Download: Server Core Potential Security Benefit

With Windows Server 2008, the Microsoft Windows Server team introduced a new installation option –Server Core.

Server Core is a “minimal install” option of Windows Server that excludes much of the GUI and many applications – such as Internet Explorer and Windows Media Player – that would be present in a default installation.

In this very short report (download the full report), I perform a brief analysis how much smaller the software footprint is for Windows Server 2008 Server Core and examine a theoretical Server Core version of Windows Server 2003 over the past two years to gauge how much Server Core might convey in terms of reducing security updates.

chart

As shown in the chart, looking at the Windows Server Security Bulletins over the past two years, 40% of them would not have applied to a theoretical Server Core build. The results of the analysis are encouraging in terms of security progress.  Check back in a few weeks and I’ll publish my 90 day vulnerability study for Windows Server and we’ll look at how this potential is being fulfilled…

About the Author
Jeff Jones

Principal Cybersecurity Strategist

Jeff Jones a 27-year security industry professional that has spent the last decade at Microsoft working with enterprise CSOs and Microsoft's internal teams to drive practical and measurable security improvements into Microsoft products and services. Additionally, Jeff analyzes vulnerability trends Read more »