No Rumor: Windows Source Code Loose on the Net
UPDATED: Reports online late on Thursday circulated that the source code for Windows 2000 and Windows NT4 had been posted to an Internet download site. Microsoft denied the leak, but said the company is investigMicrosoft Corp. officials confirmed late Thursday that a portion of the source code for Windows NT and Windows 2000 has been posted on the Internet. The company said it did not believe the posting was the result of a security breach, which means that it is likely that someone who had a legitimate copy of the code is responsible for the leak. "On Thursday, Microsoft became aware that portions of the Microsoft Windows 2000 and Windows NT 4.0 source code were illegally made available on the Internet. Its illegal for third parties to post Microsoft source code, and we take such activity very seriously," the company said in a statement. "We are currently investigating these postings and are working with the appropriate law-enforcement authorities. At this point it does not appear that this is the result of any breach of Microsofts corporate network or internal security. At this time there is no known impact on customers." Having even small portions of the Windows source code freely available online is a nightmare scenario for Microsoft. The potential for piracy is lessened somewhat by the fact that a complete copy of the code isnt available. However, experts say that the real concern at this point is the damage that could be done by crackers who find unknown vulnerabilities in the code.
"Vulnerabilities in Windows NT and Windows 2000 will likely be much easier to discover and exploit now that the source code has been leaked to the Internet. This has increased the threat level for anyone using Microsoft Windows 2000 or NT, causing organizations to step up security measures and embrace predictive and rapid response intelligence systems," said Ken Dunham, malicious code manager at iDefense Inc., based in Reston, Va.