Microsoft is engaged in a "security review" of the Windows 2000 and NT 4.0 source-code that was leaked onto the Internet this month to assess if there's any risk for its customers as a consequence of the leak.
The code was checked prior to its commercial release, but Microsoft is taking another look at it with more modern review tools.
"Since the commercial release of the source-code that was leaked, more sophisticated tools and processes have been developed, and there have been numerous improvements in the security review process," the company said.
Analysts and security experts have warned that the Windows source-code breach could lead to an increase in cyberattacks because it would make it easier for hackers to find holes in the operating systems. However, the leaked code is old and many issues have already been fixed by patches and service packs.
One expert countered this last week when he claimed to have uncovered a security flaw in Internet Explorer (IE) 5 by studying the leaked code. Microsoft said the problem is a known issue that it had discovered already and fixed in IE 6.0. The company was investigating why the flaw was not patched in IE 5, which is used by millions of Internet users worldwide.
"In order to thoroughly determine whether or not our customers may be impacted by the unauthorized release of this source code, we are reviewing it again," Microsoft said. The company has not assigned a timeline to its review and has yet to decide how to respond to anything the review may uncover, according to the statement.
The company maintains that the leak has had no known impact to its customers.
Source code is pre-compiled code in the form of readable lines of text, usually with comments. It can be compiled into code that can run but can't be read. The Windows code on users' PCs is all compiled code.
Microsoft has not commented on how much of the Windows 2000 and NT 4.0 code was leaked, saying only that it is a portion. It has started an internal investigation into the leak and has called in the FBI.
Microsoft has also warned Internet users not to download the code because it is legally protected intellectual property.