Source Code For Windows XP and Windows Server 2003 Is Leaking All Over The Internet

27/09/2020

Microsoft’s source code for Windows XP and Windows Server 2003 has leaked online.

What makes it interesting is that, the leak originated from 4chan, the online imageboard often associated with internet trolls and extremism.

The source code appeared in the form of a 42.9GB file posted to the notorious forum. In addition to XP and Server 2003, the contents of the torrent include older operating systems like Windows 2000, Embedded (CE 3, CE 4, CE 5, CE, 7), Windows NT (3.5 and 4).

There are also some more files from others too. Like Microsoft’s very first operating system, MS-DOS, as well as the latest, which is Windows 10.

After appearing in 4chan, users of the internet have also published the leaked source code on various file sharing sites, including torrent sites, as well as on Mega file sharing service.

Responding to the media, Microsoft merely stated: “We are investigating the matter.”

Microsoft source code leak

When the news broke, Microsoft has yet to address the leak. But people who have dug into the code suggested that the files appear to be authentic.

Despite that, it's worth noting that many of the files had been leaked online in the past.

For example, this XP leak isn’t the first time Microsoft’s operating system source code has appeared online. In the past, at least 1GB of Windows 10-related source code has also leaked, and Microsoft has even faced a series of Xbox-related source code leaks this 2020.

Then in May, the source code for the original Xbox and Windows NT 3.5 has also appeared online, just weeks after Xbox Series X graphics source code was stolen and leaked online.

What makes it even interesting is that, the files are also reportedly polluted with a selection of QAnon propaganda videos relating to the widely-debunked Bill Gates conspiracy theories.

Microsoft source code leak

Windows XP was once the most popular operating system in the world.

According to web analytics data generated by Net Applications, the operating system was the most widely used operating system until August 2012. Windows 7 then overtook it, which in turn was overtaken by Windows 10.

Having passed its 19th birthday, the operating system has reached its end of life in 2014, meaning that Microsoft is no longer supporting the operating system. What this means, Microsoft is not patching any critical security issues or update any compatibility with modern-era hardware.

Regardless, it's predicted that one percent of all computers in the world are still having the aging operating system installed.

It is said that the leak won't present any immediate danger to those XP users.

This is because it's very unlikely that hackers would invest their time and resources to create new exploits targeting the old operating system. With only 1 percent of the world still using Windows XP, hackers may see them less financially attractive.

However, given that Windows has evolved as a continuous series of updates over the last two decades, it is possible that Microsoft placed various mechanisms that are similar in one operating system to the next. If this is true, the leak can create potential exploits for newer Windows versions.

Microsoft source code leak

A few days later, it was reported that a Windows developer managed to successfully compile both Windows XP and Windows Server 2003 from the leaked source code.

The developer who goes with the name 'NTDEV', found that the leaks were missing some critical files, including the Winlogon.exe file.

The file is an important component inside Windows operating systems, responsible for handling the secure attention sequence, loading user profile upon login, and optionally locking the computer out when a screensaver is running. The file is so critical that it has been in the past targeted by many hack attempts, in order to modify its function and memory usage.

The leaks without this file, renders the operating systems incomplete.

"So, upon further inspection, the XP source code might not be as complete as we previously thought, as it doesn't compile a critical file, winlogon.exe However, there is also an Server 2003 sc in that leak, so let's see how far that goes... Stay tuned!" the developer tweeted.

When it comes to the Windows server 2003 source code, NTDEV experienced more success. He was able to compile the operating system, and even installed it into a virtual machine.