Microsoft audits leaked code

Microsoft is conducting a security review of the Windows 2000 and NT 4.0 source code leaked onto the internet earlier this month...

Microsoft is conducting a security review of the Windows 2000 and NT 4.0 source code leaked onto the internet earlier this month to determine if there is any risk to its customers.

The code was checked before its commercial release, but Microsoft is taking another look at it with more modern review tools.

"Since the commercial release of the source code that was leaked, more sophisticated tools and processes have been developed, and there have been numerous improvements in the security review process," the company said. 

Analysts and security experts have warned that the Windows source code breach could lead to an increase in cyberattacks because it would make it easier for hackers to find holes in the operating systems. However, the leaked source code is old and many issues have already been fixed by patches and service packs.

Still, a bug hunter last week claimed to have uncovered a security flaw in Internet Explorer 5 by studying leaked source code. Microsoft said the problem is a known issue that it had discovered already and fixed in version 6.0. The company was investigating why the flaw was not patched in version 5, which is used by millions of internet users worldwide.

"To thoroughly determine whether or not our customers may be impacted by the unauthorised release of this source code, we are reviewing it again," Microsoft said. The company has not assigned a timeline to its review and has yet to decide how to respond to anything the review may uncover.

Windows 2000 was introduced in 2000 and Windows NT 4.0 was introduced in 1996.

Microsoft has not commented on how much of the Windows 2000 and NT 4.0 code was leaked, saying only that it is a portion of the code. It has started an internal investigation into the leak and has called in the FBI.

Last week, Microsoft warned Internet users not to download the code because it is legally protected intellectual property.

Joris Evers writes for IDG News Service

Read more on IT risk management

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.