January 'Patch Tuesday' to be very light on security

January 7th, 2010 at 7:21 PM  2 Comments

This patch Tuesday will be one of the lightest ones for security in recent memory. According to the Security Bulletin Advance Notification for this month, Microsoft will only be releasing one patch for Windows, and none for Internet Explorer or Office. The patch will be issued on Tuesday, January 12, and will be followed on January 13 by a 90 minute webcast at 11:00 AM Pacific. In addition to the one patch for Windows, Microsoft will also release an updated version of the Malicious Software Removal Tool.

The patch is considered critical for Windows 2000 users, and low for all other versions, and relates to a remote code execution venerability. Effected operating system versions include every currently supported edition both on the client and server side:

  • Windows 2000 Service Pack 4 [Critical]
  • Windows XP Service Pack 2 & Service Pack 3
  • Windows XP x64 Edition Service Pack 2
  • Windows Server 2003 Service Pack 2 (32-bit, 64-bit & Itanium)
  • Windows Vista Service Pack 1 & Service Pack 2 (32-bit & 64-bit)
  • Windows Server 2008 Service Pack 2 (32-bit, 64-bit & Itanium – except Server Core installs)
  • Windows 7 (32-bit & 64-bit)
  • Windows Server 2008 R2 (64-bit & Itanium – except Server Core installs)

Microsoft will still be releasing one or more non-security but high-priority update through Windows Update and Windows Server Update Services, but has not yet disclosed details.

Microsoft to drop support for Windows 2000 next July

September 17th, 2009 at 11:01 PM  1 Comment

Windows_2000_logoWindows administrators, mark your calendar for the drop dead date to get those old servers upgraded. Microsoft has outlined July 13, 2010 as the date Windows 2000 will no longer be supported by Microsoft. There are already a variety of security threats in the wild where Microsoft has said they will not be releasing updates to protect Windows 2000 because they say it is not feasible. After next July, no support or new updates (except for online self-help) will be available.

These changes were posted by Crissy House, the Windows Server operations manager, on their team’s blog.

House also announced that there would be no more service packs for Windows 2003 or Windows 2003 R2. Both 2003 releases will move to extended-support on July 13, 2010, which means only security updates will be published for these operating systems. Non-security hotfixes developed during this phase will be provided only to customers who enroll in Extended Hotfix Support (EHS).

Microsoft released Windows Server 2000 in February 2000, Windows Server 2003 was released in April 2003 and Windows Server 2003 R2 was released in February 2006. In February 2008, Microsoft released Windows Server 2008 which was developed along side Windows Vista, but will quickly supplant it with Windows Server 2008 R2 which was developed along side Windows 7 and will be released along side the client OS on October 22, 2009.

Windows Server 2008 R2 will only be avaliable in x86-64 and Itanium editions, so administrators needing to run 32-bit implementations of  2008 will need to use the original 2008 release.