A massive trove in 32 terabytes of internal Microsoft source code, builds and tools have leaked onto the internet, downloadable by all and sundry,
The Register reports the files, Microsoft’s Shared Source Kit, appears to have leaked from internal Microsoft servers in March this year and includes the source to the base Windows 10 hardware drivers plus Redmond’s PnP code, its USB and Wi-Fi stacks, its storage drivers, and ARM-specific OneCore kernel code.
It also includes new builds for Windows 10 and Windows Server 2016, unreleased 64-bit ARM versions of Windows and multiple versions of Microsoft’s Windows 10 Mobile Adaptation Kit.
The source kit, found, but since removed on Beta Archive, is meant to be available to only “qualified customers, enterprises, governments, and partners for debugging and reference purposes,” and access to the source code may make it easier for motivated hackers to find exploits in Windows.
On the other hand, given that the code was already meant to be available to “qualified customers, enterprises, governments, and partners” its release may not be such a big deal after all, as Microsoft may already have an expectation that this data could one day leak.
We should see the impact if any of this leak with increased malware targeting Windows in the coming months. Hopefully, this won’t rise above the noise level normal for the biggest desktop operating system in the world.
Update: In a statement to The Verge Microsoft said:
Our review confirms that these files are actually a portion of the source code from the Shared Source Initiative and is used by OEMs and partners.
In a statement BetaArchive has downplayed the magnitude of the leak, saying:
The “Shared Source Kit” folder did exist on the FTP until this article came to light …
The folder itself was 1.2GB in size, contained 12 releases each being 100MB. This is far from the claimed “32TB” as stated in The Register’s article, and cannot possibly cover “core source code” as it would be simply too small, not to mention it is against our rules to store such data.