With Windows Server 2008, the Microsoft Windows Server team introduced a new installation option –Server Core.
Server Core is a “minimal install” option of Windows Server that excludes much of the GUI and many applications – such as Internet Explorer and Windows Media Player – that would be present in a default installation.
In this very short report (download the full report), I perform a brief analysis how much smaller the software footprint is for Windows Server 2008 Server Core and examine a theoretical Server Core version of Windows Server 2003 over the past two years to gauge how much Server Core might convey in terms of reducing security updates.
As shown in the chart, looking at the Windows Server Security Bulletins over the past two years, 40% of them would not have applied to a theoretical Server Core build. The results of the analysis are encouraging in terms of security progress. Check back in a few weeks and I’ll publish my 90 day vulnerability study for Windows Server and we’ll look at how this potential is being fulfilled…