Windows XP source code has spilled out onto the internet

onetheycallEric

onetheycallEric

Posts: 225   +47
Staff
What just happened? The venerable Windows XP is one of Microsoft's most beloved and long-lived operating systems, and there's still a small concentration of devotees that refuse to abandon it to this day. If a recent leak is to be believed, the source code for the revered operating system has leaked. It's presently unclear how much of a threat this poses to Windows 10 users, as Windows versions likely all share a certain amount of the code base. Still, it would be a veritable treasure trove for hackers and security researchers alike, and there's no small amount of information that could be gleaned from some of Microsoft's prized IP.

Amidst reports suggesting that the source code for Windows XP has leaked, Microsoft has yet to confirm or deny the leak. However, security researchers already seem convinced it's legitimate.

It seems the alleged source code was initially leaked to 4chan, but has since spread to a torrent and a Mega upload. For the uninitiated, Mega is a file hosting and cloud storage service.

While this type of leak seems low risk on the surface, there's a couple of interesting scenarios at play. Assuming the veracity of the leak, users will almost certainly begin reverse engineering the source code to see how it ticks. This could lead to some interesting forks of the ancient operating system that support modern hardware, or it could be used for better compatibility layers and emulation with Linux or macOS.

Or it could lead to bad actors learning some new tricks in Windows-based exploits.

While statistics show that there's still a very small user base for Windows XP, it wouldn't be a profitable attack surface. However, there's almost certainly some Windows XP source code that has lived on under the hood in more modern versions of Windows -- like Windows 7 and Windows 10. Even though Windows 7 has reached end-of-life, there's still plenty of users on the operating system.

At this point, we await an official response from Microsoft, as they'll almost certainly be looking to snuff this out.

Image credit: Friemann

Permalink to story.

https://www.techspot.com/news/86881-windows-xp-source-code-has-spilled-out-onto.html

 
Some say this leak has been circulating for over 6 years. Now made more public.
 
>> " However, there's almost certainly some Windows XP source code that has lived on under the hood in more modern versions of Windows "

Very true. I'd estimate that 50%, maybe more, of the kernel code is unchanged since XP.
 
  • Like
Reactions: bobc4012, trgz, Reehahs and 2 others
Guess I'm only booting Linux up until we see what the fallout of this leak is.
 
yRaz said:
Guess I'm only booting Linux up until we see what the fallout of this leak is.
Click to expand...
Not me!

You cannot wreck my XP box even with the source code!

You cannot encrypt my files with ransomware and you cannot meaningfully infect my O.S. to any usable degree

Still running XP-SP2 ONLINE without any Microsoft Security patches and a full Admin account.

Yeah, we bad!

 
  • Like
Reactions: VaRmeNsI, Reehahs and Bulllee
How would this be any different of a security issue than having Linux source code? Yeah, easier to exploit at first, but in the long run, vulnerabilities should be known and fixed.
 
  • Like
Reactions: bobc4012 and PEnnn
It seems I will be the odd exception: I absolutely hated XP (and I liked even Vista...apart from the stupid tiles, but that could have been turned off), so no love lost there I'm afraid.

I certainly do hope that the kernel of W10 would be significantly different...but that's only a hope, I know little about the internal structure of Windows. Will we ever know for sure, I wonder?...
 
  • Like
Reactions: gdavid65 and nismo91
Endymio said:
>> " However, there's almost certainly some Windows XP source code that has lived on under the hood in more modern versions of Windows "

Very true. I'd estimate that 50%, maybe more, of the kernel code is unchanged since XP.
Click to expand...

Interesting.

Do you know that for a fact / how did you get to that conclusion??
 
PEnnn said:
I'd estimate that 50%, maybe more, of the kernel code is unchanged since XP.
Click to expand...

Interesting. Do you know that for a fact / how did you get to that conclusion??
Click to expand...
No factual evidence at all. Just a guess, based simply on how slowly kernel code changes in general, and specifically on how little the OS/2 kernel changed when it became the Win NT kernel (and from that, to Win2K and beyond).
 
  • Like
Reactions: bobc4012
"Assuming the veracity of the leak, users will almost certainly begin reverse engineering the source code to see how it ticks. This could lead to some interesting forks of the ancient operating system that support modern hardware, or it could be used for better compatibility layers and emulation with Linux or macOS."

This; even if it's a better compatibility layer for Linux, or better yet a fork with Direct x 12 would be awesome!!!!
 
  • Like
Reactions: onetheycallEric and trgz
CrisisDog said:
How would this be any different of a security issue than having Linux source code? Yeah, easier to exploit at first, but in the long run, vulnerabilities should be known and fixed.
Click to expand...

Only when they are attacked and people realize the vulnerability. One of the long running issues with OSS is that there aren't enough people to actually audit the code.

So yeah, Linux isn't any more secure whatsoever.
 
  • Like
Reactions: mbrowne5061
Endymio said:
No factual evidence at all. Just a guess, based simply on how slowly kernel code changes in general, and specifically on how little the OS/2 kernel changed when it became the Win NT kernel (and from that, to Win2K and beyond).
Click to expand...
Vista... 7... 8... too many versions since then. I don’t think your 50% figure is accurate
 
If this was an important matter it would not be confined to this thread. Time to get back to worrying about Covid 19 and climate change.
 
Farkinell said:
A chunk of the healthcare industry, banking (ATMs) not to mention nuclear submarines still use XP!
Click to expand...
Nuclear submarines have the benefit of what is perhaps the world's greatest "air" gap: water. Not impossible, but it would likely take a sailor plugging in something they shouldn't.
 
mbrowne5061 said:
Nuclear submarines have the benefit of what is perhaps the world's greatest "air" gap: water. Not impossible, but it would likely take a sailor plugging in something they shouldn't.
Click to expand...

Exactly, there’s plenty of examples of employees being tricked into plugging in a rogue USB device into a networked computer. Wouldn’t be a leap of the imagination where phishing scam convinced a vulnerable sailor to insert such device, although doubtfully they have accessible ports. Plus I’m sure they have to return to for maintenance at some point.
 
Farkinell said:
Exactly, there’s plenty of examples of employees being tricked into plugging in a rogue USB device into a networked computer. Wouldn’t be a leap of the imagination where phishing scam convinced a vulnerable sailor to insert such device, although doubtfully they have accessible ports. Plus I’m sure they have to return to for maintenance at some point.
Click to expand...
Considering that most critical systems either have old-school analog circuits for their processing(effectively 'unhackable' ), or use floppies to install software on a system like Windows XP (don't forget America hasn't launched a new sub class since 1989), I bet the risk something critical being compromised is extremely slim. At via tricking a sailor.

Now, coercion is a different story.
 
  • Like
Reactions: bobc4012
mbrowne5061 said:
...or use floppies to install software on a system like Windows XP (don't forget America hasn't launched a new sub class since 1989)
Click to expand...
The first Seawolf-class was launched in the '90s, and the first Virginia-class in the early 2000s.
 
"...or use floppies to install software on a system like Windows XP "
-----------------------------------------------------------------------------------------

Wait,..... what?
Why would I transfer my XP software from a single 100GB BluRay disk to 69,000 floppy disks?
 
Last edited:
Endymio said:
The first Seawolf-class was launched in the '90s, and the first Virginia-class in the early 2000s.
Click to expand...
They tend to not make large changes to ships mid-class, not unless it is absolutely necessary for the mission profile, so the year the first one launched is probably about as advanced as their computing will get. The first Seawolf was launched in late 1989. But you're right about the Virginia class, that was first launched in 1999.

You might find more modern computing on the newer Virginias, but I doubt the Seawolf have much more than floppies. And the Ohios almost certainly are just floppies, if they have even that much hooked up into their systems.
 
You must log in or register to reply here.

Similar threads

A
Microsoft releases MS-DOS 4.0 source code and floppy images through an open-source license
Replies
6
Views
79
pmshah
P
Daniel Sims
Class-action lawsuit accuses HP of monopolizing aftermarket ink cartridges
2
Replies
32
Views
456
pmshah
P
David Matthews
Microsoft rolls out a new way to install Windows Store apps from the web
Replies
4
Views
107
MaestroIT
M

Latest posts

Back