Microsoft rolls up Windows 2000 security fixes

Trying to make good on its company-wide effort to increase the security of its software, Microsoft Corp. Wednesday shipped a package of its latest security fixes for users of its Windows 2000 desktop and server operating systems.

Called the Security Rollup Package, the bundle of fixes is the first of more to come from the Redmond, Washington software maker as part of a new strategy it has adopted to improve the security of its products and thus protect its users. Until now, the company has typically released software fixes in what are called service packs. In May of last year, Microsoft released the second service pack for Windows 2000, which included roughly 500 bug fixes for the desktop and server software.

The decision to offer interim security-focused packs between service packs is a result of a recent push from the company's top executives to improve its often tarnished security track record. A memo penned by Bill Gates, Microsoft's chairman and chief software architect, that was leaked to the press earlier this month detailed the company's new focus on what Gates called "trustworthy computing." The effort has officially been dubbed the Strategic Technology Protection Program.

"Microsoft is going to be doing more of this since they raised the bar on security," said Rob Enderle, research fellow with Giga Information Group Inc. in San Jose. "Everything they do in security from now on will have to do somehow with the new strategy."

The rollup package includes more than 40 security fixes for Windows 2000 systems that were discovered after Microsoft shipped its second service pack for the operating system in May 2001.

Some of the fixes in the rollup package have not yet been released publically, but the majority have been previously made available via Microsoft security bulletins, the company said.

Some fixes are designed to seal holes that left the software open to denial of service attacks, while others are intended to plug holes that could allow a hacker to access and manipulate data in a system.

The new security rollup package is only available to users of Windows 2000 Professional, Server and Advanced Server editions who have already installed the Windows 2000 Service Pack 2. The packaging of the fixes allows a user to install all the recommended updates with one download and a single reboot, Microsoft said.

The security pack is available online at http://www.microsoft.com/windows2000/downloads/critical/q311401/default.asp.