Windows 2000 & Windows NT 4 Source Code Leaks

I posted this in the CPU forum but it's not generating much interest. So I thought I'd post hear.

Copied from Neowin.net

Neowin has learned of shocking and potentially devastating news. It would appear that two packages are circulating on the internet, one being the source code to Windows 2000, and the other being the source code to Windows NT. At this time, it is hard to establish whether or not full code has leaked, and this will undoubtedly remain the situation until an attempt is made to compile them. Microsoft are currently unavailable for comment surrounding this leak so we have no official response from them at the time of writing.

This leak is a shock not only to Neowin, but to the wider IT industry. The ramifications of this leak are far reaching and devastating. This reporter does not wish to be sensationalist, but the number of industries and critical systems that are based around these technologies that could be damaged by new exploits found in this source code is something that doesn't bare thinking about.

We ask that for the wider benefit of the IT community that members and readers support Microsoft by forwarding anything they know about the leak to the Microsoft's Anti-Piracy department.




http://www.betanews.com/article.php3?sid=1076632515


Microsoft Investigates Leak of Windows Source Code
By Nate Mook and David Worthington, BetaNews
February 12th, 2004, 7:35 PM


UPDATED Microsoft is currently investigating a potential severe security breach that has let loose onto the Internet source code for its Windows 2000 operating system. Portions of the code viewed by BetaNews contain a mix of library files, executables, text documents, scripts, and un-compiled code.

In addition, rumors have begun to circulate claiming that the source code to Windows NT4 has also gone astray.

It is currently unknown how much of the source has been compromised, and just how damaging its disclosure will be for Microsoft.

The claimed Windows 2000 source code archive contains 30,915 files totaling approximately 13.5 million lines. The source is dated July 25, 2000, placing it after the official release of the operating system, which was rumored to contain between 35 and 50 million lines of code in its entirety.

Early references to "Whistler" -- the code-name for Windows XP -- can be found in the files, which is consistent with the post-Windows 2000 time frame. An internal alpha version of Whistler leaked in March 2000.

A Microsoft spokesperson told BetaNews that the company was looking into this as a matter of due diligence. "At this time, all we have to say is the rumor regarding the availability of Windows source code is based the speculation of an individual who saw a small section of un-identified code and thought it looked like Windows code," the spokesperson said. "If a small section of Windows source code were to be available, it would be a matter of intellectual property rights rather than security."

Sources indicates the leak is valid, but incomplete. Comments -- which are added to track changes to source code during development -- refer to specific bugs, Microsoft employees, and even organizational charts. Product code names are abound, with references to Daytona, Cairo, and Memphis, as well as beta timetables. The archive contains graphics files for Windows 2000 and Internet Explorer 5.0 included in resource files, according to sources.

Comments such as, "potentially off-by-1, but who cares..." are buried within code for the Windows Taskbar. Sources tell BetaNews there is no reference that calls Netscape developers "Weenies," as was alleged in court documents. Other comments range from mundane technical jargon to all out profanity.

This is not the first time Microsoft has experienced a code leak. Incomplete source to Microsoft's DOS version 6.22 surfaced years ago, but received little attention due to its obsolescence.

Senior Jupiter Research analyst Joe Wilcox told BetaNews he was surprised by the news. "I find it hard to believe that source code would leak. After all, companies put source code under lock and key, typically with no outside access available. That said, a substantial leak would be devastating for Microsoft."

"A source code leak would present multiple problems for Microsoft," explained Wilcox. "First, the loss of valuable intellectual property worth hundreds of millions in development cost. Second, hackers could look for and exploit new security vulnerabilities. That could create credibility loss for Microsoft, as some businesses question the security of Windows. Finally, Windows NT and 2000 are the foundation of Windows XP."

If I glanced at a spilt box of tooth picks on the floor, could I tell you how many are in the pile. Not a chance, But then again I don't have to buy my underware at Kmart.

what are you talking about? this could be very bad news! you know how much easyer it would be to write exploits if someone had the source code to windows?

wpdclan.com cs game server - 69.12.5.119:27015
now featuring (optional) cheating death!

PF is the king of retarded links. He's just keeping his crown nice and shiny.

<font color=blue>War</font color=blue> <font color=orange>Eagle</font color=orange>

Well if you are 10 or so I'd just let it slide. No sence picking on the young they can be foolish and have lots to learn.

anyway thats why I asked.

BTW this no longer appears to be a roumor looks to be factual, not sure how much of the source code was leaked. The consquences of this could be far reaching to little at all, only time will tell but the potential is there and real. It all depends on how many have it and what they intend to do with it.

If I glanced at a spilt box of tooth picks on the floor, could I tell you how many are in the pile. Not a chance, But then again I don't have to buy my underware at Kmart.

What would be worse if people finally started giving a flying fuc|< about exploiting linux, since they have the "full" source code to it.

<pre> /\
|| (-: Fun with ASCII :-)
/\/\||/\/|
\ /
\______/
| |
| |
</pre><p>

Well it seems that linux needs a security patch now too. Its going to be interesting to see if these sort of attacks continue. On one side you have a whole lot of people working to fix the problems in linux. On the other side you have a corporation with people payed to fix the problems in windows. However I agree it would be interestig if Microsoft did start attacking linux in marketing and security attacks to try and limit its growth. And who is to stop them from doing it !

<pre> /\
|| (-: Fun with ASCII :-)
/\/\||/\/|
\ /
\______/
| |
| |
</pre><p>Thats not a bug, its an undocumented feature....