Windows XP source code leaked online, on 4chan, out of all places

The source code for Windows XP, Windows Server 2003, and other Microsoft operating systems have been published online this week.

The OS sources were leaked online as a 42.9 GB torrent file on 4chan, an online message board often frequented by trolls and extremist groups. 

The content of this torrent file includes source code for several of Microsoft’s older operating systems, such as Windows 2000, Embedded (CE 3, CE 4, CE 5, CE, 7), Windows NT (3.5 and 4), XP, and Server 2003.

The files also contained the source code of the first Xbox operating system, MS-DOS (3.30 and 6), and the source code for various Windows 10 components.

While Microsoft hasn’t confirmed the leak yet, several Windows experts who analyzed the files said they appeared to be legitimate, but also played down the importance of the leak.

Many of the files leaked this week have actually leaked years before, and the leak appears to be a collection of previous items.

For example, the source code of some Windows 10 components leaked online in 2017 while the Xbox and Windows NT files leaked earlier this year. Other leaks are even older and trace back to discussions on mailing lists and forums dating back to the early 2010s.

The only new items that appear to have been leaked this week are the source code for Windows XP, Server 2003, and Windows 2000.

The leaker claims that many of the OS source code packages have been hoarded and exchanged in private by data brokers.

IT experts have told ZDNet that the source code of such operating systems was never fully private, but merely proprietary. They also believe the files leaked from academia.

Microsoft has historically provided access to the source code of its operating systems to governments across the world, for the purpose of security audits, and to academic teams, for the purpose of scientific research.

The leak is a novelty for the general public, but not a surprise for academics and software developers.

“All these files have been out there for ages,” wrote a user on the HakerNews aggregator. “Especially the WRK [Windows Research Kernel], which anyone with a .edu [email account] could already download.”

Furthermore, there are also some issues with this week’s leak, which many have called a stunt.

The reason is that the leak was made public on 4chan, a regular meeting place for QAnon, a far-right group sharing dumb conspiracy theories online. The leaked torrent file was infused with an assortment of videos peddling various Bill Gates conspiracy theories, consistent with some of the wacky QAnon agenda.

qanon-videos.png

QAnon stunt or not, the leaked files appear to be legitimate. However, it is still unclear if the files are enough to help users compile the entire XP or Server 2003 operating system and boot it, or if various parts are missing.

This will most likely take days to verify unless Microsoft decides to clarify this in a statement for everyone.

Some news sites are also vociferously peddling the theory that with the XP source code leaked online, XP users are in danger from malware authors.

But let’s be honest, XP users have been “in danger” ever since Microsoft stopped supporting the operating system. With a market share of around 1% of the total Windows userbase, XP isn’t as attractive to malware devs as it was once used to be. No threat actor will invest so much effort into auditing decades-old source code for an exploit with so few returns.