News

Microsoft Products Get Security Certified

Microsoft recently took another small step in its Trustworthy Computing initiative by obtaining security certification for a number of updated products.

The offerings that gained Common Criteria certification:

  • Windows Server 2003, Standard Edition (32-bit version) with SP1
  • Windows Server 2003, Enterprise Edition (32-bit and 64-bit versions) with SP1
  • Windows Server 2003, Datacenter Edition (32-bit and 64-bit versions) with SP1
  • Windows Server 2003 Certificate Server, Certificate Issuing and Management Components (CIMC) (Security Level 3 Protection Profile, Version 1.0)
  • Windows XP Professional with SP2
  • Windows XP Embedded with SP2

    Some earlier versions of those products had already attained CC certification, but without the service pack additions. The announcement hasn’t garnered much media attention, but it should boost Microsoft’s security reputation, which continues to suffer hits over vulnerabilities in Internet Explorer.

    That’s because CC certification is independent of Microsoft. CC is an international consortium of organizations that’s established a set of common security standards it applies to products, which are submitted by companies for testing. If the products meet those standards, it’s awarded the CC certification. The higher the certification level, the better it meets agreed-upon security guidelines. And all products, whether they be from Microsoft, Oracle, CA and so on, get tested the same way for the same level. The Microsoft products attained Evaluation Assurance Level (EAL) 4, the top level for operating systems.

    Microsoft compares favorably with other competing OS vendors. For example, Sun Solaris 9 achieved EAL 4; Mac OS X achieved EAL 3; Red Hat Enterprise Linux 3 achieved EAL 2; and SuSE Linux Enterprise Server Version 9, SP2 achieved EAL 3.

  • About the Author

    Keith Ward is the editor in chief of Virtualization & Cloud Review. Follow him on Twitter @VirtReviewKeith.

    Featured

    • Microsoft Offers Support Extensions for Exchange 2016 and 2019

      Microsoft has introduced a paid Extended Security Update (ESU) program for on-premises Exchange Server 2016 and 2019, offering a crucial safety cushion as both versions near their Oct. 14, 2025 end-of-support date.

    • An image of planes flying around a globe

      2025 Microsoft Conference Calendar: For Partners, IT Pros and Developers

      Here's your guide to all the IT training sessions, partner meet-ups and annual Microsoft conferences you won't want to miss.

    • Notebook

      Microsoft Centers AI, Security and Partner Dogfooding at MCAPS

      Microsoft's second annual MCAPS for Partners event took place Tuesday, delivering a volley of updates and directives for its partners for fiscal 2026.

    • Microsoft Layoffs: AI Is the Obvious Elephant in the Room

      As Microsoft doubles down on an $80 billion bet on AI this fiscal year, its workforce reductions are drawing scrutiny over whether AI's ascent is quietly reshaping its human capital strategy, even as official messaging avoids drawing a direct line.