Windows XP source code has spilled out onto the internet

onetheycallEric

Posts: 214   +37
Staff member
What just happened? The venerable Windows XP is one of Microsoft's most beloved and long-lived operating systems, and there's still a small concentration of devotees that refuse to abandon it to this day. If a recent leak is to be believed, the source code for the revered operating system has leaked. It's presently unclear how much of a threat this poses to Windows 10 users, as Windows versions likely all share a certain amount of the code base. Still, it would be a veritable treasure trove for hackers and security researchers alike, and there's no small amount of information that could be gleaned from some of Microsoft's prized IP.

Amidst reports suggesting that the source code for Windows XP has leaked, Microsoft has yet to confirm or deny the leak. However, security researchers already seem convinced it's legitimate.

It seems the alleged source code was initially leaked to 4chan, but has since spread to a torrent and a Mega upload. For the uninitiated, Mega is a file hosting and cloud storage service.

While this type of leak seems low risk on the surface, there's a couple of interesting scenarios at play. Assuming the veracity of the leak, users will almost certainly begin reverse engineering the source code to see how it ticks. This could lead to some interesting forks of the ancient operating system that support modern hardware, or it could be used for better compatibility layers and emulation with Linux or macOS.

Or it could lead to bad actors learning some new tricks in Windows-based exploits.

While statistics show that there's still a very small user base for Windows XP, it wouldn't be a profitable attack surface. However, there's almost certainly some Windows XP source code that has lived on under the hood in more modern versions of Windows -- like Windows 7 and Windows 10. Even though Windows 7 has reached end-of-life, there's still plenty of users on the operating system.

At this point, we await an official response from Microsoft, as they'll almost certainly be looking to snuff this out.

Image credit: Friemann

Permalink to story.

 

kimo1

Posts: 126   +201
Some say this leak has been circulating for over 6 years. Now made more public.
 

Endymio

Posts: 701   +565
>> " However, there's almost certainly some Windows XP source code that has lived on under the hood in more modern versions of Windows "

Very true. I'd estimate that 50%, maybe more, of the kernel code is unchanged since XP.
 

yRaz

Posts: 3,386   +2,921
Guess I'm only booting Linux up until we see what the fallout of this leak is.
 

Bullwinkle M

Posts: 374   +268
Guess I'm only booting Linux up until we see what the fallout of this leak is.
Not me!

You cannot wreck my XP box even with the source code!

You cannot encrypt my files with ransomware and you cannot meaningfully infect my O.S. to any usable degree

Still running XP-SP2 ONLINE without any Microsoft Security patches and a full Admin account.

Yeah, we bad!

 

CrisisDog

Posts: 188   +82
How would this be any different of a security issue than having Linux source code? Yeah, easier to exploit at first, but in the long run, vulnerabilities should be known and fixed.
 
  • Like
Reactions: bobc4012 and PEnnn

Aryassen

Posts: 83   +83
It seems I will be the odd exception: I absolutely hated XP (and I liked even Vista...apart from the stupid tiles, but that could have been turned off), so no love lost there I'm afraid.

I certainly do hope that the kernel of W10 would be significantly different...but that's only a hope, I know little about the internal structure of Windows. Will we ever know for sure, I wonder?...
 

PEnnn

Posts: 461   +402
>> " However, there's almost certainly some Windows XP source code that has lived on under the hood in more modern versions of Windows "

Very true. I'd estimate that 50%, maybe more, of the kernel code is unchanged since XP.
Interesting.

Do you know that for a fact / how did you get to that conclusion??
 

Endymio

Posts: 701   +565
I'd estimate that 50%, maybe more, of the kernel code is unchanged since XP.
Interesting. Do you know that for a fact / how did you get to that conclusion??
No factual evidence at all. Just a guess, based simply on how slowly kernel code changes in general, and specifically on how little the OS/2 kernel changed when it became the Win NT kernel (and from that, to Win2K and beyond).
 
  • Like
Reactions: bobc4012

Stark

Posts: 154   +137
"Assuming the veracity of the leak, users will almost certainly begin reverse engineering the source code to see how it ticks. This could lead to some interesting forks of the ancient operating system that support modern hardware, or it could be used for better compatibility layers and emulation with Linux or macOS."

This; even if it's a better compatibility layer for Linux, or better yet a fork with Direct x 12 would be awesome!!!!
 

gamerk2

Posts: 432   +303
How would this be any different of a security issue than having Linux source code? Yeah, easier to exploit at first, but in the long run, vulnerabilities should be known and fixed.
Only when they are attacked and people realize the vulnerability. One of the long running issues with OSS is that there aren't enough people to actually audit the code.

So yeah, Linux isn't any more secure whatsoever.
 
  • Like
Reactions: mbrowne5061

MaxSmarties

Posts: 397   +215
No factual evidence at all. Just a guess, based simply on how slowly kernel code changes in general, and specifically on how little the OS/2 kernel changed when it became the Win NT kernel (and from that, to Win2K and beyond).
Vista... 7... 8... too many versions since then. I don’t think your 50% figure is accurate
 

bazz2004

Posts: 1,645   +273
If this was an important matter it would not be confined to this thread. Time to get back to worrying about Covid 19 and climate change.
 

mbrowne5061

Posts: 1,643   +936
A chunk of the healthcare industry, banking (ATMs) not to mention nuclear submarines still use XP!
Nuclear submarines have the benefit of what is perhaps the world's greatest "air" gap: water. Not impossible, but it would likely take a sailor plugging in something they shouldn't.
 

Farkinell

Posts: 48   +52
Nuclear submarines have the benefit of what is perhaps the world's greatest "air" gap: water. Not impossible, but it would likely take a sailor plugging in something they shouldn't.
Exactly, there’s plenty of examples of employees being tricked into plugging in a rogue USB device into a networked computer. Wouldn’t be a leap of the imagination where phishing scam convinced a vulnerable sailor to insert such device, although doubtfully they have accessible ports. Plus I’m sure they have to return to for maintenance at some point.
 

mbrowne5061

Posts: 1,643   +936
Exactly, there’s plenty of examples of employees being tricked into plugging in a rogue USB device into a networked computer. Wouldn’t be a leap of the imagination where phishing scam convinced a vulnerable sailor to insert such device, although doubtfully they have accessible ports. Plus I’m sure they have to return to for maintenance at some point.
Considering that most critical systems either have old-school analog circuits for their processing(effectively 'unhackable' ), or use floppies to install software on a system like Windows XP (don't forget America hasn't launched a new sub class since 1989), I bet the risk something critical being compromised is extremely slim. At via tricking a sailor.

Now, coercion is a different story.
 
  • Like
Reactions: bobc4012

Endymio

Posts: 701   +565
...or use floppies to install software on a system like Windows XP (don't forget America hasn't launched a new sub class since 1989)
The first Seawolf-class was launched in the '90s, and the first Virginia-class in the early 2000s.
 

Bullwinkle M

Posts: 374   +268
"...or use floppies to install software on a system like Windows XP "
-----------------------------------------------------------------------------------------

Wait,..... what?
Why would I transfer my XP software from a single 100GB BluRay disk to 69,000 floppy disks?
 
Last edited:

mbrowne5061

Posts: 1,643   +936
The first Seawolf-class was launched in the '90s, and the first Virginia-class in the early 2000s.
They tend to not make large changes to ships mid-class, not unless it is absolutely necessary for the mission profile, so the year the first one launched is probably about as advanced as their computing will get. The first Seawolf was launched in late 1989. But you're right about the Virginia class, that was first launched in 1999.

You might find more modern computing on the newer Virginias, but I doubt the Seawolf have much more than floppies. And the Ohios almost certainly are just floppies, if they have even that much hooked up into their systems.