Microsoft Is ‘Investigating’ the Windows XP Source Code Leak

Last week, the source code of Windows XP, an outdated Microsoft operating system, was leaked online giving rise to security concerns in Windows 10 which uses legacy code from Windows XP. A security researcher predicts PCs still running Windows 10 are susceptible to malicious attacks.  

 Microsoft is known to run a pretty tight ship when it comes to the end-user agreements and licensing for its software products. Yet, its operating systems (OS) productivity suites and client software are subject to wide-scale piracy globally. However, it has always managed to fend off attacks from threat actors who want to get their hands on the source code. Not anymore, it seems.

As reported by VergeOpens a new window , Microsoft’s source code for Windows XP and Windows Server 2003 was leaked online on Friday and the files are available through a torrent on image-sharing forum 4chan.  

Besides Windows XP, the leak also contains the source code of the following: 

• Windows Server 2003
• MS DOS 3.30
• MS DOS 6.0
• Windows 2000
• Windows CE 3
• Windows CE 4
• Windows CE 5
• Windows Embedded 7
• Windows Embedded CE
• Windows NT 3.5
• Windows NT 4

Infosec researcher and reverse engineer Greg LinaresOpens a new window confirmed the legitimacy of the Windows source code on Twitter.

The Windows XP SP1 source code leak looks pretty legit

Thanks to @RoninDeyOpens a new window for confirming https://t.co/A2Ap1fKX5x

— Greg Linares (@Laughing_Mantis) September 24, 2020Opens a new window

See Also: 8 Cybersecurity Gaps in Windows 10 That Hackers Can Exploit

This is reportedly the first time source code for Windows XP has leaked on the internet. The hacker behind the leak posted the entire contents, totaling 43 GB in size, in the form of a torrent file over popular image-sharing forum 4chan.  According to Hacker NewsOpens a new window , the hacker behind the leak said, “I created this torrent for the community, as I believe information should be free and available to everyone, and hoarding information for oneself and keeping it secret is an evil act in my opinion.” 

Throwing shade on Microsoft’s commitment to open source, the hackers commented, “Then I guess they’ll love how open this source code is now that it’s passed around on BitTorrent.”

At its most basic, source code is a set of human-readable instructions and statements coded by a programmer/developer using a programming language. This code is at the center of what the computer does and translates instructions into machine language with a compiler. As one can imagine, source code provides the guidelines for a computer regarding what exactly it needs to do.

Technical support and assistance for Windows XP was discontinuedOpens a new window by Microsoft in 2014, although it still powers just over 1% of the total computersOpens a new window worldwide. This means it is still running on millions of computers. If that’s not concerning enough, the OS lends parts of its code relevant to security, to Windows 10, the most popular OS presently. Malicious actors can learn about the bugs in Windows XP codebase and replicate them to exploit Windows 10.

A portion of the Windows 10 source code was also leaked a few years ago. It is unclear whether the present leak, along with that of 2017, will raise any additional problems for Windows 10 users. But since the 2017 Windows 10 leak was not publicly accessible, it is unlikely to result in a spate of malicious activities. 

Security protocols used in Windows XP are shared with Windows 10, making it susceptible to cyberattacks. Security researcher Graham Sutherland says he already found the user certificate root signing keys for NetMeeting, a VoIP and videoconferencing client in the source code.

The leak also revealed how the Redmond giant tried imitating macOS through an Apple-looking theme.

Microsoft created a secret Windows XP theme that made the operating system look more like a Mac. A recent Windows XP source code leak has revealed Microsoft's early work on the operating system and some unreleased themes the company created during its early XP development. pic.twitter.com/ruMbjQDhnAOpens a new window

— Time Screen (@TimeScreen1) September 26, 2020Opens a new window

See Also: Microsoft’s Long List of Patch Tuesday Includes 32 RCE Flaws

Aside from the security risks stemming from the 20-year-old OS, the leak contains files that look more like targeted disinformation campaigns against Microsoft. Oddly enough, among the contents of the leak are conspiracy theories regarding Microsoft co-founder and former CEO Bill Gates. Tucked inside the files is a documentary Bill Gates’ Plan to Vaccinate the World, probably intended as a part of a disinformation campaignOpens a new window against him. The leak also includes another documentary The Code: The Story of Linux, suggesting that ideological differences could have inspired this malicious act. 

Microsoft told BleepingComputerOpens a new window that they “are investigating the matter.”

Did you like this news? Comment below or let us know on LinkedInOpens a new window , TwitterOpens a new window , or FacebookOpens a new window . We’d love to hear from you!