Become a Member My Atlas
Insights
Training
Advisory & Negotiation
Free Resources
About
Contact Us
Search
Become a Member

Updated: July 9, 2020 (November 30, 2009)

  Analyst Report Archived

Security Fixes Not Assured

My Atlas / Analyst Reports

1,143 wordsTime to read: 6 min
Michael Cherry by
Michael Cherry
Michael Cherry by
Michael Cherry

Michael analyzed and wrote about Microsoft's operating systems, including the Windows client OS, as well as compliance and governance. Michael... more

Important TCP/IP security vulnerabilities in Windows 2000 will not be fixed regardless of the fact that the OS remains in Extended support until 2010. Microsoft claims the only way to fix the problems is to make significant changes that would involve redesigning the TCP/IP features of the OS and might render applications incompatible with the updated OS. The incident illustrates that although OS versions nominally retain Microsoft support for 10 years, as time passes and OS architectures change dramatically, the likelihood decreases that Microsoft will fix even important problems.

Windows 2000 Excluded from Fixes

The truth about security updates came to light in a bulletin (MS09-048) released on Patch Tuesday in Sept. 2009. The update covers TCP/IP vulnerabilities that could allow remote code execution on Windows Vista and Windows Server 2008 and were therefore given an aggregate rating of critical for those OSs. The vulnerabilities are rated as only important on Windows 2000 because they could only lead to a denial of service attack, not code execution.

Atlas Members have full access

Get access to this and thousands of other unbiased analyses, roadmaps, decision kits, infographics, reference guides, and more, all included with membership. Comprehensive access to the most in-depth and unbiased expertise for Microsoft enterprise decision-making is waiting.

Membership Options

Already have an account? Login Now