Operating System Updates
When Microsoft ships an operating system, it does its best to find and remove all security vulnerabilities. In a perfect world, that would mean that the operating system was perfect from a security standpoint. In our imperfect world, however, operating systems are large and complex. As we know, complexity is the enemy of security. This means that the complexity of these large operating systems provides plenty of opportunities for security vulnerabilities to crop up.
Security vulnerabilities are discovered every day both by vendors and by customers who purchased the products. Microsoft, like virtually all other hardware and software vendors, continuously refines its products based on the discovery of these vulnerabilities. When a particularly critical vulnerability is discovered, Microsoft quickly writes and releases a software patch to address the issue.
Tip
Microsoft almost never writes patches to address configuration issues. This may seem obvious, but many administrators believe that any improper configuration is a bug. The extensive documentation available for Microsoft products, including this book, help you determine the proper configuration to implement. If you implement it incorrectly or without a proper plan in place, you may create your own security vulnerability. Because this isn’t improper behavior of the software, Microsoft doesn’t patch it.
The quicker you apply a patch to your systems, the quicker you become resistant to attacks that exploit ...
Get Securing Windows Server 2003 now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.