32TB of Windows Source Code leaked on-line


Just when things started to go on a smooth path for Redmond’s Pie company regarding security (and not only security – multi platform, IoT, cloud) since Satya Nadella (really big thumbs up for his activity) was pointed as CEO, boom a big blow ….

A huge amount of data, 32TB to be close to reality, of Windows 10 core source code, prerelease Windows 10 "Redstone" builds and unreleased 64-bit ARM flavors of Windows, installation images and blueprints floating around the world wide web can be downloaded from betaarchive.com.

It is not sure where the leak comes from. Windows 10 leaks

The leaked code is Microsoft's Shared Source Kit includes the source to the base Windows 10 hardware drivers plus Redmond's PnP code, its USB and Wi-Fi stacks, its storage drivers, and ARM-specific OneCore kernel code. Normal this type of stuff is accessible for Microsoft, hardware manufacturers, big OEM’s and partners  (probably the leak comes from one of them, or one of its employees  - that is my bet). The source kit is supposed to be available to only "qualified customers, enterprises, governments, and partners for debugging and reference purposes."

Considering that code runs at the heart of the operating system, at some of its most trusted levels, in the hands of wrong people this code makes an easy task to search for vulnerabilities which could be exploited to hack Windows systems worldwide. The confidential Windows team-only internal builds were created by Microsoft engineers for bug-hunting and testing purposes, and include private debugging symbols that are usually stripped out for public releases (for obvious reasons).

Apparently, it looks that is a bigger leak than the several million lines of code from around mid-2000 regarding NT4 and Windows 2000 which happened in 2004.

Soon, probably, the cyber-security field will be very active regarding Windows environment.

As a personal side note: considering how low is security in IoT environments (I see IoT as the future playground for hackers and cyber-bullies) and the good job that Microsoft made with his IoT framework (yes I know it is not perfect - regarding security - and is a good sales promoter for Azure services, but is one of the best at this moment and well structured) this leak is a big blow on security  and  particular on IoT ……

Featured Photo: Lee Campbell


comments powered by Disqus