It's Official! Whistler Server Is Called Windows 2002
Forget about the code name Whistler. It's now Windows 2002 for the
server versions. MS has (pretty much as expected) settled on the
official name for its next generation of W2K. They announced it
just this Monday at a Los Angeles Gartner Group conference.
In general, this was an expected move. The tradition started really
with Windows 95 and went up from there. The only exception is the
name Windows XP which will be the new desktop for both the home and
the business replacement of W2K professional.
And as planned, WXP will ship second half this year, and I really
expect W2K2 not earlier than Q1 2002, despite announcements it
will arrive second half 2001. They need to do more work on Active
Directory so I'm relatively sure their current time table will slip.
Other MS-officials have already indicated this might be the case.
W2K2 is currently in its second beta test, and at least a third beta
is expected before it gets Released To Manufacturing (RTM).
Hole A Truck Can Drive Thru in W2K - You Gotta Fix This One
Microsoft last Tuesday issued a security bulletin and patch for its
W2K server to prevent hackers from taking control of Web sites running
W2K. This flaw was so big it pushed back the release of W2K Service
Microsoft spokesman Jim Desler stated "a serious vulnerability in the
ISAPI extension -- which was designed to enable Internet printing --
could be used by hackers to take over a site. MS strongly urges all
IIS 5.0 server administrators to install the patch immediately. They
are right. You need to fix this one for sure.
The flaw was discovered by software security company eEye Digital
Security of Aliso Viejo, Calif., and reported to Microsoft. They
came back with a fix in about 10 days which is relatively quick.
The latest development code of eEye's Retina was able to find a buffer
overflow within the .printer ISAPI filter which provides W2K with
support for the Internet Printing Protocol. IPP allows for the web
based control of various aspects of networked printers.
eEye provided Microsoft with a working example exploit that when ran
against a web server would, in a matter of a few seconds, bind a cmd.exe
command prompt to a port on a remote IIS 5.0 web server so that a remote
attacker could then execute commands with SYSTEM level access and therefore
have full control of the vulnerable machine.
Download the patch from here. (Sunbelt patched all its systems today).
Restoring NTFS between NT and W2K? Don't Lose Your Data!
More and more of you are now using W2K, looking at Microsoft's sales
figures. But coming from earlier versions of Windows, you need to be
careful. Especially with your backups. Why? Paul Helpern ran across
this little but very important bit of info that sits in the W2K
online manual and sent it to me. Here's the quote:
"You can use Backup to back up and restore data on either FAT or NTFS
volumes. However, if you have backed up data from an NTFS volume used
in Windows 2000 it is recommended that you restore the data to an NTFS
volume used in Windows 2000, or you could lose data as well as some file
and folder features. For example, permissions, encrypting file system
(EFS) settings, disk quota information, mounted drive information, and
Remote Storage information will be lost if you back up data from an
NTFS volume used in Windows 2000 and then restore it to a FAT volume
or an NTFS volume used in Windows NT 4.0."
There are more very useful things here, and it's searchable so will
save you a lot of time. Here's the link that will take you straight
to that MS-website.