No patch for Windows 2000 vuln
Wed, 09/09/2009 - 09:57
Topic Source:
Microsoft has refused to patch a denial of service vulnerability in Windows 2000, claiming working up a fix is "infeasible".
While the bug allows remote code execution several versions of Windows, including Vista and Server 2008, its impact on Windows 2000 is limited to causing a denial of service.
Let's hope it's not one of those Denial of Service bugs that turns out to be quite serious later.
Thu, 09/17/2009 - 13:26
#2
Interesting...
It is interesting... any XP box with a listening service on a LAN is fair game for an easy DoS... but they do make a valid point about XP boxes having all ports off by default.
I guess the other mitigating factor is that XP is never used as a server OS.
If someone finds out this is more than a DoS then MS will be in a pretty serious pickle.
I still think it's more of a serious problem for Win2K users -- there are plenty of old SQL/IIS boxes out there running on Win2k. If they're Internet-facing systems then they should have a firewall in front of them that corrects the window size problem, but I'm thinking anything behind the firewall (company DB etc) will probably not have anything in front of it.
That'll make it easy for an insider to DoS vital company assets.
With support due to expire for Win2K next year anyway I guess it's not the end of the world... probably just a good reason to upgrade to 2k3/2k8.
P
Tue, 09/29/2009 - 00:23
#3
The folk lore is that there
The folk lore is that there are still NT4 boxes out there, because they host applications that can’t be ported. But that’s shouldn’t be the case with server 2000. If something works on server 2000 then it should work on 2003. There shouldn’t be a lot of excuses not to upgrade.
Tue, 09/29/2009 - 13:49
#4
NT4 legacy apps...
It's also said that VMWare got its first serious traction in the enterprise because NT4 doesn't run on most modern hardware, but you can VM it.
So instead of overhauling crappy old legacy apps it's possible to extend their life by whacking them on a VMWare box.
I wonder how much NT4 is actually still out there...
Thu, 10/08/2009 - 22:16
#5
Its out there....
Whilst I doubt that there is a lot of NT4 left running critical systems, I can name a number of ASX200 listed companies running core business platforms on NT4 that has now been virtualised.
Virtualisation helped to extend the life of these systems even further which has meant they have stuck around.
I'd be more concerned about the W2K servers though, they are definitely common and normally running apps like SQL.
Fri, 10/23/2009 - 20:18
#6
non critical
Plenty of NT4 in the SCADA arena still. Some of that's pretty critical ;)
It appears Windows XP has been added to the list of systems not to be patched for this.
http://www.computerworld.com/s/article/9138007/Microsoft_No_TCP_IP_patch...