September 12th, 2009, 09:45 PM
WIN2000 Not Patched
It seems that the recent TCP/IP fixes for Windows did not extend to Windows 2000 Server.
Earlier today, Microsoft delivered five critical updates that patched eight vulnerabilities in Windows, including one that the company won't bother fixing in Windows 2000 Server SP4. The operating system's support doesn't end until July 2010; until then, Microsoft was supposed to provide updates.
September 13th, 2009, 03:45 AM
So you don't have the Windows 2000 Server on an Internet facing adapter (at least not as your first server in line) and you have your router or gateway block Ports 139 and 445 from the Internet.
Then, you only have to worry about intranet related threats. Although with the ports blocked on the gateway, you shouldn't have an issue with that (unless there's malware created which uses a click to install from a website).
Have a great day
September 13th, 2009, 09:59 AM
Well, unless it is some old ex-corporate server that someone has "inherited" there shouldn't be much of a problem.
I would imagine that any Win2000 servers that are still around will be there to support legacy applications and probably won't connect to the internet anyway?
September 13th, 2009, 08:41 PM
The number of "in production" W2K servers would probably astound most people. I actually think this is a big issue and one that I find slightly concerning. As for blocking 139/445, since this is in the TCP Stack, that alone won't do very much for you.
What worries me even more is that on initial release of the advisory Windows XP was listed as not being affected in it's "default configuration", it wasn't until a couple of days later that Microsoft finally admitted that XP was affected, and that they weren't releasing a patch for it either.
IT Blog: .:Computer Defense:.
(Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".
September 13th, 2009, 10:51 PM
HT has as they say, hit this on the head:
Maybe they don't use Windows 2000 in some places the other members here visit, but even a typical college is still using this stuff (The ones who actually run Windows on Servers to begin with anyway) and a lot of Hospitals here use it too because they didn't like 2003, or 2008.
XP being affected is huge because I know ONE person who actually used it and kept it the whole time on their machine. The rest either use XP (A lot) or, some switched over to something else.
XP has incredibly heavy use still today because XP, and 2000, are not only cheaper (XP Professional here, when brand new had a price tag of 300 dollars, Vista, depending on what you're going for, was in some places a LOT more than this) and a lot of people I know who use Windows hated Vista enough that they were willing to drop it and NOT get new stuff as opposed to using it and have not only drivers, but support.
It doesn't shock me that 2000 Server and XP aren't being patched. How better a way to be sure that users will find out and be forced to "upgrade" to either Vista or 7 when it becomes usable.
Microsoft has to know about the numbers of people still using 2000 Server, and probably just said "That's it, we'll say we'll fix big ones, but really this thing isn't getting fixed" and then they have the option to upgrade, or switch to something else. Either way, they're probably sick of Windows 2000 updates.
Also of interest is the fact that this bug was present almost a decade ago and they just figured it out. If it wasn't, 2000 wouldn't need a patch to begin with. Which was released in 1999 along with Windows ME which we all knew and loved much like we did Vista.
By fyrewall in forum Microsoft Security Discussions
Last Post: August 22nd, 2004, 08:18 PM
By valhallen in forum AntiOnline's General Chit Chat
Last Post: June 17th, 2004, 02:10 PM
By valhallen in forum Operating Systems
Last Post: May 27th, 2004, 02:08 PM
By punjabian263 in forum Microsoft Security Discussions
Last Post: August 21st, 2003, 04:37 AM
By hookah in forum Non-Security Archives
Last Post: December 29th, 2001, 04:06 AM