Leak of Windows 10 Source Code Raises Security Concerns
Microsoft has confirmed that a significant chunk of its source code for Windows 10 was posted to a repository called BetaArchive. The exact size of the leak has been disputed, but the data reportedly comes from the Shared Source Kit that Microsoft distributes to trusted partners.
First reported by The Register and confirmed by Microsoft on Friday night, the leak contains source code “to the base Windows 10 hardware drivers plus Redmond’s PnP code, its USB and Wi-Fi stacks, its storage drivers, and ARM-specific OneCore kernel code.” With that information, a hacker can hunt for vulnerabilities within some of the most trusted levels of the operating system. The code also reportedly contains the private debugging symbols that are normally stripped from public releases. These symbols give programmers extra information about which functions and data a piece of code is calling.
The Register claimed the data dump was 32 TB large, but BetaArchive tells The Verge that “the source code was just 1.2GB in size.” BetaArchive has removed files from its servers — The Register posted screenshots for the sake of posterity. The Verge claims that a lot of the data has been around for a long time. The fact that BetaArchive administrators say that they were not forced by Microsoft to remove the code could indicate that this leak is not as significant as it seems.