Windows 10 Source Code Leaked Online
26.6.2017 securityweek OS
A portion of Microsoft’s Windows 10 source code was leaked online this week on an enthusiast website that tracks Windows releases.
The source code, which Microsoft already confirmed to be from the Shared Source Initiative, was supposedly accessible only to OEMs (Original Equipment Manufacturers) and partners.
The code was listed on enthusiast site Beta Archive, but was listed on a free private FTP where numerous archived Windows builds are also present.
As per the rules of the site, only beta builds that have been already superseded by newer releases are accepted, “sourced from various forum members, Windows Insider members, and Microsoft Connect members.” Core source code isn’t accepted on the site.
The leaked source code was stored in a FTP folder called “Shared Source Kit,” and Beta Archive removed it immediately after learning that it might contain sensitive data. Specifically, it removed the folder after an article on The Register came into focus, claiming that several terabytes of internal builds and core source code leaked online.
A Beta Archive admin named Andy also provided some explanation on this action, revealing that they decided to remove the folder from the FTP server, along with listings on the site, to review its content “just in case we missed something in our initial release.” The folder will remain offline until a full review is carried out and its content is deemed acceptable under the site’s rules.
The administrator also explains that the folder was only 1.2GB in size, and that it contained “12 releases each being 100MB,” thus being far smaller than “32TB as stated in The Register’s article.” Being this small, the folder could not possibly cover core source code, the admin also noted.
Apparently, Microsoft already had a look at the contents of said folder and determined that it did contain “a portion of the source code from the Shared Source Initiative.” This means that the code, although not publicly accessible, was already available to Microsoft’s customers looking to license it through the program.
According to Windows Internals Expert Alex Ionescu, only the source code in the ARM Shared Source Kit was leaked in the incident.
<blockquote class="twitter-tweet" data-lang="en"><p lang="en" dir="ltr">No source code has been leaked other than the ARM shared source kit.</p>— Alex Ionescu (@aionescu) <a href="https://twitter.com/aionescu/status/878379371135946752">June 23, 2017</a></blockquote>
<script async src="//platform.twitter.com/widgets.js" charset="utf-8"></script>
The Register article also claimed that “top-secret builds of Windows 10 and Windows Server 2016, none of which have been released to the public,” along with “prerelease Windows 10 "Redstone" builds and unreleased 64-bit ARM flavors of Windows” were also leaked on Beta Archive.
The site indeed lists a great deal of beta Windows builds, some of which weren’t accessible to the public at the time of their release, but accepts only defunct builds, which have been already superseded by newer ones. However, these builds were added to the site over time, and aren’t part of a single large leak.
However, a large number of builds were added on March 24, 2017, when some of the site’s users provided “a lot of Windows releases,” and the incident might be related to the recent arrest of two Britons for “unauthorised intrusion into networks belonging to Microsoft.”
The two supposedly hacked into Microsoft’s network between January and March this year, but no confirmation of a connection with Beta Archive has emerged. Referring to the arrests, the site’s admin said: “we don’t believe there is any connection with this alleged “Windows 10 core source code leak”.”