As we mentioned yesterday, the source code of several Microsoft Windows 10 builds and tools were leaked to Internet. According to the company, the potential damages from the breach may be limited.
Windows 10 the leak:
The Register first published the leak on June 23 and reported that up to 32TB of "official and non-public (Windows 10) installation images" had been uploaded to BetaArchive.com. BetaArchive is called "the beta collector community" and "one of the largest Beta & Abandonware repositories!"
The leaked code may date back to March 2017, according to Reg, and is reportedly part of Shared Source Microsoft kit. Includes source code for Windows 10 core drivers, PnP code, USB and WiFi stacks, storage drivers, and code for ARM OneCore kernel. "
The builds of Windows 10 and Windows Server 2016 have never been released to the public. Internal builds were created by the Windows team only for Microsoft engineers for trial and debugging purposes, which usually do not exist in public releases.
This software includes, for example, pre-releases of Windows 10 “Redstone” and 64-bit ARM builds of Windows. Too many versions of those leaked online have been recalled by Microsoft because of the mechanism Secure Boot.
In the tweet below, you can see images from the leaked files
Windows 10 leak: Beta Archive has removed the private MS files from its FTP. Here's examples of non-public stuff that was dumped online pic.twitter.com/WULYM7me7U
- The Register (@TheRegister) June 23, 2017
BetaArchive has already downloaded according to the owner of the 1,2 TB code of Windows 10 according to the original report.
The "Shared Source Kit" folder existed on FTP until the Register article was released. We removed it from FTP and our lists. ”
Microsoft, for its part, confirmed the leak by saying:
"Our review confirms that these files are part of the source code from the Shared Source Initiative, and are used by OEMs and partners."
Through the Shared Source Initiative, Microsoft authorizes source code for various of its products to certain "specialized" customers, governments and partners for debugging purposes.
Windows 10 leak: The Counter
Let's mention Windows 10 Shared Source Kit means the source code that is shared.
Another leak from The Verge claims that "most of the collection (of leaked files) was available for months or even years."
The publication from the UK Reigster claims that 32 TB was leaked data. but The Verge claims that most of that 32TB has been online for years, and that the new leak is actually much smaller at just 1,2GB.
Reigster claims that this leak is even greater than the famous 2004 source code of Windows 2000, but The Verge disagrees.
Verge seems to be correct because the leakage of this source code seems to be secondary and uninteresting, as it includes files related to USB, storage, and Wi-Fi only Windows 10 drivers.
These files were already shared by Microsoft on computer manufacturers and other partners (OEMs, businesses and governments), while leakage of 2004 was huge.
I do not think anyone would argue that USB drivers are so important. The only thing that seems to be in the leak is the ARM OneCore kernel, but if it belongs to the Windows 10 Shared Source Kit, it's already Shared by the company itself.
Verge tries to link one incident: Yesterday, two men in the United Kingdom were arrested who had gained unauthorized access to the Microsoft network.
These two men apparently gathered internal Windows 10 Insider Preview internal updates that were never given to external testers and then put them on the Internet. Most of these 32 GB of the Windows 10 leak was obviously these builds, rather than their source code.
What really happened, we will probably learn about it in the next few days. Of course we do not expect to know what happened from Microsoft itself, as a possible leakage of the Windows 10 source code would mean the end of the highly-advertised operating system. Unless the company does it Open Source.
I can then reinstall Windows on my computers.