You may have read news reports today about a security incident involving the Microsoft corporate network. Here is some information on the incident and what Microsoft is doing about it. Microsoft Corporate Security recently became aware of a hacking incident on the Microsoft Corporate Network, and is moving aggressively to isolate the problem and ensure the security of the network. Although Microsoft Corporate Security is continuing to investigate the incident to determine its full scope, we have no reason to believe that any customers have been or will be affected in any way by the incident.
The best information we have suggests that the scope of the incident may have been much
narrower than originally reported. The hacker may have viewed the source code for a single
future product under development. Contrary to some reports, the product was not a major
product such as Windows ME, Windows 2000 or Office, and our investigation has confirmed that
it has not been modified or corrupted in any way. We have no evidence to suggest that the
hacker gained any other access to any other source code. Similarly, we have no evidence to
suggest that any of Microsoft’s online services have been or will be affected by the incident.
The security breach did not involve a security vulnerability in any Microsoft product. Microsoft is
implementing an aggressive plan to improve the protection of our internal corporate network --
both in the immediate term and in the long term -- and will announce some of these measures in
the near future.
Microsoft is a frequent target of network-based attacks, and Corporate Security actively works
to protect the network against them. Microsoft is working with US law enforcement authorities to
investigate this incident, and will take appropriate action when the responsible parties have been
In sum, this is a deplorable act of industrial espionage, but we anticipate that customers will be
unaffected by it. We are taking appropriate steps to deal with the immediate problem, and are
developing follow-on steps to prevent it from happening again.