Menu
Microsoft Patch Tuesday says goodbye to Windows Server 2003

Microsoft Patch Tuesday says goodbye to Windows Server 2003

Microsoft scrambled to cover a vulnerability unearthed in last weekend's Hacking Team breach,

With this month's Patch Tuesday round of security fixes, Microsoft has ended its support for the Windows Server 2003 operating system.

"For anyone who still runs Windows 2003, I hope it is where no one can access it, and they are working on a project to replace those servers," said Wolfgang Kandek, chief technology officer for IT security firm Qualys.

For July, Microsoft issued 14 bulletins, covering a total of 58 vulnerabilities.

The patches cover three critical holes in Microsoft Windows, in both the server and desktop editions, as well as one critical vulnerability in Internet Explorer, versions 7 through 11.

Administrators should apply these critical patches as quickly as possibly, because the vulnerabilities are already being used by attackers to gain entry into systems.

The remaining patches, deemed by Microsoft as important but not critical, address additional vulnerabilities in Microsoft Office and SQL Server, as well as additional vulnerabilities in Windows.

Overall, this is a fairly heavy month of patches, Kandek said.

Part of the reason for the relatively large number of patches may be the recent breach of Italian IT security firm Hacking Team. It exposed information about a number of critical vulnerabilities that the company had kept to itself, presumably for use in its Galileo remote machine surveillance software.

At least one of the bulletins this month, MS15-065, for Internet Explorer, contains a fix for the critical vulnerability unearthed in the Hacking Team attack.

As soon as possible, administrators should also tend to the critical patches Adobe has issued for its Flash software, which also came about due to the Hacking Team incident, Kandek said.

Nine of the 14 bulletins are applicable to Windows Server 2003, including the critical MS15-066, which could allow an attacker to gain control of a machine by tricking the user into visiting a maliciously crafted Web site.

After this month, Microsoft will not issue security patches for Windows Server 2003, as the company's timeline for supporting the OS has ended.

Continuing to run Windows Server 2003 will be dangerous in terms of security, especially for servers connected to the Internet, because new vulnerabilities will probably continue to be found and exploited by attackers, Kandek said.

In fact, Windows Server 2003 will become even more vulnerable than before, given that attackers can identify weak spots by analyzing patches for newer editions of the OS, which probably have at least some of the same code as Windows Server 2003.

Another unusual patch in this month's load is MS15-058, which fixes a number of vulnerabilities in SQL Server. This patch was originally scheduled for last month but was held at the last minute, presumably for additional testing.

Major security fixes to SQL Server are relatively infrequent, and this one is not of a critical nature, assuming that users adhered to best practices when they installed the database software, said Amol Sarwate, Qualys director of engineering.

In order to harness this vulnerability for illicit purposes, the user has to have the permissions to manipulate a database schema and alter its tables. Most organizations will just delegate a single administrator account to make changes to the database and not grant these permissions to all users.

Joab Jackson covers enterprise software and general technology breaking news for The IDG News Service. Follow Joab on Twitter at @Joab_Jackson. Joab's e-mail address is Joab_Jackson@idg.com

Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Tags patchesMicrosoftsecurityHacking Team

Featured

Slideshows

Educating from the epicentre - Why distributors are the pulse checkers of the channel

Educating from the epicentre - Why distributors are the pulse checkers of the channel

​As the channel changes and industry voices deepen, the need for clarity and insight heightens. Market misconceptions talk of an “under pressure” distribution space, with competitors in that fateful “race for relevance” across New Zealand. Amidst the cliched assumptions however, distribution is once again showing its strength, as a force to be listened to, rather than questioned. Traditionally, the role was born out of a need for vendors and resellers to find one another, acting as a bridge between the testing lab and the marketplace. Yet despite new technologies and business approaches shaking the channel to its very core, distributors remain tied to the epicentre - providing the voice of reason amidst a seismic industry shift. In looking across both sides of the vendor and partner fences, the middle concept of the three-tier chain remains centrally placed to understand the metrics of two differing worlds, as the continual pulse checkers of the local channel. This exclusive Reseller News Roundtable, in association with Dicker Data and rhipe, examined the pivotal role of distribution in understanding the health of the channel, educating from the epicentre as the market transforms at a rapid rate.

Educating from the epicentre - Why distributors are the pulse checkers of the channel
Kiwi channel reunites as After Hours kicks off 2017

Kiwi channel reunites as After Hours kicks off 2017

After Hours made a welcome return to the channel social calendar last night, with a bumper crowd of distributors, vendors and resellers descending on The Jefferson in Auckland to kickstart 2017. Photos by Maria Stefina.

Kiwi channel reunites as After Hours kicks off 2017
Arrow exclusively introduces Tenable Network Security to A/NZ channel

Arrow exclusively introduces Tenable Network Security to A/NZ channel

Arrow Electronics introduced Tenable Network Security to local resellers in Sydney last week, officially launching the distributor's latest security partnership across Australia and New Zealand. Representing the first direct distribution agreement locally for Tenable specifically, the deal sees Arrow deliver security solutions directly to mid-market and enterprise channel partners on both sides of the Tasman.

Arrow exclusively introduces Tenable Network Security to A/NZ channel
Show Comments