Microsoft Code Leak Invokes Issues Beyond Security

by Jay Lyman
www.TechNewsWorld.com,
Part of the ECT News Network
February 17, 2004


While the leak was limited to incomplete portions of the Windows 2000 and NT source code, Gartner research vice president Richard Stiennon told TechNewsWorld that the code is more than enough to enable attackers to punch holes in other Windows systems. It's sad that [the source code] was released, and it's sad it was written so [badly] from a security standpoint, he said.

The recent disclosure of a security hole revealed through the leak of Microsoft (Nasdaq: MSFT) Windows 2000 and NT source code is raising several issues that the software giant will have to face as a result of the breach. Analysts are indicating the leak could have a profound effect not only on the security of Microsoft's software, but also on the company's worldwide reputation.
In addition to the source-code leak, an alert from SecurityTracker indicates a vulnerability and related exploit in Internet Explorer version 5 was discovered over the weekend. The vulnerability itself, which does not affect Internet Explorer 6, does not stand out as a significant new weakness because Internet Explorer has been pummeled in the last several months by several vulnerabilities, exploits and attacks.

However, the source-code leak and the new IE vulnerability, taken together, mark the beginning of what is expected to be a painful period for Microsoft.
Forrester research director Michael Rasmussen told TechNewsWorld that the limited source-code leaks, although incomplete and for earlier versions of Microsoft's operating systems, have implications for other OSs, including Windows XP . I would say that on other Microsoft OSs that yes, there is exposure, Rasmussen said, because there's legacy code. Microsoft doesn't write every OS from scratch.

Advantage Attackers...........................................................

More at ECommerceNetwork