Someone has leaked what appear to be source code files for operating systems Windows XP and Windows Server 2003.
On the image-based bulletin board 4chan, the files were leaked and they can also be downloaded from file sharing platforms and from torrents. There are tens of gigabytes of files and they also tend to contain source code for older Microsoft operating systems (MS-DOS, Windows NT, Windows CE, Windows 2000), Xbox-related recently leaked files, and conspiracy theories from Bill Gates.
— DEY! (@RoninDey) September 24, 2020
One user reported on 4chan that these files have been “running around for several years now privately.”
The Windows XP and Windows Server 2003 source code files seem to have been made available for the first time. Several people say that the code seems genuine and one enthusiast of infosec points out that for the SP1 update, the leaked Windows XP code appears to be.
Years back, Windows XP and Windows Server 2003 have hit the end of life and end of service. However, Windows XP is still operating on approximately one quarter of computers worldwide, which corresponds to tens of millions of PCs, according to some recent reports.
From a security viewpoint, while the Windows XP source code may be useful for discovering any new bugs in the operating system, threat actors have plenty of known exploits to chose from if they choose to attack computers running Windows XP.
However, others found out that portions of the code in Windows XP possibly made it into Windows 10 as well, which may have more significant repercussions.
The source code for Windows operating systems, on the other hand, is not a tightly kept secret, as others have pointed out. Microsoft has given Windows source code access to several organisations , particularly for transparency purposes. It’s also worth remembering that a few years back, some Windows 10 source code was leaked online as well.
Nevertheless, in the leaked files, several people still appear to have discovered “important material”.
That leak is already turning up some interesting stuff, like the NetMeeting user certificate root signing keys. pic.twitter.com/yAv7shpJXA
— Graham Sutherland (Polynomial^DSS) (@gsuberland) September 25, 2020