Source Code for Windows XP, 2003, and More Leaked

What happened?

If you trust the Internet, the story goes like this: a leaker, that goes by the handle billgates3, amassed the treasure trove of Microsoft source code over a period of months leading up to this weekend, and felt that releasing it was in the best interest of the public since, after all, this code has been circulating the underground hacker world for years. The code was shared on 4chan, an image-based BBS, and the link was archived after being live for just four hours.

Various media outlets have received the same response from Microsoft to their inquiries, "We are investigating the matter.” (Tom'sHardware.com)

Some Background

Since 2003, Microsoft has had numerous agreements over the years to share source code in an effort"to build trust through transparency"with various government agencies through itsGovernment Security Program. This includes national-level government agencies and international organizations. But why does this matter? In short, it's because the source code has been accessible to non-Microsoft personnel for quite some time and thus, it is possible, and even probable, that this code has been available to hackers for years.

Microsoft Source Code Leaked via Torrent

What's the Big Deal?

At the moment, there isn't one. The problem is likely down the road. Exposing source code is akin to providing a cheat sheet to hackers and reverse engineers. For example, knowing variables and their types—as well as what functions are called upon them—can help exploit developers craft effective payloads in shorter periods of time. E.g., Less guess work.

What's at Risk?

The potential issues that could arise from this will most probably target the operating systems released in the torrent:

  • Windows 2000

  • Windows CE 3 

  • Windows CE 4 

  • Windows CE 5 

  • Windows Embedded 7

  • Windows Embedded CE

  • Windows NT 3.5

  • Windows NT 4

  • MS-DOS 3.30 

  • MS-DOS 6.0

Though it's worth noting that software developers frequently re-use code and newer operating systems may be vulnerable to some of the same attacks that stem from this leak.

This also highlights another important consideration, though there isn't much to do about it: if this code has been available to the hacker community, is there newer source code also in circulation? Don't lose too much sleep though; chances are, if that code is floating around, those in possession of it, aren't weaponizing it against you at first and if you have a good patching cadence for your environment, you'll be safe before it becomes a problem.

So What Should I Do?

Well this may not come as a surprise, but here we go anyway: Get your environment off any of the aforementioned operating systems ASAP! These operating systems are all end-of-life and should not be running production workloads anywhere in your environment. End-of-life typically means any new exploits that affect these systems will not be patched by Microsoft.

Additionally, revisit your patching process to ensure that your patch management cadence is complete (includes all systems) and timely. If anything comes from this that affects currently supported operating systems, prompt patching will be critical.

Previous
Previous

Losing Sleep Over CMMC? Read This.

Next
Next

Building Breach Resiliency Through Collaboration