Windows Source Code Leak?
 

http://news-content.search.com.com/search?nodeid=7349
http://www.eweek.com/article2/0,4149,1526390,00.asp
http://www.infoworld.com/article/04/...croleak_1.html

Microsoft probes possible Windows source code leak

By Joris Evers, IDG News Service February 12, 2004

Microsoft is investigating rumors that the secret code underlying its Windows NT and Windows 2000 operating systems has leaked out and is available on the Internet, a company spokeswoman said Thursday.

The supposed leak was reported by Microsoft enthusiast Web site Neowin.net, which called it "shocking and potentially devastating news." The source code of the two OSes (operating systems) are rumored to be spreading on a peer-to-peer file-sharing network as well as on IRC (Internet relay chat).

"The rumor regarding the availability of Microsoft source code is based on the speculation of an individual who saw a small section of unidentified code and thought it looked like Windows source code. Microsoft is looking into this as a matter of due diligence," the spokeswoman said.

IDG News Service was shown Web pages that appear to contain a directory listing of the packages of Windows 2000 and Windows NT source code, as well as some actual source code that appears to be part of the Windows NT Task Manager. The contents of the pages could not immediately be verified.

If the source code for Windows 2000 and Windows NT has indeed been leaked, the ramifications would be far reaching. A breach of the code could expose users to an increase in cyberattacks because it would make it easier for hackers to find holes in the operating systems that they can exploit. It would also mean that Microsoft's closely guarded intellectual property is now out in the open, said Joe Wilcox, a Washington, D.C.-based Jupiter Research senior analyst.

"I would consider it fairly unlikely that the Windows 2000 and Windows NT source code has leaked. However, if any source for either operating system were to leak on the Internet it would be devastating for Microsoft," he said.

This would not be the first time that Microsoft faced a leak of its source code. In 2000 it confirmed that outsiders had accessed some of the code underlying a version of Windows as well as Office.

I haven't come across these files either on IRC or P2P networks so far. And if the said source is authentic, boy were in for a rough ride.

Re: Windows Source Code Leak?
 

:uu:

Riiiiight....

Have a look, if you can find it...

Source

Windowsbeta.Net has noticed that the Windows 2000 Source Code is spreading wild over the internet. Here are some info:

Filename: Windows.Source.Code.w2k.nt4.wxp.tar
Size: 195 MB
Source File List: here

Windowsbeta.net does NOT encurage people to download the source. Downloading the source is illegal.

It seems that the first exploit based on findings from the leaked source code has already been created.

- tg :WA:

Yup, that's the first of many to come(?). And I myself know many people still running IE5. It's fairly easy for an attacker to send an email with a bmp attachement and the user with preview mode on by default, could inadvertently open it in Outlook Express (which uses the IE rendering engine). Pw3n3d.

And you won't even believe the kind of things people do by the way of handling attachments. Just the other day, I was on the phone with this dude that downloaded a malware exe from Yahoo! webmail on to the desktop, from an entirely unknown source, merrily double clicked and watched the fireworks fly. ;)

Included is source to Winsock, which means we can probably expect all kinds of low level network exploits (if there are any holes that is), not just the relatively cheesy BMP loader exploit that is currently floating around. Amusing how quickly these exploits are coming; MS had years and years to look at their code, and they are always saying how secure Windows is. Yeah, we'll see about that.