Stolen Windows code not critical weakness

The source code leak from Microsoft is not as serious as first feared, security experts have advised.

Early indications are that the code that has been published will be of limited use to hackers. The 658MB which has been posted online in a compressed file makes up less than two per cent of the total source code for Windows 2000 and NT.

"I wouldn't be panicking too much," said Graham Titterington, senior analyst at Ovum.

"Understanding source code is a difficult job even for skilled hackers, and it's unclear how much good it will do them."

Hackers are most likely to be focusing on finding system code levels, where the operating system interacts with other data. This gives an idea of the data structures that are passed backwards and forwards by the operating system.

Meanwhile the search has begun for the source of the leak, with industry watchers suggesting that it may have resulted from the company's Shared Source Initiative (SSI).

"It's the SSI I'd point my finger at," said Professor Neil Barrett, technical director of Information Risk Management.

"Because of the SSI a lot of people have code. For a hacker looking for vulnerable systems to penetrate it would be a lot easier to go for a third party."

"There's a high probability this comes from a third party," agreed Ovum's Graham Titterington.

"Microsoft does share its source code fairly widely and this is a likely source."

In a statement Microsoft said: "Windows source code for Windows 2000, XP and Server 2003 have been available through the SSI to over 3,000 customers, partners and governments for the past three years.

"For more than 12 years we have been providing Windows source code to universities in order to facilitate research.

"Microsoft now provides source code for a range of products to more than 800,000 developers through the Shared Source initiative."