Microsoft is investigating how a file containing some protected source code to Windows 2000 was posted to several underground sites and chat rooms.

A spokesman said late Thursday that incomplete portions of Windows 2000 and Windows NT were illegally posted to the Internet.
“It’s illegal for third parties to post Microsoft source code,” spokesman Tom Pilla said. “We obviously take that very seriously.”

Microsoft said it is investigating how the code got on the Internet and is working with law enforcement. “We will take all appropriate legal actions as we move forward with the investigation,” Pilla said.

Pilla said that the company has no indication that the posting was a result of someone breaching Microsoft’s corporate network and said at this point there should be no impact on customers. As for the long-term security impact, Pilla noted that “this is not buildable or executable code…nor is it the complete source code.”

The 203MB file contains code from Microsoft’s enterprise operating system, but the code was clearly incomplete, said Dragos Ruiu, a security consultant and the organizer of the CanSecWest security conference, who has examined the file listing.

“It was on the peer-to-peer networks and IRC (Internet relay chat) today,” Ruiu said. “Everybody has got it; it’s widespread now.”

The 203MB file expands to just under 660MB, he said, noting that the final code size almost perfectly matches the capacity of a typical CD-ROM. The entire source code, he said, is believed to be about 40GB, meaning that the file circulating Thursday is only a fraction of the full code base.

guys any plan to open sourceforge project?

more from [url=http://news.com.com/2100-7349_3-5158496.html?tag=nefd_top]News dot COm[/url]

---

Filed under: m$ - @ February 13, 2004 2:31 pm