13 February 2004 The raw source code for Microsoft Windows 2000 and NT 4.0 operating systems have been leaked and are spreading rapidly across ‘underground’ Internet chatrooms and peer-to-peer networks.
While the leak has raised fears that hackers could examine the code for potential security flaws, Microsoft has downplayed the risks and suggested that the source code in circulation represents less than 2% of the entire code base of the two operating systems.
Security specialists nevertheless remain concerned, as close inspection of the code by hackers may uncover security holes which could be exploited to gain access to corporate networks. A majority of Windows servers are still using Windows 2000 and NT 4.0 and it also provides the basis for the latest version, Windows Server 2003.
It is unclear when the code was stolen, leading to some wild speculation that the writers of highly damaging viruses targeted against Microsoft software, such as MyDoom and Blaster, may have had access to the leaked code.
The software giant maintains its own systems have not been breached, implying that hackers must have taken the code from one of the few partners that it allows to see its raw code. Microsoft is highly protective of its source code and fears competitors might steal its intellectual property. It has also based part of its attack against open source software on the supposed extra security that ‘closed source’ software gives.
A statement from Microsoft sought to reassure users: “At this time there is no known impact on customers. We will continue to monitor the situation.”