Yesterday morning, one of my Microsoft contacts popped open an Instant Messaging (IM) window and asked me whether I'd seen something he discovered online. He then showed me part of the Windows 2000 source code called WINVER.C, which was dated March 8, 1989. Within minutes, I was examining this and other source-code snippets, including one Windows NT architect David Cutler wrote. Within hours, the word was out: Partial source-code listings for Win2K and NT 4.0--the crown jewels of software code that are used to assemble those OSs into actual working software--had been leaked to the Internet. The IT world was suddenly abuzz with the potential ramifications of the leak.
Microsoft finally acknowledged the leak. "On Thursday, Microsoft became aware that portions of the Microsoft Windows 2000 and Windows NT 4.0 source code were illegally made available on the Internet," the company wrote in a statement issued late yesterday. "It's illegal for third parties to post Microsoft source code, and we take such activity very seriously. We are currently investigating these postings and are working with the appropriate law enforcement authorities. At this point it does not appear that this is the result of any breach of Microsoft’s corporate network or internal security. At this time there is no known impact on customers. We will continue to monitor the situation."
The Win2K portion of the source code is almost 700MB and includes more than 30,000 files but is reportedly just part of the code a person would need to assemble the bits into a working OS, assuming that person could also somehow conjure up the appropriate build procedure. (Microsoft says that the 30,000 files that have leaked are about 15 percent of the full source code.) And although the buzz about this leak will be huge for a few days, just about everyone should realize that the leak was inevitable. In recent years, Microsoft has opened its source code to educators, governments, and IT professionals in a bid to remove any latent fears about the company hiding suspicious functionality in its proprietary systems. Furthermore, experts who have already viewed the source code say that much of it appears to be code for Microsoft Paint, the free imaging application that ships in various Windows versions.