Windows 2000 - Security

Security

During the Windows 2000 period, the nature of attacks on Windows servers changed: more attacks came from remote sources via the Internet. This has led to an overwhelming number of malicious programs exploiting the IIS services – specifically a notorious buffer overflow tendency. A tendency that is not operating system version specific, but rather configuration specific: being dependent on the services that are enabled. Following this, a common complaint is that "by default, Windows 2000 installations contain numerous potential security problems. Many unneeded services are installed and enabled, and there is no active local security policy." In addition to insecure defaults, according to the SANS Institute, the most common flaws discovered are remotely exploitable buffer overflow vulnerabilities. Other criticized flaws include the use of vulnerable encryption techniques.

Code Red and Code Red II were famous (and much discussed) worms that exploited vulnerabilities of the Windows Indexing Service of Windows 2000's Internet Information Services (IIS). In August 2003, two major worms called Sobig and Blaster began to attack millions of Microsoft Windows computers, resulting in the largest downtime and clean-up cost to that date. The 2005 Zotob worm was blamed for security compromises on Windows 2000 machines at the U.S. Department of Homeland Security, the New York Times Company, ABC and CNN.