Just when you thought the Windows security picture couldnt get any worse, Microsoft confirmed Friday that source code from its well-worn Windows NT 4.0 and Windows 2000 operating systems had been leaked on the Internet.
On Feb. 10, the company announced two new security holes that affect all of the companys desktop and server operating systems, one of which is potentially as dangerous as the flaw exploited by last years MSBlast worm.
But the leak of source code raises the threat considerably for companies running Windows desktops and servers. While Microsoft is downplaying the immediate risk to its customers, theres plenty of reason to be alarmed.
While the source code that is now running loose in the wild is from Microsofts older operating systems—Microsoft stopped supporting NT 4.0 desktop systems and Windows 2000 is nearing the end—there are still large numbers of systems that run on them. More importantly, portions of the code may still be part of Microsofts most recent versions of Windows.
This creates something of a Cuban Missile Crisis for Windows user. Anyone interested in finding new security holes in Microsofts operating system might now be able to find vulnerabilities right in the source code. As a result, they could exploit those holes before Microsoft can issue a patch, and attacks could come without warning.