Massive Windows Code Leak confirmed by Microsoft

Last Friday, a bombshell report claimed that a massive leak of the Windows source code had taken place and was now available online. That leak — claimed to be 32TB — would represent an absolutely enormous amount of Windows code, dwarfing the Windows 2000 leak that occurred in 2004.

New details suggest that the leak may not represent the mammoth security breach initially implied.

The Register, which broke the story, claims that the code is from Microsoft’s Shared Source Kit and includes “the source to the base Windows 10 hardware drivers plus Redmond’s PnP code, its USB and Wi-Fi stacks, its storage drivers, and ARM-specific OneCore kernel code.” The site goes on to note that this information can be scoured for security vulnerabilities, which could then be used to attack Windows from new vectors that weren’t previously known. That’s true, as far as it goes, and it’s one reason why security audits on source code are so important (and also extremely time-consuming and difficult).

But there’s been some pushback on just how large the leak is and what new data it contained. Rather than the 8TB upload that decompressed into 32TB, the owner of Beta Archive revealed that the source code upload was just 1.2GB, notes The Verge. The Shared Source Kit does contain private debug symbols and a great deal of information that Microsoft only shares with trusted partners. The leak also included the Windows 10 Mobile Adoption Kit, some Creators Update information (this would be data from builds that have already shipped), and some ARM-based information as well.

Microsoft has confirmed that the leak was genuine, but has not confirmed details on what was leaked or how much information was compromised. The Beta Archive site voluntarily removed the leaked material as soon as it realized what had been uploaded.

The bigger concern for Microsoft likely isn’t the data itself, but the fact that hackers penetrated its systems in the first place. Even if the 32TB quoted by the Register is incorrect, sensitive information normally shared only with trusted partners was briefly available to a much larger audience. Microsoft undoubtedly has questions about how that happened, and where the leaks came from.

Two men have been arrested in the UK for allegedly hacking into Microsoft’s servers. But it’s not clear if they’re accused of the data breach that led to this specific set of leaks. Microsoft has also remained mum on any new security measures it has taken or plans to take to prevent this from happening again.

*source: ExtremeTech.com

Related articles

Choosing the Right Ethernet Cable: CAT 6, CAT 7, or CAT 8?

Choosing the Right Ethernet Cable: CAT 6, CAT 7, or CAT 8?

If your organization wants to upgrade its Ethernet cables for better connectivity, it's important to understand the differences between the options available: CAT 6, CAT 7, and CAT 8. Ethernet cables help speed up data transfers between devices. That's why businesses...

7 Business Security Tips and Best Practices for the Holiday Season

7 Business Security Tips and Best Practices for the Holiday Season

The holiday season is a time of joy and increased business activity, but it also poses security risks that businesses must address. Cyberattacks and fraud attempts are more prevalent during this time. To help you protect your business and customer data, here are seven...

We Offer Comprehensive Services for Columbus Businesses

blue network cables

Network Cabling

We design, install, update and maintain voice & data networks.

Learn More →

Fiber Optics

Upgrade to fiber and accelerate your network to light speed.

Learn More →

VOIP System

Today’s VOIP delivers crystal clarity and call management.

Learn More →

WIFI Solutions

Add secure wireless network to your enterprise, SMB or coffee shop.

Learn More →

Security Systems

Protect your team and assets with surveillance,  recording, and alerts.

Learn More →

IT Services

Cloud Services, Managed ​IT Services and BITS rescue.​

Learn More →

error: Content is protected !!
Share This