News Windows 2000 & Windows NT 4 Source Code Leaks

From Neowin:

Neowin has learned of shocking and potentially devastating news. It would appear that two packages are circulating on the internet, one being the source code to Windows 2000, and the other being the source code to Windows NT. At this time, it is hard to establish whether or not full code has leaked, and this will undoubtedly remain the situation until an attempt is made to compile them. Microsoft are currently unavailable for comment surrounding this leak so we have no official response from them at the time of writing.

This leak is a shock not only to Neowin, but to the wider IT industry. The ramifications of this leak are far reaching and devastating. This reporter does not wish to be sensationalist, but the number of industries and critical systems that are based around these technologies that could be damaged by new exploits found in this source code is something that doesn't bare thinking about.

We ask that for the wider benefit of the IT community that members and readers support Microsoft by forwarding anything they know about the leak to the Microsoft's Anti-Piracy department

That's the whole article. There's a discussion about this at Slashdot if you'd like to take a look at further developments.


Wow. If this is true... Just... Wow. Imagine the implications that this could have - especially the people who are developing VM's to run Windows proggy's under Linux. From what I gather, there is a file out there called "Windows.Source.Code.w2k.nt4.wxp.tar" which supposedly contains the source code...

 

If Microsoft could prove that your code was influenced by what you'd seen in theirs, you could be in for some serious legal problems. Even if they couldn't prove it, just a lawsuit would be trouble enough.

 

The code would have to be very close to theirs. This is something linux is very good about (generally speaking)... finding faster, better, effecient, completely different ways of doing the same things the original code did (see: SCO/UNIX)

This is going to get VERY interesting if it's true. /me prays, jumps for joy, and hides for his safety.
Man...

Edit: Contact me for more info I'm not going to say I'm dling it, but I might know how to get it...

Edit2: File listing Here

Edit3: (00:19 GMT)
http://www.eweek.com/article2/0,4149,1526390,00.asp
http://www.infoworld.com/article/04/02/12/HNmicroleak_1.html
also pictures of the zip directory
http://www.xs4all.nl/~reije081/xp00.png
http://www.xs4all.nl/~reije081/xp01.png

 

Allthough this is devistating news for microsoft and anybody owning a copy of 2k or NT (and possably any other OS baised upon the two), just think of the good things that could come from this (for microsoft). I mean, if they are doing this themselfs, I commend them, as this would have to be the best damned marketing ploy for a new version of windows. Think about it, you have a few hundred thousend people using one of your operating systems and they refuse to upgrade, thus causing you to lose money (in a company that is slowly seeing a loss in sales), so what do you do? You make all previous versions of your operating systems so vonerable that a 6 year old could completely wipe out your system with the stroke of a few keys. And I'll bet ya a few months from now, once a ton of exploits come out for 2k and NT, microsoft will release another OS, and they'll claim they've made it bulletproof, and that it is completely it's own system, and nothing like the previous "vonerable" systems we're. I say not poor microsoft, I say damn good move microsoft. Ponder upon it.

 

Let's just say a little birdie showed me very detailed pictures of everything about it...

It's definitely real. Only partial, but real.

 

Isn't Kaz.... Err I mean, arn't little birdies wonderful? Anyways, if it is true, then I believe 100% that it was infact leaked by microsoft as a ploy to get people to upgrade. Makes perfect sense to me, what about you?

 

There are two ways it would make sense for M$ to release it.
If:
A) They have a new OS ready, ground-up.
B) Longhorn will patch all of the holes this opens up.
Note that both of these are unlikely

Another possibility I see is some kid at microsoft and/or at one of the schools with rights to the source want M$ to build a new OS from the ground up and this is the only way to show Bill that his code from 1990 isn't worth much anymore...

Finally, my last theory is that this is Bill's way of hitting below the belt in his fight against Open Source. He'll say that the Open Source community stole the code and/or that some kind of "operative" for the Open Source community leaked it from within M$ and/or one of the schools with rights.

These are my thoughts, I think we'll see M$'s official stance in the morning (around 3-5PM GMT)... if they don't give an official stance when they open, we'll know there are problems. I'm beginning to wonder what their stocks are going to do at open...

 

I was talking about this on #bit-tech earlier. If you are involved in any OSS project I suggest you stay far far away from this.

It's unfortunate because no white hats have the right to go in there and look around, even send Microsoft a fix or two. However black hats will most likely tear it up and probably find some pretty nasty flaws in the code.

I guess I should probably fix Gentoo or stick to fBSD for a while .

 

I was planning on sticking SuSE for the next couple months...

As for white hats not being able to deal with it, I would suggest otherwise. White hats have been telling M$ about possible holes for years... M$ just usually choses to ignore them... If you see a massive hole you want to tell M$ about, do it anonymously (very very anonymously)...

But I do agree, black hats will be taking a great advantage of this oppourtunity. Going to be a very dreary month or two for windows users...

 

Wow, I finaly found a reasion I'm going to enjoy unplugging for a while



Hey! Heres a thought, we all know how to fix computers right, what happens when, say, 200 million or so computers all go down at the same exact time, and most of them needing desperately to be fixed, why don't we just fix them? Why don't we get the money? Mucho paeso.</bad_mexican_accent>

 

Just as a thought, what I "See" on that "File Listing" appears to be parts of the Shell, and parts of IE's rendering engine, as well as file handlers.

Wasn't this stuff forcibly disclosed to NDA signees as part of the MS Vs DOJ antitrust action?

Maybe someone in the DOJ (Or one of the other third parties) has taken it upon themselves to "Rip MS a new one"...

In other news, SCO finds offending, unlicensed code in leaked Windows source. News at 11!

 

This could seriously **** up XP users too cause its based on some 2k technology. Imagine the influx of virii and secuirty problems! Mebbe time to learn how to use slackware..

 

i have this too, but i decded to delete it seen as peerguardien was going over crazy with the fbi, but now i cant delete the "private" folder :O

 

Just looking through the 'File List' which 'Doesn't Exist', and notice quite a few .EML Files... Chances are there probably virii perhaps? As the names which there called I don't quite fit into the structure of the code, ie,

cv (2).eml
words of wisdom from dennis.eml
desktop.eml
letter to children - 2.eml

and so on...

I know this is something i WON'T be downloading, even though some people I know can 'obtain' this...

 

Call the spelling police!! That'll be 'vulnerable' . . .

Sorry to be pedantic but I can't help it.

 

Hmmm! I wonder how all this will pan out then, shame it's not the entire source, although I won't be going anywhere near it

So Bill, if your code is so good, you won't have anything to worry about, right?

 

Not unless it was coded using Microsoft C++ PlaySchool Edition, which, to be honest, sounds more like it!

It's not security holes which there finding, its that damned Triangle Window!!

 

It's spelt viruses.

It's spelt viruses. I'll ignore the mistake with "security".

The source code for MS Paint is in there somewhere... neat

 

LMAO! Adobe will be after it!
'doc

 

It sure is... and as for those .eml files... they're all 0 bytes I've heard?? Can a file exist and show itself as 0 bytes and not open in a hex editor (it crashes supposedly )

Edit: Also, I'm told there's a:
\private\windows\shell\security...
\private\security...
\private\genx\security...
I'm too lazy to look it up in the list above, but if someone wants to see...

This is some crazy stuff if you ask me. But one could easily make the clock run backward (the analogue one that opens when you double-click the clock on the taskbar), I'm told.

You know, the really sad thing is, no one's seen any code dated newer than 1997... and there's some as old as...
1989
rediculous if you ask me.

Random thought: I wonder why M$ hasn't blamed the open source community yet... it's 7:30 there... guess they're waiting till 8?


Edit again: I don't mean to threadjack, but compare
http://www.cnn.com/2004/TECH/internet/02/13/microsoft.code.ap/index.html
and
http://www.wired.com/news/technology/0,1282,62282,00.html?tw=wn_tophead_4

Whose article IS that? /me searches for other news sources using the same article