So the U.S. government isn't Chicken Little after all. The sky hasn't exactly fallen, although it's a lot more foreboding for some IT administrators caught in the downpour known as Lovsan.
A short time after a Polish research group uncovered a serious flaw in the Remote Call Procedure (RPC) protocol in Windows, the FBI and other federal authorities told businesses and consumers to brace for the worst: a worm could exploit this flaw by sniffing out unprotected computers.
An American public weary of terrorist-threat levels, virus warnings and patch recommendations may have simply tuned out the FBI and Microsoft, which labeled the vulnerability "critical" and issued a patch July 16.
SearchWin2000.com readers apparently got the message loud and clear. In a new reader poll, an overwhelming majority of respondents said they've applied the patch and have experienced no adverse effects.
Security experts are hedging their bets on how pervasive Lovsan -- or MSBlast, as some call it -- will be. Although most experts agree that the worm is fairly unsophisticated, system administrators who fail to patch this one are playing with fire.
Microsoft should get some credit for acting quickly to issue a patch and sound the alarm, if only they would stop shooting themselves in the foot. At the same time Lovsan was ravaging desktops across the globe, Microsoft security strategist Scott Charney was Down Under telling a TechEd audience in Brisbane, Australia, that third-party code is the cause of half of Windows system crashes. Well, whose bad code caused this mess?
Alas, in IT, as in life, timing is everything.
Lovsan wasn't the only news to cause a stir this week. With Microsoft mum on the details of Office 2003, it fell to industry insiders and resellers to leak the details about the newest version of Microsoft's suite of desktop applications. Sources told SearchWin2000.com's Margie Semilof that the release-to-manufacture date for Office 2003 is imminent, with the final ship date coming sometime in October.
That jibes with what popped out from two online retailers late this week. First up was the British arm of Amazon.com, which posted prices and an Oct. 24 release date. Shortly after, U.S.-based e-tailer PriceGrabber.com followed suit with a price list of its own.
The prices listed in the U.K. are a wee bit higher than those given for U.S. customers, although it's difficult to know whether these dates and prices are truly accurate, since Microsoft is sticking to its self-imposed silence on the matter.
Microsoft had a little more to say -- just a little -- about two new exams being planned for Windows professionals. A couple of weeks ago, two new course titles appeared on a Microsoft-related training Web site. Just as quickly, they disappeared from view.
As it turns out, Remond was trying to generate some buzz over courses that aren't quite ready for release yet. David Lowe, a product manager in the training and certification group, said the two exams are 70-284, "Implementing and Managing Microsoft Exchange Server 2003," and 70-299, "Implementing and Administering Security in a Windows 2003 Network."
Lowe told SearchWin2000.com that Microsoft wants to give IT professionals a heads up on what's coming. They shouldn't hold their breath, though. The course objectives won't be ready for a few more months.
FOR MORE INFORMATION:
Dig Deeper on Windows Server troubleshooting
Editor's note: Who's the real villain when it comes to security vulnerabilities in Windows? Not Microsoft, argues SearchWin2000.com editorial advisory board member Larry Duncan. In a scathing rebuttal to news editor John Hogan's recent commentary, "Microsoft smears lipstick on a pig," Duncan points his finger at whom he sees as the true enemy of corporate IT and defends Redmond's new plans for enterprise patch management as a giant step in the right direction.