Microsoft is advising customers to move to Internet Explorer 6 Service Pack 1 and more recent patches following the leak of Windows NT and Windows 2000 source code to the Internet last week.
While downplaying the potential for hackers to uncover new vulnerabilities in Windows by having access to the source code, one top Microsoft Windows executive said during a monthly security briefing on Tuesday that customers using IE 5.x or IE 4.X versions should quickly download the latest IE code to protect their networks.
"Most of IE code is what was leaked," said Chris Jones, corporate vice president in the Windows Core Operating System Division, about the NT 4.0 and Windows 2000 code that leaked. "We don't believe [customers will be affected] so as long as they're current on the latest versions of IE. They need to move to IE 6 and security patches and service packs."
IE 6.0 Service Pack 1 was released during the fourth quarter of 2002 and is currently integrated into Windows XP Service Pack 1 and Windows Server 2003, Microsoft executives said. Jones also advised customers to access the latest security fixes and patches to address critical and important Windows and IE vulnerabilities, including a significant release earlier this month.
During the monthly security Webcast on Tuesday, Jones and Mike Nash, Microsoft's corporate vice president of the Security Business and Technology Unit, acknowledged Microsoft is actively investigating reports published over the weekend about a new IE vulnerability identified as a result of the leaked code.