Front-page

UPDATE: 32TB of Windows source code and betas have NOT been leaked

bbbbbbbbbbbbbb.png

It seems a huge amount of Windows software has been leaked, from an internal source. 32 terabytes of data, including, but not limited to beta copies of Windows 10, developer software, and potentially the most important of them all-- source code. UK news site, The Register, were the ones to initially break the story, claiming that these confidential testing builds and other data came from a source inside Microsoft, back in March 2017. The files were then uploaded on June 19, to Beta Archive, though they were removed shortly after. With the "shared source code kit" being available to the public, this means that users may be able to better customize Windows to their liking, but it also comes with the fact that this leaves users' security vulnerable and compromised, if one manages to use the source code to create a dangerous virus or exploit. The source below contains more intricate details on the matter.

The leaked code is Microsoft's Shared Source Kit: according to people who have seen its contents, it includes the source to the base Windows 10 hardware drivers plus Redmond's PnP code, its USB and Wi-Fi stacks, its storage drivers, and ARM-specific OneCore kernel code.

Anyone who has this information can scour it for security vulnerabilities, which could be exploited to hack Windows systems worldwide. The code runs at the heart of the operating system, at some of its most trusted levels.

This software includes, for example, prerelease Windows 10 "Redstone" builds and unreleased 64-bit ARM flavors of Windows. There are, we think, too many versions now dumped online for Microsoft to revoke via its Secure Boot mechanism, meaning the tech giant can't use its firmware security mechanisms to prevent people booting the prerelease operating systems.
Click to expand...

EDIT: response from a Beta Archive admin

First of all let us clear up a few facts. The “Shared Source Kit” folder did exist on the FTP until this article came to light. We have removed it from our FTP and listings pending further review just in case we missed something in our initial release. We currently have no plans to restore it until a full review of its contents is carried out and it is deemed acceptable under our rules.

The folder itself was 1.2GB in size, contained 12 releases each being 100MB. This is far from the claimed “32TB” as stated in The Register’s article, and cannot possibly cover “core source code” as it would be simply too small, not to mention it is against our rules to store such data.

At this time all we can deduct is that The Register refers to the large Windows 10 release we had on March 24th which included a lot of Windows releases provided to us, sourced from various forum members, Windows Insider members, and Microsoft Connect members. All of these we deemed safe for release to BetaArchive as they are all beta releases and defunct builds superseded by newer ones, and they were covered under our rules.

If any of this should change we will remove these builds from the FTP and we will happily comply with any instructions to do so by Microsoft.
Click to expand...

:arrow: Source
 
  • Like
Reactions: Laroon, CaptainSwag101, HamBone41801 and 24 others
Click to expand...
the_randomizer

the_randomizer

The Temp's official fox whisperer
Member
Level 27
Joined
Apr 29, 2011
Messages
31,284
Trophies
2
Age
38
Location
Dr. Wahwee's castle
XP
18,969
Country
United States
Last edited by the_randomizer,
  • Like
Reactions: aldo220
Taleweaver

Taleweaver

Storywriter
Member
Level 19
Joined
Dec 23, 2009
Messages
8,689
Trophies
2
Age
43
Location
Belgium
XP
8,087
Country
Belgium
32 terabytes? Damn... Even by today's standards that takes a while to copy. Someone sure was confident not to get caught.

The source code part is interesting... this might lead to a scandal if there are backdoors for the NSA.

TotalInsanity4 said:
Can't wait until whateverthehellthatopensourcewindowsalternativeprojectwas gets a chance to study this
Click to expand...
ReactOS? I was thinking that way as well, but wine development could benefit from it as well
 
  • Like
Reactions: TotalInsanity4 and Deleted User
Psionic Roshambo

Psionic Roshambo

Well-Known Member
Member
Level 13
Joined
Aug 12, 2011
Messages
2,246
Trophies
2
Age
50
XP
3,346
Country
United States
This is not good, I would recommend using a 3rd party AV and Firewall ASAP if your on Windows, turn off any services you are not actively using and in general trying to shrink your threat vectors.
 
HaloEliteLegend

HaloEliteLegend

Zzzz
Member
Level 12
Joined
Oct 17, 2015
Messages
1,726
Trophies
1
Location
Seattle, WA
Website
harshamohite.com
XP
3,135
Country
United States
Psionic Roshambo said:
This is not good, I would recommend using a 3rd party AV and Firewall ASAP if your on Windows, turn off any services you are not actively using and in general trying to shrink your threat vectors.
Click to expand...
Only 1.2 GB was actual "source code" and it turns out most of it was for ancillary Windows drivers. No one's security should be compromised as a result of this, thankfully.
 
  • Like
Reactions: Deleted User and TotalInsanity4
Taleweaver

Taleweaver

Storywriter
Member
Level 19
Joined
Dec 23, 2009
Messages
8,689
Trophies
2
Age
43
Location
Belgium
XP
8,087
Country
Belgium
Pluupy said:
So what could come of this for Windows users?
Click to expand...
To be honest: I don't think that much will happen. Remember that NSA leaks with backdoors that were leaked before? It took months before wannacry hit, and even that only damaged outdated computers.

The thing with source code is that it's not that hard to recognize a fatal flaw when you know it's there, but it's an entirely different thing if you don't even know it exists in the first place. Besides: it's not like the errors that are there allow direct abuse over the entire system. It only appears that way because it's these kind of errors (or rather: malware that abuses it) that get noticed and potentially even make the news.

I won't lie: the source code is a very valuable thing for hackers looking to abuse the system. However...thus far these were the only hackers who had a motive to look for them. With the source code revealed, it is also available to security departments of software companies. Up to this point, their work was mostly reactionary: find breaches, document them as detailed as possible and report it to microsoft in the hopes they have a better understanding of things. Now they can look at code as well, suggesting improvements before someone else abuses it.
(of course MS still has to listen, but in my experience, the ones doing the actual coding are more pragmatic than managers who want to hide all traces of this source code leak and thus ignore valuable feedback).
 
Jayro

Jayro

MediCat USB Dev
Developer
Level 26
Joined
Jul 23, 2012
Messages
12,976
Trophies
4
Location
WA State
Website
ko-fi.com
XP
17,012
Country
United States
ihaveamac said:
no it won't. the Wine project does not use code from leaked Windows source because that would cause major legal issues. much like the win2k leak they will probably investigate every code contribution made, and who's making it, else something from the leaked source makes it in and the project is sued.

https://www.reddit.com/r/linux/comments/1j5q71/did_the_windows_2000_source_leak_contribute_in/
Click to expand...
They don't have to copy-pasta the code, but they could very-well understand what it does, learn from it, and write their own. There's a very defined line between stealing code, and writing your own from looking at someone else's code. (Assuming you didn't plagarize the code line-for-line, of course)
 
  • Like
Reactions: Deleted User and TotalInsanity4
ihaveahax

ihaveahax

Well-Known Member
Member
Level 18
Joined
Apr 20, 2015
Messages
6,069
Trophies
2
XP
7,829
Country
United States
Jayro said:
They don't have to copy-pasta the code, but they could very-well understand what it does, learn from it, and write their own. There's a very defined line between stealing code, and writing your own from looking at someone else's code. (Assuming you didn't plagarize the code line-for-line, of course)
Click to expand...
just reading the source could be dangerous for the project. if they even accepted code from anyone who had access to it that could still cause legal issues. Wine (and ReactOS) devs said they never looked at the win2k leak, and anyone who has is not allowed to contribute code to the project.

so, this does not benefit these projects in any way whatsoever, it just forces them to be extra vigilant on code changes. Wine devs do not want to do anything with the source code leaks.
 
Last edited by ihaveahax,
  • Like
Reactions: Deleted User and hobbledehoy899

Site & Scene News

Go to forum More news

Popular threads in this forum

Atmosphere CFW for Switch updated to pre-release version 1.7.0, adds support for firmware 18.0.0

Wii U and 3DS online services shutting down today, but Pretendo is here to save the day

GBAtemp Exclusive  Introducing tempBOT AI - your new virtual GBAtemp companion and aide (April Fools)

The first retro emulator hits Apple's App Store, but you should probably avoid it

Pokemon fangame hosting website "Relic Castle" taken down by The Pokemon Company

MisterFPGA has been updated to include an official release for its Nintendo 64 core

Delta emulator now available on the App Store for iOS

"TMNT: The Hyperstone Heist" for the SEGA Genesis / Mega Drive gets a brand new DX romhack with new features

General chit-chat
Help Users
  • No one is chatting at the moment.
    OctoAori20 @ OctoAori20: Nice nice-