IE fixes, Mydoom 'cleaning' tool to be delivered

In an online briefing, Microsoft security executives discussed fixes for the software maker's Web browser and the latest variant of the Mydoom worm and offered updates on several security-focused products.

Microsoft security executives on Wednesday provided new information about tools to battle recent software vulnerabilities and offered a status report on security technologies that are being developed.

During a monthly online security briefing, Mike Nash, corporate vice president of Microsoft's security business unit, said customers can expect an updated patch to plug the Download.Ject vulnerability sometime next week, as well as an updated "cleaner" tool this week for the Mydoom-O worm. This variant of the widespread Mydoom worm was discovered earlier in the week.

Responding to a question on the overall security of Microsoft's Internet Explorer browser, Dean Hachamovich, a product

Bringing XP SP2 features to Windows 2000 would require the same level of testing as with XP, and it is unclear how many organizations would be willing to do that.


Dean Hachamovich,

IE product manager

,
unit manager for Internet Explorer, said that Microsoft was "committed to keeping IE secure" and that Microsoft has "large teams [of people] working on the browsers."

Customers should be confident as long as they are running the latest version of Microsoft's Web browser with all the updates, he said. Hachamovich said that when Windows XP Service Pack 2 is released, users will be protected from attacks such as Scob, or Download.Ject, which targeted IE earlier this month. That vulnerability was a cross-domain vulnerability, and as such, could not run code, he said.

XP SP2 download notification

On the release of XP SP2 in August, Nash said customers can expect notification that it will be coming just before it is ready to download. It will be available shortly after the release of Windows Update V 5.0, the online hosted service that provides automatic updates to customers.

Customers also received news on some of the company's software-updating technologies. For those who download XP SP2, one big improvement will be the ability to download only the security fix that they need.

Microsoft is evaluating the feasibility of bringing some of the improvements in XP SP2 to Windows 2000, but Hachamovich said, "Bringing XP SP2 features to Windows 2000 would require the same level of testing as with XP, and it is unclear how many organizations would be willing to do that."

"The most critical thing users can do on Windows 2000 is run IE 6.0 with all the critical updates," he added.

Installer consolidation nears completion

Microsoft's efforts

For more information

See details of the latest schedule for Windows Server 2003 SP1

 

Read more about the Internet Explorer exploit

to reduce the number of installers from eight to two will be completed by the end of the year, Nash said. Both installers will have the same interface. Microsoft is also working to standardize the naming of patches.

Required reboots have already been reduced by 10%, and further improvements are expected. Microsoft is working on a hot patching system that can deliver patches while a system is running. This will arrive with the delivery of Windows Server 2003 Service Pack 1, which has been pushed back to the first half of 2005. The company is also developing smart installer technology that can detect whether files will be impacted by an update, Nash said.

The next release of Windows, code named Longhorn, will also bring some new reboot technologies, although he didn't elaborate.

Nash also reminded customers that the general beta test for Windows Update Services will begin later this year. WUS, the next generation of the Software Update Services utility, is due out in the first half of 2005. Another security-focused product, the enterprise edition of the ISA Server 2004 firewall, will be available at the end of the year.

Dig deeper on Windows Server and Network Security

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchServerVirtualization

SearchCloudComputing

SearchExchange

SearchSQLServer

SearchWinIT

SearchEnterpriseDesktop

SearchVirtualDesktop

Close