But in a statement Microsoft said the reported exploit was in fact a known, patched, flaw: "This exploit is a known issue that Microsoft had discovered internally and addressed with the latest release of Internet Explorer 6.0 Service Pack 1."Source: VNUnet
Security experts are still warning the stolen code could pose dangers, however. European security firm Ubizen warns that the code will increase the ability of hackers to identify vulnerabilities.
"The leak ultimately means that security holes can be more easily identified and exploited," said David Williamson, UK head of Ubizen.
"Without access to code, identifying a security hole is largely the result of guesswork and reverse engineering. Having access to the leaked code will mean that hackers can spot problems with the software more easily."
Microsoft: "Discovered exploit was already patched in IE6 SP1"
Posted on Tuesday, Feb 17 2004 @ 17:36 CET by Thomas De Maesschalck
Microsoft has responded to the claim from a hacker who had made an exploit for IE5 with the aid of the leaked Windows 2000 source code. Microsoft has investigated the report of the exploit for Internet Explorer and came to the conclusion that this leak was already discovered internally and patched in IE6 SP1.