Secure Windows Initiative Trial by Fire: IIS 5.0 Printer ISAPI Buffer Overflow

Is Microsoft demonstrating their commitment to security when their flagship Windows 2000 server can be exploited with such a common and dangerous vulnerability? Has the Secure Windows Initiative been successful at encouraging a security mindset at Microsoft? Although, part of the SWI initiative is internal training and awareness, it is still unclear whether this will encourage and allow Microsoft developers to write secure code. However, overall Microsoft has done a pretty good job at providing administrators with the tools they need to initially secure their operating system, maintain an appropriate level of security, and to make them aware of patches through tools like HFCheck. Unfortunately, many of these problems could be prevented if Microsoft took a more secure approach to programming and a more closed box approach when shipping their server products. However, in the end it must be the administrators responsibility to make the box secure. If an administrator had followed Microsoft's recommendations and secured the system initially they would not have been vulnerable to this exploit.