William P Genovese Jr, from Connecticut, offered to sell a copy of the stolen code on his web site and instructed buyers, including an investigator from Microsoft and an undercover FBI agent, to pay $20 into a PayPal account in order to gain access to the code.
Genovese, 27, was arrested on Tuesday and charged with the unlawful distribution of a trade secret. If found guilty he could face up to 10 years in prison and a $250,000 fine. He has not been charged with the initial theft of the code.
As soon as the leak was discovered, Microsoft called in the FBI, amid fears that the code could help hackers exploit potential vulnerabilities in the systems affected.
The software giant also launched an internal investigation into the leak and wrote to people downloading the code, warning that it was illegal to post the code, make it available to others, download it or use it.
It is the first arrest to be made in connection with the leak.