[German]The source code for Windows XP SP1 and other versions of the Microsoft operating system was leaked a few hours ago as a torrent. The source code should be a treasure trove for people looking for vulnerabilities in Windows.
Advertising
On Twitter a good 8 hours ago there were probably first hints of the kind "The Windows XP source code was leaked online today" and tweets with the text:
We do not share leaks. However, you're free to try the method suggested in this attached image.
The colleagues from Bleeping Computer have just pointed out another Twitter user who isn't (probably) the source of the leak, but got his hands on the leak. The person (Ronin Dey) writes that someone claims to have spent the last two months putting together a collection of the Windows XP source code (that has circulated secretly in hacker communities).
The leaker has published the source code in a 43 GB torrent. Ronin Dey confirms that in addition to the torrents, a source code archive of 2.93 GByte is also available on a website (see the tweets below). He says that the source code looks 'pretty genuine', but that's no proof.
Advertising
Meanwhile parts of the source code as .7z archives probably appear on Mega. According to Bleeping Computer, the torrent allegedly contains the source code for Windows XP as well as the source code for Windows Server 2003 and a selection of older versions of various Microsoft operating systems. The content of the torrent includes:
MS DOS 3.30
MS DOS 6.0
Windows 2000
Windows CE 3
Windows CE 4
Windows CE 5
Windows Embedded 7
Windows Embedded CE
Windows NT 3.5
Windows NT 4
The torrent is also said to contain a media folder with a bizarre collection of conspiracy theory videos about Bill Gates. There is currently no confirmation from Microsoft on a request from Bleeping Computer whether the source code is genuine. I don't publish links to that archives here.
If the source code of this leak is genuine, this naturally raises the question whether security researchers will find vulnerabilities that are still present in current versions of Windows. It would not be the first time that 30 year old vulnerabilities have been found.
In 2004 there were already reports that parts of the source code of Windows had become public (see this German ZDNet article).
Addendum: The site gizmodo.com.au has more details here.
