Microsoft updated its official statement yesterday regarding the partially leaked source code for Windows 2000 and Windows NT 4.0, noting that the company is investigating reports about an exploit of the Microsoft Internet Explorer (IE) version that originally shipped with Win2K. Separately, Microsoft acknowledged that the leak came from Israeli developer Mainsoft, which has had access to the Windows source code for years. Microsoft hired Mainsoft 4 years ago to investigate porting key applications such as IE and Microsoft Office to Linux.
"Investigation has shown \[that the source code leak\] was not the result of any breach of Microsoft's corporate network or internal security, nor is it related to Microsoft's Shared Source Initiative or its Government Security Program, which enable our customers and partners, as well as governments, to legally access Microsoft source code," the Microsoft statement says. "Microsoft continues to work closely with the US Federal Bureau of Investigation \[FBI\] and other law enforcement authorities on this matter. Microsoft source code is both copyrighted and protected as a trade secret. As such, it is illegal to post it, make it available to others, download it, or use it. Microsoft will take all appropriate legal actions to protect its intellectual property. These actions include communicating both directly and indirectly with those who possess or seek to possess, post, download, or share the illegally disclosed source code."
According to reports, the Win2K and NT source-code leak originated with a PC used by Mainsoft Director of Technology Eyal Alaluf, who's refusing contact with the media. Alaluf works at Mainsoft's Israel-based R&D center, the group that worked on the aforementioned Linux ports of Microsoft software. Officially, Mainsoft says only that it's cooperating fully with Microsoft and the FBI, which is running the investigation.