Last updated: Feb. 20, 2004, 12:00 p.m. PST
REDMOND, Wash., Updated, Feb. 20, 2004 — On Thursday, February 12, Microsoft became aware that portions of the Microsoft Windows 2000 and Windows NT 4.0 source code were illegally made available on the Internet. Subsequent investigation has shown this was not the result of any breach of Microsofts corporate network or internal security, nor is it related to Microsofts Shared Source Initiative or its Government Security Program, which enable our customers and partners, as well as governments, to legally access Microsoft source code. Microsoft reaffirms its support for both the Shared Source Initiative and the Government Security Program.
Microsoft continues to work closely with the U.S. Federal Bureau of Investigation and other law enforcement authorities on this matter. Microsoft source code is both copyrighted and protected as a trade secret. As such, it is illegal to post it, make it available to others, download it or use it. Microsoft will take all appropriate legal actions to protect its intellectual property. These actions include communicating both directly and indirectly with those who possess or seek to possess, post, download or share the illegally disclosed source code.
Specifically, Microsoft is sending letters explaining to individuals who have already downloaded the source code that such actions are in violation of the law. Additionally, Microsoft has instituted the use of alerts on several peer-to-peer clients where such illegal sharing of the source code has taken place. These alerts are designed to inform any user who conducts specific searches on these networks to locate and download the source code that such activity is illegal.
Questions about the ongoing investigation should be referred to the FBI.
On Monday, February 16, Microsoft began investigating a reported exploit on versions of Internet Explorer allegedly discovered by an individual studying the leaked source code. This exploit is a known issue that Microsoft had discovered internally and addressed with the latest release of Internet Explorer -- Internet Explorer 6.0 Service Pack 1. Customers running Windows 98, Windows Millennium, Windows NT 4.0, Windows 2000, and Windows XP should upgrade to the latest version of Internet Explorer, Internet Explorer 6.0 Service Pack 1, with all updates at http://windowsupdate.microsoft.com . Customers running Windows XP Service Pack 1 or Windows Server 2003 who have installed all of the latest updates are not impacted by this reported exploit because Windows XP Service Pack 1 and Windows Server 2003 both include Internet Explorer 6.0 Service Pack 1.
We are committed to helping our customers protect their networks and will take all appropriate steps to meet this commitment. Microsoft continues to recommend that customers stay up to date with the latest security updates and service packs.
For security guidance, best practices, and ongoing updates, business customers should go to http://www.microsoft.com/security . Consumers should go to http://www.microsoft.com/protect to help them protect their PCs and to easily enable automatic updates.
Founded in 1975, Microsoft (Nasdaq "MSFT") is the worldwide leader in software, services and Internet technologies for personal and business computing. The company offers a wide range of products and services designed to empower people through great software -- any time, any place and on any device.
Microsoft, Windows, Windows 2000 and Windows NT are either registered trademarks or trademarks of Microsoft Corp. in the United States and/or other countries.
The names of actual companies and products mentioned herein may be the trademarks of their respective owners.
Note to editors: If you are interested in viewing additional information on Microsoft, please visit the Microsoft Web page at http://www.microsoft.com/presspass/ on Microsoft's corporate information pages. Web links, telephone numbers and titles were correct at time of publication, but may since have changed. For additional assistance, journalists and analysts may contact Microsoft's Rapid Response Team or other appropriate contacts listed at http://www.microsoft.com/presspass/contactpr.asp .