Yesterday, Windows Server 2003 service pack 1 (SP1) was released to manufacturing and the 329Mb service pack is available for download from the Microsoft website.
Like Windows XP service pack 2 (SP2), released last August, SP1 is primarily a security patch, providing new functionality to address known security vulnerabilities and to prepare for future security threats with new technologies including:
- Security configuration wizard. Customers can more easily reduce attack surface area with the new Security Configuration Wizard. The tool reduces the attack surface by gathering information about specific server roles, then automatically blocking all services and ports not needed to perform those roles.
- Windows firewall. Originally released with Windows XP SP2, Windows Firewall is now available for the Windows Server System platform and serves as a host (software) firewall around each client and server computer, which may be controlled locally or via group policy.
- Post-setup security updates (PSSU). As systems are vulnerable during the time between their installation and application of the latest security updates, SP1 blocks all inbound connections to the server after installation until Windows Update has delivered the latest security updates to the new computer.
Other SP1 features that offer a more robust security defence include Internet Information Services (IIS) 6.0 metabase auditing, which allows administrators to identify potential malicious users should the store become corrupted, stronger defaults and privilege reduction on services to establish a minimum security threshold for applications, and the addition of network access quarantine control components.
According to Microsoft:
“Install Microsoft Windows Server 2003 Service Pack 1 (SP1) to help secure your server and to better defend against hackers. Windows Server 2003 SP1 enhances security infrastructure by providing new security tools such as Security Configuration Wizard, which helps secure your server for role-based operations, improves defense-in-depth with Data Execution Protection, and provides a safe and secure first-boot scenario with Post-setup Security Update Wizard. Windows Server 2003 SP1 assists IT professionals in securing their server infrastructure and provides enhanced manageability and control for Windows Server 2003 users.”
For more information about SP1, see the Microsoft Windows Server 2003 TechCenter and, for those who are unconvinced as to why this service pack is necessary, Microsoft has published a top 10 reasons to install Windows Server 2003 SP1.