• United States

Ah, but Microsoft flaws are a headline writer’s dream

Jun 09, 20032 mins
Enterprise ApplicationsMicrosoftPatch Management Software

* Reading into Microsoft's latest patch

Headlines sell newspapers. In general, editors write headlines. For example, the majority of the headlines for this newsletter are dreamed up [more like “crafted” – Ed] by my esteemed editor who, fortunately, goes for a whimsical, rather than a sensational, image. But far too many headlines are created with a view towards creating a sensation rather than a sense of spreading information. Just last week, the following headlines appeared in a number of technical – and nontechnical – publications:

*  “Microsoft issues first patch for Windows Server 2003”

*  “Microsoft releases first Server 2003 patch”

*  “Microsoft issues patch for Windows Server 2003”

*  “Security patch for Windows Server”

*  “Windows Server 2003 gets first security patch”

*  “Microsoft: First Windows Server 2003 Bug ‘Positive Progress”

Read any of the stories, though, and you’ll find that it isn’t the Windows Server 2003 operating system that has a security vulnerability, but Internet Explorer (IE). That is, all versions of IE from 5.01 on, which includes the IE Version 6.0 that ships with Win2K3.

Now I don’t wish to minimize the enormity of the problem that’s being addressed – an unpatched browser could allow a malicious cracker to take over the computer. But, as Microsoft spokespeople reminded anyone who would listen: 1) IE is locked down by default on Win2K3 because 2) why would you want to use a browser on a server? By design and by default Windows Server 2003 is not vulnerable to this attack.

While it’s literally true that a patch for Windows Server 2003 was released and it was a patch to fix a security problem, a vulnerability in Windows XP, Windows 2000 and even Windows 98 is much more severe than any in Win2K3 – and the editors who create the headlines should be aware of that. Your job is hard enough without having your anxiety level raised by misleading headlines.

Read the security bulletin (, get the patch and apply it to your systems. Do this as soon as you can, but remember to start with the client systems, the desktop units that your users actively employ to browse the Web – servers without a need to run IE can safely be left until last.

Fortunately, the editors I work with at Network World and Network World Fusion eschew the tabloid-like headlines that other trade press seems to embrace. I’m constantly thankful for that, and you should be too.