Microsoft threatens code sharers but admits IE flaw

19 February 2004 Microsoft is following the example of SCO and the Record Industry Association of America by sending letters to individuals it knows have distributed copies of its leaked source code, warning them that they are in breach of copyright law.

But such measures may already be too late, as the Redmond, Seattle-based software giant has admitted that a vulnerability in an older version of its web browser software, Internet Explorer 5 (IE5), was discovered as a result of analysing the leaked Windows 2000 code.

Mike Reavey, security program manager for Microsoft, admitted the vulnerability, but added that the latest version of the browser, IE6, was not affected. Indeed, Microsoft programmers had been aware of the fault and fixed it in IE6.

Microsoft also took the opportunity to recommend that users of IE5 upgrade to more up-to-date software. It is estimated that between 10% and 15% of Internet users still browse with IE5.

However, the news will fuel security experts’ fears that the leaked code could result in a rash of security scares. Many were sceptical that Microsoft’s legal warnings would scare off serious hackers poring through the code for other vulnerabilities.

A statement from Microsoft on the illegal posting of its leaked code said: “Microsoft source code is both copyrighted and protected as a trade secret. As such, it is illegal to post it, make it available to others, download it or use it. Microsoft will take all appropriate legal actions to protect its intellectual property.”

As well as writing threatening letters, Microsoft has also posted warnings on file-sharing websites which could be used to distribute its code. Even searching for the code is illegal, the company claims.

The warning threatens those downloading and distributing the code with “severe civil and criminal penalties”. It goes on to make three demands: “cease making Microsoft’s source code available or otherwise distributing it; destroy any and all copies you may have in your possession; and provide us any and all information about how you came into possession of this code.”

Avatar photo

Ben Rossi

Ben was Vitesse Media's editorial director, leading content creation and editorial strategy across all Vitesse products, including its market-leading B2B and consumer magazines, websites, research and...

Related Topics