The good news: Microsoft has released a Windows Server update. The bad news: a January security patch for Windows 98 and Windows ME is flawed.
The Windows Server update is called the first major update to its Server 2003 operating system and was released for downloading March 30, with Microsoft saying it would begin showing up “soon” on new servers. It’s considered the basis for variations of Server 2003 and Windows XP, which go on sale in April and support 64-bit chips.
The benefits are said to include new security enhancements similar to those in Windows XP’s Service Pack 2 from last year, including built-in firewalls and a security configuration wizard that businesses can use to automate their machine lockdowns.
"That alone can save thousands and thousands of hours,” Microsoft senior director of Windows Server marketing Jeff Price told reporters. “It’s really going to make [customers’] lives dramatically easier from a security perspective. This is really the most comprehensive set of security enhancements we’ve delivered in a Windows Server service pack.”
The release to manufacturing of Service Pack 1 is also a milestone for Microsoft because it is the basis for variations of Windows Server 2003 and Windows XP that support 64-bit chips from Intel and AMD. Those operating systems will go on sale next month.
The bad news was that the flawed Windows 98/Windows ME security patch could cause performance trouble for customers who downloaded the patch when it was released in January, according to a discussion last weekend on the company’s TechNet site.
The patch was intended to resolve a flaw tied to cursor and icon formatting but doesn’t protect users of those two systems adequately, Microsoft has acknowledged. But the company isn’t telling people to uninstall the patch because that would leave them even more vulnerable.
"At this point, we have been able to confirm these reports and are currently working on a resolution," said Microsoft Security Response Center spokesman Jerry Bryant in a posting in the above-mentioned TechNet discussion. "Please note that by uninstalling the current update, the machine will return to a vulnerable state." He said Microsoft hasn’t heard of any system attacks that could be traced back to the flaw.