Microsoft Probing Windows Code Leak

By Susan Kuchinskas and Michael Singer

UPDATE: Microsoft confirmed late Thursday that portions of Windows 2000 and NT operating systems’ source code “were illegally made available on the Internet.”

The company said it’s illegal for third parties to post Microsoft source code, “and we take such activity very seriously. We are currently investigating these postings and are working with the appropriate law-enforcement authorities.”

The company said at this point it does not appear that this is the result of any breach of Microsoft’s corporate network or internal security. “At this time there is no known impact on customers. We will continue to monitor the situation.”

The confirmation came after rumor sites lit up Thursday over an item on NeoWin, a tip sheet site, which reported that Windows 2000 and Windows NT source code were leaked and available on the Internet. According to the NeoWin posting, “two packages are circulating on the internet, one being the source code to Windows 2000, and the other being the source code to Windows NT.”

Microsoft said the company had not pinpointed the source of the leak.

IDC research director Al Gillen said too many questions remain unanswered at this point, such as which part of the code and what form it was in when compromised. “That all has to be answered before you can even start to assess how serious it is for Microsoft,” Gillen told He pointed out that the entire application contains some 40 million lines of code. “I don’t think that someone is going to zip that up and send it around.”

There could be plenty of suspects on the source of the leak. More than 50 universities participate in the Microsoft Shared
Source Initiative (SSI)
, which makes parts of the operating system code available to select developers.

Microsoft’s SSI makes various portions
of code
available to academics and students in the hope that they might choose to work with it instead of or in addition to open source.

There are two real threats to Microsoft if substantial code has been leaked, according to Yankee Group senior analyst Laura Didio: even worse security for Microsoft applications and bootleg copies of the software being passed around.

Other implications, according to online security experts, are that attackers may be able to more easily craft vulnerabilities and other attacks against Windows 2000 and Windows NT operating systems.

John Watters, CEO and chairman of network security firm iDEFENSE, said as a result of the leak, vulnerabilities will surface at a much faster rate.

“Companies need to actively monitor potential and emerging exploits and threats against their networks. Microsoft will undoubtedly implement a quicker patch release schedule,” he said in a statement.

Ken Dunham, director of malicious code intelligence at the firm, said the integrity of the leaked files, outside of Microsoft, cannot be verified. Still, he said the incident has increased the threat level for anyone using Microsoft Windows 2000 and Windows NT.

Didio told that valid threats are on the increase because the people creating the attacks are more sophisticated — and the technology is more available.

Even if the intercepted code were limited to the 100 million aggregate lines distributed as part of Microsoft’s Shared Source program, Didio pointed out that that might be enough to modify and launch future attacks.