X

Microsoft tightens software security

The company releases a new patch for its Web server software and says it plans two new tools for customers to assess the security level of their software.

David Becker Staff Writer, CNET News.com
David Becker
covers games and gadgets.
See full bio
David Becker
2 min read
In an effort to address growing concerns over bugs and viruses that target its software, Microsoft on Thursday released a new patch for its Web server software and said it plans two new tools for customers to assess the security level of their Microsoft software.

The Microsoft Network Security Hotfix Checker, or Hfnetchk tool, made available on Wednesday, allows business users of the company's software to assess the status of security patches for the Windows NT 4.0 and Windows 2000 operating systems, as well as fixes for Internet Information Server 4.0 and 5.0 (IIS), SQL Server 7.0 and SQL Server 2000, and Internet Explorer 5.01 and later, according to Microsoft.

The tool scans and monitors the status of all machines on a network, checking for the presence or absence of security patches.

The company also announced a similar tool for home users, called the Microsoft Personal Security Advisor (MPSA) application. The tool, which Microsoft said will be available soon, lets users scan their Windows NT 4.0 and Windows 2000 operating systems and receive reports on their computers' security settings and how to improve them. The report outlines missing security patches, weak passwords, Internet Explorer and Outlook Express security settings, and Office protection settings.

MPSA was jointly developed by Shavlik Technologies, a provider of security tools and services, Microsoft said.

The tools are the latest efforts in a campaign by the Redmond, Wash.-based software company to protect customers' systems from the Code Red worm, which takes advantage of a security hole in the company's Web server software running on Windows NT and Windows 2000 systems.

As variants of the Code Red worm have continued to attack systems across the globe, Microsoft has beencriticized for not making efforts to adequately protect its Internet servers and software from viruses.

Microsoft also has released a new patch for Internet Information Server (IIS), the Web server software exploited by Code Red. The new release rounds up a number of previously released patches into one file, including one that fixes the vulnerability exploited by the worm.

The cumulative patch also addresses several newly discovered vulnerabilities, including one that allowed Code Red to disrupt servers--even ones that employed the original IIS patch--that used "URL redirection"--a service that allows traffic to one Web address to be shifted to another.

The patch is for versions 4.0 and 5.0 of IIS running on Windows NT and Windows 2000. Details and download instructions are available from Microsoft.