MS Duck and Cover

Just when you thought the Windows security picture couldn’t get any worse, Microsoft confirmed Friday that source code from its well-worn Windows NT 4.0 and Windows 2000 operating systems had been leaked on the Internet.

On Feb. 10, the company announced two new security holes that affect all of the company’s desktop and server operating systems, one of which is potentially as dangerous as the flaw exploited by last year’s MSBlast worm.

But the leak of source code raises the threat considerably for companies running Windows desktops and servers. While Microsoft is downplaying the immediate risk to its customers, there’s plenty of reason to be alarmed.

While the source code that is now running loose in the wild is from Microsoft’s older operating systems—Microsoft stopped supporting NT 4.0 desktop systems and Windows 2000 is nearing the end—there are still large numbers of systems that run on them. More importantly, portions of the code may still be part of Microsoft’s most recent versions of Windows.

This creates something of a Cuban Missile Crisis for Windows user. Anyone interested in finding new security holes in Microsoft’s operating system might now be able to find vulnerabilities right in the source code. As a result, they could exploit those holes before Microsoft can issue a patch, and attacks could come without warning.

The actual risk from the leaked source code may turn out to be negligible. People who do nothing to protect their companies may emerge unscathed. But until Microsoft confirms which code has been leaked, and gives a clear picture of the risk that the code places on its customers, there’s no telling what will get thrown at Windows systems, from where, or when. Times like these call for paranoia.

Here are a number of steps you can take right now to reduce short-term risk to your systems:

  • Patch everything pronto
    Make sure that you’ve got all your systems on a network up to the most recent set of Microsoft hot-fixes. That’s easier said than done; you’ll need to ensure that the patches don’t break any of your current applications. For anything that is broken by the patch, you’ll have to make the call–is this important enough to the company to risk leaving systems open to attack?
  • Tighten up your firewalls, both at the edges of your network and within it
    Take a hard look at the types of network traffic you’re letting pass through firewalls; if it isn’t essential to a critical application, then shut it down.
  • If you don’t have patch management software, get it
    If Microsoft is forced to pick up the pace of deploying fixes to security holes, then the task of manually managing the installation of fixes will become a major resource drain—and the longer it takes to roll out each new patch, the greater your window of vulnerability.
  • Watch your network traffic like a hawk
    Baseline the types of traffic on your network now, and watch for spikes that can’t be explained by normal application usage. One of the latest known bugs in Windows, for example, exploit the Windows Internet Name Service (WINS)–a sudden peak in WINS requests might indicate an attack.
  • Consider your options
    If you’re running an all-Microsoft infrastructure, this may be the time to consider adding some diversity to your infrastructure. Investigate whether you can move some applications to other operating systems as a backup or outright replacement. Weigh the cost of investing in training staff, migration of applications and additional systems management against the potential cost of an outage or loss of data; but remember the probability of that loss is now a lot higher.

    For some executives, these measures may seem obvious. But the damage done in the past year by threats that were already well known to the information technology community illustrates that people don’t always do what they obviously should.

    Feeling stuck in self-doubt?

    Stop trying to fix yourself and start embracing who you are. Join the free 7-day self-discovery challenge and learn how to transform negative emotions into personal growth.

    Join Free Now

  • Picture of Sean Gallagher

    Sean Gallagher

    TRENDING AROUND THE WEB

    If you recognize these 7 signs, you grew up with very little positive reinforcement

    If you recognize these 7 signs, you grew up with very little positive reinforcement

    The Blog Herald

    8 things you’ll learn from living with a narcissist, according to psychology

    8 things you’ll learn from living with a narcissist, according to psychology

    Global English Editing

    If you really want to be a true alpha in life, say goodbye to these 7 behaviors

    If you really want to be a true alpha in life, say goodbye to these 7 behaviors

    Personal Branding Blog

    8 signs a friend is quietly jealous of your success in life, according to psychology

    8 signs a friend is quietly jealous of your success in life, according to psychology

    Small Business Bonfire

    If a man displays these 10 behaviors, he wants to spend his life with you

    If a man displays these 10 behaviors, he wants to spend his life with you

    The Vessel

    People who flourish in their later years tend to follow these 8 practices

    People who flourish in their later years tend to follow these 8 practices

    Jeanette Brown