You had to see this one coming.
After a close call with a "moderate" security vulnerability last week, a perfect storm had hit Windows Server 2003 by the middle of this week. Microsoft issued a patch for a vulnerability it rated as "critical" after a Poland-based research group uncovered a flaw in the Windows' implementation of Remote Procedure Call (RPC) that could be exploited quite easily by a network worm.
The RPC flaw, which can be found in most Windows environments, earns the dubious distinction of being Windows Server 2003's first "critical" vulnerability. The Poles who came across it, who go by the psychedelically inspired name of Last Stage of Delirium (LSD), were so uptight about it's potential to do harm in the wrong hands that they refused to release exploit code that would allow users to protect themselves.
An e-mail from the group to SearchSecurity.com ominously stated, "We believe that no remote vulnerability in history affected so many systems in practice." Hyperbole? Probably. But why take the chance? Go to the Microsoft site and get the patch. Another fix is to block the TCP port that RPC uses. That's port 135.
Also this week, fallout continued from an open-source salvo that was fired at Microsoft's Exchange and IBM's Lotus Domino by a group calling itself OpenGroupware.org. The organization wants to bring open messaging and collaboration software to the world. Thanks to Germany's Skyrix Software, that may be possible. Skyrix
I realize that Massachusetts prides itself on its independent streak -- after all, it was the only state to go for George McGovern in 1972 -- but enough already. Several publications, as well as The Associated Press, reported this week on Massachusetts Attorney General Tom Reilly's increasingly lonely stand against Microsoft. The Bay State is the only state from the original antitrust lawsuit that has not reached a settlement with Redmond. And it certainly doesn't look like that stand is going to change anytime soon. Reilly not only says that Microsoft got off easy on charges that it created a desktop software monopoly, he argues that Gates et al are still doing the sorts of things that got them in trouble in the first place. There's no truth to the rumor that Reilly will be challenged in the next election by Don Quixote.
On the systems admin front, Margie Semilof broke a story this week that smacks of cloak and dagger with an IT twist. InstallShield filed a civil complaint in U.S. District Court in Chicago that rival management software maker Wise Technologies tapped into its FTP server and stole intellectual property. And how were the ill-gotten goods gotten? InstallShield accused Wise of "obtaining" the passwords of two InstallShield employees. The U.S. Attorney's office and the FBI are investigating the possibility of bringing criminal charges. Wise denies the allegations, and a legal officer told SearchWin2000.com that it is conducting an internal probe.
And at the tail end of this week, Microsoft Watch's Mary Jo Foley reported that "priority" testers have gotten their hands on the first beta release of the next iteration of the SQL Server database, which shall be known as Yukon until its expected debut in the second half of 2004. Beta testers who weren't part of the favored few to get their Yukon code now should see it by the beginning of August. Not much is known about the software other than what Microsoft discussed at TechEd: Improved reporting capabilities will be part of its beefed-up business intelligence tools. As Oracle tunes up for Oracle 10i and IBM continues to tweak DB2, the database wars should continue to be good IT theater.
FOR MORE INFORMATION: