Microsoft spokesman Tom Pilla said in an interview with The Associated Press that some incomplete portions of the Windows 2000 and Windows NT 4.0 source code had been "illegally made available on the Internet."
Access to the source code could allow hackers to exploit the operating system and attack machines running some versions of Windows. Several versions of the operating system, including the ones containing leaked code, are used on hundreds of millions of computers worldwide.
Such access could also provide a competitive edge to Microsoft rivals, who would gain a much better understanding of the inner workings of Microsoft's technology.
The company was made aware of the leak Thursday and was investigating, Pilla said. He did not know how much of the code had been leaked, when the leak occurred or how many people might have gained access to it. The company could not immediately pinpoint the source of the leak, and has contacted law enforcement authorities, he said.
Pilla said there was no indication the leak was a result of a breach of Microsoft's corporate network. There was no known immediate affect on Microsoft customers, he said.
Microsoft has previously shared some of its source code with some companies, U.S. government agencies, foreign governments and universities under tight restrictions that prevent such organizations from making it publicly available. But the company has argued that the blueprint to its operating system is proprietary, and shouldn't be made public.
Still, because some people outside Microsoft have had access to the code, analysts said it wasn't too surprising for such a leak to occur.
"I don't understand why it hasn't happened sooner, because there are so many (organizations) out there that have access to the source code," said Marc Maiffret of eEye Digital Security Inc., of Aliso Viejo, Calif.
But analysts and security experts cautioned that it was hard to assess the potential damage the leak could cause, since so few details were available.
"Frankly, I'm not sure anybody can fully assess that, other than Microsoft," said Al Gillen, research director for systems software at research group IDC.
The leak could put more Windows users at risk because it opens the door to more people finding vulnerabilities in Microsoft's code - and using them in malicious ways, Maiffret said. That could, in turn, wreak havoc on Microsoft's ability to respond with fixes in a controlled manner.
But he cautioned that it was too early to say whether such a major threat existed.
Some experts said it seemed more likely the leak could be most valuable to Microsoft rivals.
"What people could learn from it has the potential to make other organizations that are building competing products ... make products that can compete with (Microsoft) more effectively," Gillen said.
But others noted that the greatest damage may be to Microsoft's reputation.
"It seems unlikely this is going to create a material, significant security problem," said Rob Enderle, a technology expert and principal analyst with the Enderle Group. "It's more embarrassing than anything else because it makes it look like Microsoft can't control its code."