Windows XP Source Code leaked

[German]The source code for Windows XP SP1 and other versions of the Microsoft operating system was leaked a few hours ago as a torrent. The source code should be a treasure trove for people looking for vulnerabilities in Windows.


On Twitter a good 8 hours ago there were probably first hints of the kind “The Windows XP source code was leaked online today” and tweets with the text:

We do not share leaks. However, you’re free to try the method suggested in this attached image.

Windows XP Source-Code-Leak

The colleagues from Bleeping Computer have just pointed out another Twitter user who isn’t (probably) the source of the leak, but got his hands on the leak. The person (Ronin Dey) writes that someone claims to have spent the last two months putting together a collection of the Windows XP source code (that has circulated secretly in hacker communities).

Windows XP Source-Code-Leak

The leaker has published the source code in a 43 GB torrent. Ronin Dey confirms that in addition to the torrents, a source code archive of 2.93 GByte is also available on a website (see the tweets below). He says that the source code looks ‘pretty genuine’, but that’s no proof.


Windows XP Source Code Leak-Tweets

Meanwhile parts of the source code as .7z archives probably appear on Mega. According to Bleeping Computer, the torrent allegedly contains the source code for Windows XP as well as the source code for Windows Server 2003 and a selection of older versions of various Microsoft operating systems. The content of the torrent includes:

MS DOS 3.30
MS DOS 6.0
Windows 2000
Windows CE 3
Windows CE 4
Windows CE 5
Windows Embedded 7
Windows Embedded CE
Windows NT 3.5
Windows NT 4

The torrent is also said to contain a media folder with a bizarre collection of conspiracy theory videos about Bill Gates. There is currently no confirmation from Microsoft on a request from Bleeping Computer whether the source code is genuine. I don’t publish links to that archives here.

If the source code of this leak is genuine, this naturally raises the question whether security researchers will find vulnerabilities that are still present in current versions of Windows. It would not be the first time that 30 year old vulnerabilities have been found.

In 2004 there were already reports that parts of the source code of Windows had become public (see this German ZDNet article).

Addendum: The site has more details here.

Cookies helps to fund this blog: Cookie settings

This entry was posted in Windows and tagged , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *