Microsoft claims to love open source – this alleged leak of Windows XP code is probably not what it had in mind, tho
Software giant is 'investigating', infosec gurus reckon it looks legit
The source code for Windows XP and other elderly Microsoft operating systems appears to have leaked online as the mega-corp's Ignite developer shindig came to an end.
Heck, there's no physical swag for attendees nowadays so how about a big ol' source dump?
The source of the alleged code leak is unclear; a torrent for the archive popped up on internet armpit 4chan and contains what appears to be Windows XP Service Pack 1, as well as some other past-their-sell-by-date flavours of Microsoft's greatest hits.
The Microsoft source boat is infamously leaky and unseaworthy. Chunks of Windows code seeped out from under the door in 2017, giving those not in the magic Microsoft circle an insight into how the company's systems work. Another leak, in 2004, saw bits of Windows NT4 and 2000 source from the turn of the century nose their way into the sunlight.
This week's leak looks both relatively complete and the real thing, according to experts. However, that could change as those with the skills dig into what has been exposed.
A Microsoft spokesperson told The Register: "We are investigating and will take appropriate action to help keep customers protected."
Microsoft leaks 6.5TB in Bing search data via unsecured Elastic server. *Insert 'Wow... that much?' joke here*READ MORE
Support for Windows XP finally came to an end in 2014, although the Windows POSReady 2009 (beloved by our bork pages and based on Windows XP SP3) lingered on until 2019. Support for Service Pack 1, which is what this leak appears to be, ended in 2006.
Service Pack 2, which debuted in August 2004, was the one where Microsoft took some determined efforts to deal with XP's habit of welcoming attackers with open arms. SP2 added a firewall user interface, and the Security Center.
As miscreants pore over the source in search of new and exciting exploits for old machines, many may shrug and point out that XP, bar the POS version, is long out of support and only a fool would still entrust the venerable OS with any task other than target practice.
That said, back in March we revealed the operating system was still at work within the bowels of the UK's Ministry of Justice, and we doubt Blighty is alone in having the code still knocking around the place. We'll draw a veil over the whole NHS thing.
While parts of Microsoft may have embraced open source with the fervour of the born again, MICROS~1 keeps the code of its operating systems secret (unless one is a government or hardware maker and asks really nicely). As such, it is tricky to know just how much legacy code from Windows XP might be lurking in the damp basement of its newest and shiniest.
The alleged leak aside, the incident is a reminder for those still running the elderly operating system that the time to migrate to pastures new is well overdue. And for others, an excuse for a bit of sport: below is apparently part of the SMB code that was exploited by the NSA's EternalBlue tool that was later stolen and leaked online and used by the WannaCry ransomware. Given the security warnings in the routine's code comments, if we were a government agency with access to the source code, this is probably where we'd start looking for bugs... ®
Warning: 27 years from now, a bug in this function will be used by EternalBlue.— Tamas Boczan (@tamas_boczan) September 24, 2020
The Windows XP source code leak is a welcome surprise. pic.twitter.com/M1MQpuyugm