SolarWinds hackers accessed Microsoft source code, the company says https://www.reuters.com/article/us-global-cyber-microsoft/solarwinds-hackers-accessed-microsoft-source-code-the-company-says-idUSKBN2951M9

And the MS statement on it https://msrc-blog.microsoft.com/2020/12/31/microsoft-internal-solorigate-investigation-update/

Couple random thoughts on this:

First, Microsoft is not messing around when they say this. Access to Microsoft source code really doesn't critically affect the security of their products.

Sure, it makes reverse-engineering a bit easier, which is probably why the hackers went for it, but hackers can and already do reverse-engineer Microsoft products to look for bugs. In other words, MS customer products aren't security-dependent on the source-code's secrecy.

Next, read-only access via an internal website is a loooooong way from silently compromising the build process, update mechanisms, or code depots in a style similar to the core SolarWinds breach. That would be far more alarming, but no evidence these hackers got close to that.

Random aside: Microsoft already shares a *lot* of product source code with the governments of ~ 45 countries. Which among other things, makes it a lot *less* likely that silent backdoors or unauthorized additions to source code would go unnoticed. https://www.microsoft.com/en-us/securityengineering/gsp

And not the first time Microsoft has lost control of source code. Happened for MS-DOS 3.3, MS-DOS 6, NT 3.5, NT 5.0, CE 6 & 7, Windows 2000, Server 2003 and Windows XP already. The sky didn't fall then either.

So tl;dr is it's interesting in the sense that it confirms Microsoft was genuinely targeted by these hackers. But not not a similar category of intrusion or risk to customers as the rest of the SolarWinds event.

Random other aside: my sincere condolences to the hackers as they desperately try to work out how any of MS' insane build processes work.