Microsoft Responds to Security Issue

REDMOND, Wash., October 29, 2000 — Microsoft is working with law enforcement to resolve a situation — and to apprehend the person(s) responsible — in which a hacker gained access to certain parts of the company’s internal corporate network. The company has issued the following update:

“Our ongoing investigation has continued to narrow the scope of this situation. Microsoft security became aware of the illegal activity shortly after it first occurred and tracked the hacker’s attempts to expand his unauthorized access to our network over a 12 day period from October 14 to October 25.

“As we stated earlier, there is no evidence that the intruder gained access to the source code for Office or any Windows products. There is no evidence to suggest that any of Microsoft’s online services have been or will be affected by the incident, and we have no reason to believe that any customers have been or will be affected in any way. The security breach did not involve a security vulnerability in any Microsoft product.

“Also as stated earlier, the hacker may have viewed some source code under development for a future product. We remain confident based on all the evidence that no code has been modified or corrupted in any way.

“Due to the ongoing criminal investigation and our desire to apprehend the person(s) responsible, we cannot comment further on any details of this investigation. We appreciate the interest in this situation and will provide further information as appropriate.”

Related Posts

Ensuring Trusted Web Services

An XML filter, provided as free download “sample code,” plugs into Microsoft ISA Server, filtering Web services data at the application level to create better, more trusted Web services.