MSNNAMENNL.COM
welcome to my space
X
Article search:  
NAVIGATION: Home >>

Microsoft Probing Windows Code Leak

Published by: mike 2008-07-04

By Susan Kuchinskas and Michael Singer

UPDATE: Microsoft confirmed late Thursday that portions of Windows 2000 and NT operating systems source code were illegally made available on the Internet.

The company said its illegal for third parties to post Microsoft source code, and we take such activity very seriously. We are currently investigating these postings and are working with the appropriate law-enforcement authorities.

Host Vulnerability Summary Report::
File Format: PDF/Adobe Acrobat - View as HTMLThe FTP daemon exhibits a descriptor leak in the getcwd() (get current working The Microsoft Windows NT CSRSS.EXE Client Server Runtime Subsystem
http://documents.iss.net/literature/InternetScanner/reports/Line_Mgmt_Host_Vulnerability_Summary_Report.pdfHOME
The company said at this point it does not appear that this is the result of any breach of Microsofts corporate network or internal security. At this time there is no known impact on customers. We will continue to monitor the situation.

SQL 2000 - Cliff Hobbs - FAQShop.com, The Windows Management User ::
Internet Explorer 6.0 929874 A memory leak occurs in Internet Explorer 6 when you view a Web page that uses JScript scripting on a Windows XP-based computer
http://wmug.co.uk/blogs/cliffs_blog/archive/tags/SQL+2000/default.aspxHOME
The confirmation came after rumor sites lit up Thursday over an item on NeoWin, a tip sheet site, which reported that Windows 2000 and Windows NT source code were leaked and available on the Internet. According to the NeoWin posting, two packages are circulating on the internet, one being the source code to Windows 2000, and the other being the source code to Windows NT.

Microsoft said the company had not pinpointed the source of the leak.

IDC research director Al Gillen said too many questions remain unanswered at this point, such as which part of the code and what form it was in when compromised. That all has to be answered before you can even start to assess how serious it is for Microsoft, Gillen told internetnews.com. He pointed out that the entire application contains some 40 million lines of code. I dont think that someone is going to zip that up and send it around.

There could be plenty of suspects on the source of the leak. More than 50 universities participate in the Microsoft Shared Source Initiative (SSI), which makes parts of the operating system code available to select developers.

Microsofts SSI makes various portions of code available to academics and students in the hope that they might choose to work with it instead of or in addition to open source.

There are two real threats to Microsoft if substantial code has been leaked, according to Yankee Group senior analyst Laura Didio: even worse security for Microsoft applications and bootleg copies of the software being passed around.

Other implications, according to online security experts, are that attackers may be able to more easily craft vulnerabilities and other attacks against Windows 2000 and Windows NT operating systems.

John Watters, CEO and chairman of network security firm iDEFENSE, said as a result of the leak, vulnerabilities will surface at a much faster rate.

Companies need to actively monitor potential and emerging exploits and threats against their networks. Microsoft will undoubtedly implement a quicker patch release schedule, he said in a statement.

Ken Dunham, director of malicious code intelligence at the firm, said the integrity of the leaked files, outside of Microsoft, cannot be verified. Still, he said the incident has increased the threat level for anyone using Microsoft Windows 2000 and Windows NT.

Didio told internetnews.com that valid threats are on the increase because the people creating the attacks are more sophisticated -- and the technology is more available.

Even if the intercepted code were limited to the 100 million aggregate lines distributed as part of Microsofts Shared Source program, Didio pointed out that that might be enough to modify and launch future attacks.


Pre-Article:Technical Analysis: Just A Pullback So Far
Next-Article:Taking the Managers Certificate in IT Service Management

PRINT Add to favorites
  • 9/17: Sdbot.Fel Worm Spreads Via MSN Messenger
  • Game Over For Retail, Or Just CompUSA?
  • Yeast Infections Are Uncomfortable, Yet Common Problems
  • Benefiting from the IT Financial Management Process
  • use the code batch updated program which asp realizes, FSO to be related
  • Thomson Moves Watermarking into Consumer Devices
  • Women: 12 Secrets of Living
  • Microsoft To Appeal Latest Browser Ruling
  • Free Non Profit Debt Consolidation
  • Mind Your Packets with Ethereal

  • VoIP Can Give Your VPN a Voice
  • Experian Buys Comparison Engine PriceGrabber
  • MDX in Analysis Services: Optimizing MDX: More on Location, and the Importance of Arrangement
  • How to Appraise Your Current Home or Home You Are Going to Buy At True Market Value
  • Wi-Fi Planet 2007 Holiday Gift Guide
  • Why You Should Use A Virtual Assistant
  • Diversinet Extends Passport ONE Email Security to BlackBerry
  • What if you Get a Sony Psp as a Free Gift With Mobile Phone
  • The Awesome Marketing Power of Sequence, Repetition and Multiple Media
  		•
    Recent articles
     Homepage | Add to favorites | Contact us | Exchange links | LOGIN | Site map | 
    Copyright© 2008 msnnamennl.com        Site made:CFZ