On Thursday, February 12, Microsoft became aware that portions of the Microsoft Windows 2000 and Windows NT 4.0 source code were illegally made available on the Internet. Subsequent investigation has shown this was not the result of any breach of Microsoft’s corporate network or internal security, nor is it related to Microsoft’s Shared Source Initiative or its Government Security Program, which enable our customers and partners, as well as governments, to legally access Microsoft source code.
Microsoft continues to work closely with the U.S. Federal Bureau of Investigation and other law enforcement authorities on this matter. Microsoft source code is both copyrighted and protected as a trade secret. As such, it is illegal to post it, make it available to others, download it or use it. Microsoft will take all appropriate legal actions to protect its intellectual property. Questions about the investigation should be referred to the FBI.
On Monday, February 16, Microsoft began investigating a reported exploit on versions of Internet Explorer allegedly discovered by an individual studying the leaked source code. This exploit is a known issue that Microsoft had discovered internally and addressed with the latest release of Internet Explorer—Internet Explorer 6.0 Service Pack 1.
We are committed to helping our customers protect their networks and will take all appropriate steps to meet this commitment. Microsoft continues to recommend that customers stay up to date with the latest security updates and service packs. Customers running Windows 98, Windows Millennium, Windows NT 4.0, Windows 2000, and Windows XP should upgrade to the latest version of Internet Explorer, Internet Explorer 6.0 Service Pack 1, with all updates at http://windowsupdate.microsoft.com. Customers running Windows XP Service Pack 1 or Windows Server 2003 who have installed all of the latest updates are not impacted because Windows XP Service Pack 1 and Windows Server 2003 both include Internet Explorer 6.0 Service Pack 1.
For security guidance, best practices, and ongoing updates, business customers should go to http://www.microsoft.com/security. Consumers should go to http://www.microsoft.com/protect to help them protect their PCs and to easily enable automatic updates.