Windows Server 2003 SP1 Now Available

by Alex Woodie

The day is finally here: Windows Server 2003 users have their big security update, just like users of Windows XP received last summer. Last week, Microsoft announced it released the security-oriented Windows Server 2003 Service Pack 1 (SP1) to manufacturing, which means it is available for download from Microsoft's Web site. As if that wasn't enough, the boys from Redmond also released to manufacturing two new versions of Windows designed to run on the extended 64-bit chips from Intel and AMD.

Organizations using any of the various Windows Server 2003 editions--including Standard, Enterprise, Small Business Server, Datacenter, and Web editions--would be wise to download and start testing SP1 for compatibility with existing systems as soon as possible. The new security features delivered with this update, which include a Security Configuration Wizard, support for hardware-based Data Execution Protection, and a Post-setup Security Update Wizard, should make servers more secure and provide better protection against hackers, Microsoft says.

"This service pack is very significant and should help address certain classes of exploits," said Bob Muglia, senior vice president of the Windows server division at Microsoft. "I encourage all of our Windows Server 2003 customers to deploy Service Pack 1."

The security-related enhancements Microsoft is delivering with Windows Server 2003 SP1 are based on the ones Microsoft delivered last summer with Windows XP SP2. One of the biggest enhancements Microsoft delivered with this release is the new Security Configuration Wizard, or SCW, which is used for configuring Windows Firewall (which was formerly called Internet Connection Firewall, and is now turned on by default) and for creating security templates to lock down the server based on how it's being used. The wizard asks the Windows Server 2003 SP1 administrator questions about the role the server plays, and then stops all services and blocks ports that aren't necessary to perform those roles.

The new Data Execution Prevention (DEP) feature in Windows Server 2003 SP1 supports the "no execute" capability in the latest X86 processors from AMD and Intel. This feature protects against some buffer overflow attacks and other types of malicious code by performing additional checks on memory.

The new Post-Setup Security Updates feature is designed to protect the server from being infected by malicious code between the time the server is first installed and the application of the most recent security updates from Windows Update. This is a very important feature in today's world, where unprotected Windows servers running un-updated releases of the operating system have shown to become infected with viruses, worms, and Trojan Horses in a matter of minutes after being connected to the network.

Several other new security capabilities have been delivered with Windows Server 2003 SP1, including: computerwide DCOM restrictions and the capability to disable incoming DCOM activation, launch, and calls; security features for Internet Explorer and Outlook Express; modifications to make the prompts for file downloads, e-mail attachments, shell process execution, and program installation "clearer and more consistent;" changes in the Remote Procedure Call (RPC) service to help make RPC interfaces secure by default; passwords used to log on to WebDAV servers for remote file access are no longer transmitted "in the clear;" more detailed control over the list of add-ons that can be loaded by Internet Explorer; and the addition of Network Access Quarantine Control components, RQS.exe and RQC.exe, to make deployment easier.

Microsoft says security is the top priority in its development labs these days. At the RSA Security conference in February, CTO and founder Bill Gates said more than one-third of the $6 billion that Microsoft spends on research and development each year is directly focused on security, while the rest often ties in to that core security work. "[Security] is the top priority for Microsoft, the top priority in terms of our R&D," he said.

To download Windows Server 2003 SP1 for all versions, go to www.microsoft.com/downloads/details.aspx?familyid=22CFC239-337C-4D81-8354-72593B1C1F43&displaylang=en.

In addition to Windows Server 2003 SP1, Microsoft also released to manufacturing Windows Server 2003 x64 Editions and Windows XP Professional x64 Edition. These versions of Windows support the so-called "extended 64-bit" processors that can simultaneously run 32-bit and 64-bit applications. AMD and Intel started delivering these processors last year. Microsoft says the x64 versions of Windows will be available through various business partners in late April.