Close
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity

    First Fallout from Code Leak Hits the Web

    By
    David Morgenstern
    -
    February 16, 2004
    Share
    Facebook
    Twitter
    Linkedin

      A security company on Monday alerted clients of a new vulnerability to Internet Explorer 5, one attributed to the recent leak of Microsoft Corp. Windows source code. The quick attack appears to contradict some optimistic expectations that the recent leak of Windows 2000 and NT code would not pose a significant opportunity for hackers.

      In a statement released late on Monday, the company said it was investigating the reported exploit, but added that “This exploit is a known issue that Microsoft had discovered internally and addressed with the latest release of Internet Explorer—Internet Explorer 6.0 Service Pack 1.”

      According to a message posted by SecurityGlobal.net LLCs Security Tracker Web site, a vulnerability was reported in Microsoft Internet Explorer Version 5 that lets a “remote user execute arbitrary code on the target system.”

      A hacked bitmap file can trigger an integer overflow and execute arbitrary code, the security bulletin said.

      The author of the warning said that this flaw was uncovered by reviewing the recently leaked Windows source code.

      “I downloaded the Microsoft source code. Easy enough. Its a lot bigger than Linux, but there were a lot of people mirroring it and so it didnt take long,” observed the anonymous programmer in his warning.

      The code is a portion of source from Windows NT 4.0 and Windows 2000 that made its way onto the Internet Thursday.

      “IE6 is not vulnerable, so I guess Ill get back to work. My Warhol worm will have to wait a bit…” wrote the author of the warning.

      The Redmond software company noted that it is continuing to work with the Federal Bureau of Investigation and other law-enforcement officials to investigate the source leak.

      According to the Monday statement, company officials reiterated the companys position that: “Microsoft source code is both copyrighted and protected as a trade secret. As such, it is illegal to post it, make it available to others, download it or use it. Microsoft will take all appropriate legal actions to protect its intellectual property.

      “Questions about the investigation should be referred to the FBI,” the statement added.

      Several analysts had predicted no immediate threat from the source code leak, since the amount of code presented on the Internet was limited.

      However, in comments offered on Friday, Ken Dunham, malicious-code manager at iDefense Inc., based in Reston, Va., said that vulnerabilities in the older Windows would likely be much easier to discover and exploit now after the leak of the source code.

      “There are a lot of implications to this. The situation just got a lot worse, in terms of vulnerabilities,” he said in an interview with an eWEEK reporter. “I imagine well be seeing a lot more this year because of this. Theres certainly enough in [the leaked code] to play with.”

      /zimages/1/28571.gifSecurity Center Editor Larry Seltzer said the release of Windows source code offers a novel, if widespread, laboratory to test the relative security claims of Windows and open-source operating systems. Click here to read more.

      This warning follows a string of recent vulnerabilities concerning Internet Explorer. Earlier this month Microsoft released a cumulative patch covering a dangerous Internet Explorer vulnerability that let attackers trick customers into visiting malicious sites.

      Dennis Fisher, eWEEK, contributed to this story.

      /zimages/1/28571.gifCheck out eWEEK.coms Security Center at security.eweek.com for security news, views and analysis.

      (Editors note: This story has been updated since its original posting to include comment from Microsoft.)

      David Morgenstern
      David Morgenstern is Executive Editor/Special Projects of eWEEK. Previously, he served as the news editor of Ziff Davis Internet and editor for Ziff Davis' Storage Supersite.In 'the days,' he was an award-winning editor with the heralded MacWEEK newsweekly as well as eMediaweekly, a trade publication for managers of professional digital content creation.David has also worked on the vendor side of the industry, including companies offering professional displays and color-calibration technology, and Internet video.He can be reached here.

      MOST POPULAR ARTICLES

      Cybersecurity

      Visa’s Michael Jabbara on Cybersecurity and Digital...

      James Maguire - May 17, 2022 0
      I spoke with Michael Jabbara, VP and Global Head of Fraud Services at Visa, about the cybersecurity technology used to ensure the safe transfer...
      Read more
      Cloud

      Yotascale CEO Asim Razzaq on Controlling Multicloud...

      James Maguire - May 5, 2022 0
      Asim Razzaq, CEO of Yotascale, provides guidance on understanding—and containing—the complex cost structure of multicloud computing. Among the topics we covered:  As you survey the...
      Read more
      Big Data and Analytics

      GoodData CEO Roman Stanek on Business Intelligence...

      James Maguire - May 4, 2022 0
      I spoke with Roman Stanek, CEO of GoodData, about business intelligence, data as a service, and the frustration that many executives have with data...
      Read more
      IT Management

      Intuit’s Nhung Ho on AI for the...

      James Maguire - May 13, 2022 0
      I spoke with Nhung Ho, Vice President of AI at Intuit, about adoption of AI in the small and medium-sized business market, and how...
      Read more
      Applications

      Cisco’s Thimaya Subaiya on Customer Experience in...

      James Maguire - May 10, 2022 0
      I spoke with Thimaya Subaiya, SVP and GM of Global Customer Experience at Cisco, about the factors that create good customer experience – and...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2021 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×