WinInfo Daily UPDATE, February 18, 2004

This Issue Sponsored By

Windows & .NET Magazine

Sponsor: Windows & .NET Magazine

Get 2 Sample Issues of Windows & .NET Magazine!
Every issue of Windows & .NET Magazine includes intelligent, impartial, and independent coverage of security, Active Directory, Exchange Server, and more. Our expert authors deliver content you simply can't find anywhere else. Try two, no-risk sample issues today, and find out why 100,000 IT professionals read Windows & .NET Magazine each month!


In the News
- Source-Code Leak Prompts Vulnerabilities, Warning from Microsoft
- Intel Follows AMD into 64-Bit Territory

==== In the News ====
by Paul Thurrott, [email protected]

Source-Code Leak Prompts Vulnerabilities, Warning from Microsoft
Hackers and security researchers who downloaded the Windows 2000 source code over the weekend have already found a security vulnerability to exploit, although the vulnerability affects only the out-of-date Microsoft Internet Explorer (IE) version that shipped with the original Win2K. The vulnerability, which affects IE 5.01, lets attackers compromise users' PCs when they access a malicious Web site. On one hand, Microsoft says that not only does the vulnerability affect only a single, older version of IE, but the company found and fixed the vulnerability during its Trustworthy Computing code review 2 years ago. On the other hand, about 10 percent of Web browser users--more people than use Mozilla, Netscape, Opera, and Apple Computer's Safari combined--still use IE 5.01.
"\[The vulnerability\] doesn't affect IE 6," Mike Reavey, a Microsoft security program manager, said. "It does look like it was one of the things that was found during the code review." Microsoft is cautioning users to upgrade to the most recent IE version--IE 6 with Service Pack 1 (SP1)--to ensure the safest possible Web experience. But the near-instantaneous release of a vulnerability based on the Windows source-code leak makes me wonder how many other vulnerabilities will be found in the coming days. And, unlike the IE vulnerability, some of those vulnerabilities might also affect the most current versions of Windows, including Windows Server 2003 and Windows XP, which are based on Win2K. "We take this seriously," a Microsoft spokesperson said Friday. "It's illegal for third parties to post or make our source code available. From that standpoint we've taken appropriate legal action to protect our intellectual property."
Microsoft has also taken the interesting step of warning users to keep their hands off the stolen source code. On Monday, the company issued legal warnings to people who had downloaded or distributed the code. "The unauthorized copying and distribution of Microsoft's protected source code is a violation of both civil and criminal copyright and trade secret laws," the warning said. "If you have downloaded and are making the source code available for downloading by others, you are violating Microsoft's rights, and could be subject to severe civil and criminal penalties." Microsoft then demanded that downloaders destroy their copies of the source code and tell Microsoft where they got it.

Intel Follows AMD into 64-Bit Territory
Intel representatives confirmed what they described as the "worst-kept secret in \[the industry\]" when they announced plans yesterday to add 64-bit extensions to the Pentium 4 and Xeon microprocessors. The move will give the chips 64-bit capabilities and bring them up to par with rival chips from AMD, which pioneered desktop-based 64-bit computing last year. The revelation represents a new experience for Intel, which has historically led the microprocessor industry, both financially and technically. But Intel says that consumer demand exists for 64-bit technology, as evidenced by Microsoft's 64-bit versions of Windows Server 2003 and Windows XP, which take advantage of the chips' advanced features while providing full backward compatibility with the applications today's PC users take for granted. However, the announcement raises concerns that the 64-bit Pentium 4 and Xeon chips will supplant Intel's Itanium line, a "pure" 64-bit microprocessor family designed for high-end servers and scientific workstations.
"What this suggests to AMD is that Intel is now following our leadership," Ben Williams, director of AMD's Server and Workstation Business Segment, said. Williams is obviously skipping over an obvious truth: By simply entering this market, Intel will likely quickly dominate it and overshadow AMD's sales by a wide margin. To get to that point, Intel will roll out what it calls 64-bit extension--first to its Xeon line of server and workstation chips by mid-year, then to the next-generation Pentium 4, which will ship in the second half of 2004. That schedule is far more aggressive than analysts had predicted.
For the short term, 64-bit chips will likely see the most traction on servers, on which today's 32-bit 4GB memory limit can be confining in certain circumstances. But Intel will quickly move the technology up and down its product line. Initially, Xeon products will target dual-processor systems; later, Pentium 4-based chips will target single- and dual-processor workstations, and Xeon systems, due in early 2005, will target quad-processor servers. On the software side, Microsoft is already shipping beta versions of Windows 2003 and XP that work on the new Intel systems and expects to finalize those products by the end of the year. By late 2004, various Linux distributors will also ship 64-bit variants of Linux for the new Intel systems.

==== Announcement ====
(from Windows & .NET Magazine and its partners)

Download the Latest eBook--"Best Practices for Managing Linux and UNIX Servers"
This free eBook will educate systems managers about how to best approach the complex realm of Linux and UNIX management and performance monitoring. You'll learn core issues such as configuration management, accounting, and monitoring performance with an eye toward creating a long-term strategy for sustainable growth.

==== Events Central ====
(A complete Web and live events directory brought to you by Windows & .NET Magazine: )

New Web Seminar--Realizing the Return on Active Directory Join Mark Minasi and Indy Chakrabarti for a free Web seminar and discover how to maximize the return on your Active Directory investments and cut the cost of security exposures with secure task delegation, centralized auditing, and Group Policy management. Register now and receive NetIQ's free "Securing Access to Active Directory--A Layered Security Approach" white paper.

==== Sponsored Link ====

Free Trial--Fast and Easy Network Management--NetSupport DNA;7276793;8214395;y?


==== CONTACT US ====

About the newsletter -- [email protected]
About technical questions --
About product news -- [email protected]
About your subscription -- [email protected]
About sponsoring UPDATE -- [email protected]


This email newsletter is brought to you by Windows & .NET Magazine, the leading publication for IT professionals deploying Windows and related technologies. Subscribe today.

Manage Your Account
You are subscribed as #EmailAddr#.

You received this email message because you requested to receive additional information about products and services from the Windows & .NET Magazine Network. To unsubscribe, send an email message to mailto:[email protected] Thank you!

View the Windows & .NET Magazine Privacy policy at

Windows & .NET Magazine a division of Penton Media Inc.
221 East 29th Street, Loveland, CO 80538
Attention: Customer Service Department

Copyright 2004, Penton Media, Inc. All Rights Reserved.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.