Stories are poping up all over the web that Microsoft was hacked and they source code for Windows is in the hands of hackers and being exploited:

Neowin has learned of shocking and potentially devastating news. It would appear that two packages are circulating on the internet, one being the source code to Windows 2000, and the other being the source code to Windows NT. At this time, it is hard to establish whether or not full code has leaked, and this will undoubtedly remain the situation until an attempt is made to compile them. Microsoft are currently unavailable for comment surrounding this leak so we have no official response from them at the time of writing.

This leak is a shock not only to Neowin, but to the wider IT industry. The ramifications of this leak are far reaching and devastating. This reporter does not wish to be sensationalist, but the number of industries and critical systems that are based around these technologies that could be damaged by new exploits found in this source code is something that doesn't bare thinking about.

We ask that for the wider benefit of the IT community that members and readers support Microsoft by forwarding anything they know about the leak to the Microsoft's Anti-Piracy department.

Get the stories here:

Microsoft Source Code Leaked Over Web (http://apnews.excite.com/article/20040213/D80M46CO1.html)

Exclusive: Windows 2000 & Windows NT 4 Source Code Leaks (http://neowin.net/comments.php?id=17509&category=main)

Windows 2000 & Windows NT 4 Source Code Leaks (http://slashdot.org/articles/04/02/12/2114228.shtml?tid=109&tid=187)

Richard

Richard,

For people like myeslf who are not IT experts, what exactly does this mean?

Does it mean hackers could gain access to virtually any system worldwide? Banks, Gov agencies etc?

Could they even go as far as to shut down the WWW?

OneWorld22,

With this Source Code in the hands of hackers, we will see a large number of security holes uncovered in NT, 2000, XP, 2003 (since a lot of the code is re-used).

Take Care,

Richard

Hey, OneWorld22, don't panic out there!.. Here are some reasons why:

(a) Remember that not all the world runs on Windows! In fact, many firms deliberately avoid Microsoft because of the large number of security breaches.

(b) Even if the source code were viewed by hackers, all they would have access to would be systems protected by Microsoft. Yes, potentially bad news - but nobody protects their business critical systems with only Microsoft windows security.

So keep an eye on Windows updates, but don't panic!

Considering MS gave the windows code to the governments of Russia, China, and India, Ewe Kai, and others as far back as over a year ago, is this a Jackson style who let the wardrobe malfunction happen publicity for free advertising?

Considering one of the major threats acknowledged to national security is the widespread crashing of computer systems, letting the cat out of the bag to foreign governments to create havoc with would be far less than what some poor old 13 yr old hacker could come up with.

I'm glad I didn't "Upgrade" from Windows 98.

/* Source Code Windows 2000 */

#include "win31.h"
#include "win95.h"
#include "win98.h"
#include "workst~1.h"
#include "evenmore.h"
#include "oldstuff.h"
#include "billrulz.h"
#include "monopoly.h"
#include "backdoor.h"
#define INSTALL = HARD

char make_prog_look_big(16000000);
void main()
{
while(!CRASHED)
{
display_copyright_message();
display_bill_rules_message();
do_nothing_loop();

if (first_time_installation)
{
make_100_megabyte_swapfile();
do_nothing_loop();
totally_screw_up_HPFS_file_system();
search_and_destroy_the_rest_of-OS2();
make_futile_attempt_to_damage_Linux();
disable_Netscape();
disable_RealPlayer();
disable_Lotus_Products();
hang_system();
} //if
write_something(anything);
display_copyright_message();
do_nothing_loop();
do_some_stuff();

if (still_not_crashed)
{
display_copyright_message();
do_nothing_loop();
basically_run_windows_31();
do_nothing_loop();
} // if
} //while

if (detect_cache())
disable_cache();

if (fast_cpu())
{
set_wait_states(lots);
set_mouse(speed,very_slow);
set_mouse(action,jumpy);
set_mouse(reaction,sometimes);
} //if

/* printf("Welcome to Windows 3.1"); */
/* printf("Welcome to Windows 3.11"); */
/* printf("Welcome to Windows 95"); */
/* printf("Welcome to Windows NT 3.0"); */
/* printf("Welcome to Windows 98"); */
/* printf("Welcome to Windows NT 4.0"); */
printf("Welcome to Windows 2000");

if (system_ok())
crash(to_dos_prompt)
else
system_memory = open("a:\swp0001.swp",O_CREATE);

while(something)
{
sleep(5);
get_user_input();
sleep(5);
act_on_user_input();
sleep(5);
} // while
create_general_protection_fault();

} // main

Seriously, I don't think this is going to be a giant deal from the security point of view. It's only a part of the 2000 code anyway, not the complete mess. Sure, someone will find a few more unchecked buffers that could be exploited, but it's unlikely to drive a coach and four through the basic secrity (sic.) model.

I wouldn't be surprised if BillG had done it on purpose anyway for his own nefarious reasons. It poses a considerable problem for developers who may now have to proove that they haven't seen and inadvertently taken advantage of undocumented calls.

Calm down!