Microsoft Says Parts of Source Code Leaked

Found on Washington Post on Thursday, 12 February 2004

Microsoft Corp. last night confirmed that portions of the source code for two versions of its Windows operating system have leaked onto the Internet, a security breach that could give hackers important intelligence about how to exploit flaws in software run by many of the world's computers.

A leak of any portion "could dramatically increase the probability that new zero-day vulnerabilities will be found," said Alan Paller, director of research at the SANS Institute, a security training group based in Bethesda.

Thor Larholm, senior security researcher at Newport Beach, Calif.-based PivX Solutions, said the Windows source code file being traded on the Internet appears to be roughly 660 megabytes in size, about one CD-ROM's worth of data. That is far short of the estimated 40 gigabytes of data that make up the entire Windows code.

Now it is official. Since it is not the complete source, MS won't have to fear a flood of new Windows OS's; perhaps even the amount of exploits won't increase much, because it is only about 1.6% of the source. It gets a lot of attention simply because it is MS code; but I doubt the effects will be devastating.

Browse all articles« Previous « » Next »