now on; Microsoft has more or less given up on patching it.
“Those two releases, namely XP and Server 2003, come as a pair.”Servers are more sensitive than desktops to intrusion; their function makes them a more serious victim when compromised (affecting people whom they serve or served). It is therefore interesting to read about XP’s cousin, Windows Server 2003, never ever getting a third Service Pack like XP. This is surprising to some. Mary Jo Foley has some more details and implications for security may be tied to the fact that XP is left vulnerable. Those two releases, namely XP and Server 2003, come as a pair. Users/customers will be pressured to move to Vista or its sibling ‘edition’ for servers, which is terrible [1-16].
In other news, the Windows-only spyware from Sears is to be deleted along with the data it collected.
US retailer Sears has been ordered to destroy all the customer data it collected from a piece of online tracking software that consumer regulator the Federal Trade Commission (FTC) said was unfairly used.
The FTC said that while customers had been warned that, once downloaded, software would track their browsing, it had in fact tracked browsing on third party websites, secure browsing including banking and transactions and even some non-internet computer activity.
Does it run under Wine? Hopefully not. █
______
[1] Microsoft Investigating LocalSystem Access Bug
Users on a given system can elevate their access privileges to LocalSystem in Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008, Sisk explained in an e-mail. It could cause havoc by giving an authenticated user inappropriate write, delete, and change privileges.
[2] Microsoft warns of web server flaw
The company has issued an advisory on the vulnerability, which affects Windows XP Professional SP2, Windows Server 2003, Windows Vista and Windows Server 2008.
[...]
“The web server is widely used on the internet, and is a top pick by web-hosting providers. We might see web-hosting providers targeted, and their clients’ websites breached.”
[3] Microsoft investigates new Windows zero-day flaw
Bill Sisk, security response communications manager for Microsoft, said in an email Thursday evening that the flaw allows for privilege escalation from authenticated user to LocalSystem in Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008.
[4] Critical patches coming for Vista, Server 2008
This month’s Patch Tuesday fixes will include critical fixes for Microsoft’s flagship operating systems, the company has warned.
[5] Microsoft officially 425 years behind the times
It’s not just Excel and Exchange that ignore the Gregorian calendar. The Reg has also confirmed that SQL Server 2008, Windows Small Business Server, and Windows Mobile are ignorant as well.
[6] The meaning of Microsoft Server 2008
Server 2008 looks like a bit of an odd duck – it doesn’t meet the promises made for “Longhorn” and “Blackcombe”, it’s probably neither more reliable nor more efficient than its 64 bit 2003/XP based predecessors, and unlike Vista (with which it shares some code) the kernel changes amount to rather more than just another point release in the NT schedule.
[...]
And that, I think, reflects Microsoft’s other strategic concern: that MacOS X and Linux bracket Microsoft’s market and are both reaching out to the people in the middle – the managers and MCSE decision makers who now consider Apple too consumer oriented and Linux too technical.
[7] Hyper-V isn’t the only Windows Server 2008 virtualization solution that’s lagging
But it’s not just Microsoft’s own Hyper-V that isn’t quite ready for prime-time. Several other virtualization products from Microsoft’s competitors and partners aren’t 100-percent enterprise-ready, either, at this point.
[8] There’s no Windows Server 2008 SP1 in the works. Here’s why
Chalk that abnormality up to Microsoft’s ongoing attempt to more closely synchronize its Windows client and Windows server releases. Because Windows client and server are built from the same core and thus get patched with many of the same updates and fixes, Windows Server 2008 and Windows Vista SP1 are now “on par.”
[9] Hyper-V in Server 2008 RTM doesn’t like non-US locales
Annoying. Yes, it is mentioned in the release notes – but what if Hyper-V beta had required you to set a non-US locale at install time? Do you think Microsoft would have flagged this problem more prominently?
[10] Microsoft cuts Windows virtualization features
The company is changing three key features of the hypervisor technology to try to stick to its schedule of releasing the technology within 180 days of completing its Windows Server “Longhorn” operating system, due to be finalized before the end of the year.
[11] Microsoft web developers branded pants
The strokers of beards and Volish nay-sayers have been claiming that reason is Windows Server 2008. They claim this on the very safe assumption that since Microsoft installed it, vole.com has been running like a condemned man with his legs cut off on his way to his own execution.
I asked Jason about Windows Server’s newfound security: “The first time I heard about this new feature,” he said, “I thought it was clearly a response to Linux.
Windows Server 2008 isn’t quite there yet, according to Jason’s tests.
[13] Windows server URL sends you to Apple
TYPE IN windowsserver2008.com into your browser and after it thinks a bit, it takes you straight to the Apple site.
[14] What will run on Windows Server 2008 — and when
Are we in for a Windows-Vista-like experience, where even some of Microsoft’s own applications didn’t work with its new operating system for weeks, if not months?
[...]
A number of Microsoft server apps that won’t support Windows Server 2008 until the latter half of 2008, when service packs providing Server 2008 compatibility are released.
[15] Windows Server 2008 Delayed, Again
Already, Microsoft delayed SQL Server 2008 availability until later in 2008, even though the software launches with the new version of Windows Server.
[16] It’s Official: An Unofficial Delay
Microsoft isn’t characterizing the launch announcement as a ship delay, which is possible because of the “2008″ nomenclature and the likelihood that the software will be released to manufacturing this year. My guess is that will happen around November, unless there are unforeseen development problems.
[17] More than half of Microsoft Vista needs re-writing
Up to 60% of the code in the new consumer version of Microsoft new Vista operating system is set to be rewritten…
[18] Microsoft admits Vista screwed – report
Vista SP1 is code named “Fiji”, presumably after a pretty looking island which is paralysed by coups.
In a statement regarding the service pack Microsoft admits that Vista has “high impact” problems.
[19] MS Insider: The Office Crew Isn’t Smart Enough to Supplant Real Windows Developers
“With Alchin retiring, MarkL and MarkZ, two of the most talented architects in MS already having left, the picture gets really ugly for the Windows division,” my friend claimed, and the BV’s core team members, Ian McDonald, Jack Mayo, Todd Wanke, Clyde Rodriguez and others are starting to connect the dots.
[...]He concluded ominously. “A trainwreck of biblical proportions looms. Pick a good seat on the sidelines, trainwrecks this large take awhile to complete. Vista may be the last MS OS for some time to come, especially if Cutler decides to play hardball.”
ᶃ Gemini Space
This post is also available in 
Content is available under CC-BY-SA
Yuhong Bao said,
September 17, 2009 at 3:11 pm
BTW, for your information, here is a link to MS’s Support Lifecycle policies as it applies to all MS products, including Windows 2000 and later:
http://support.microsoft.com/lifecycle/
Roy Schestowitz Reply:
September 17th, 2009 at 3:18 pm
Some say Microsoft can be sued for false advertising (regarding the support duration of XP).