Potentially genuine leaked XP/Server 2003 source code could be misused to develop new attacks, researchers warn.
Yesterday, Thursday, an unknown person published a link to an approximately 3 GByte file archive on the anonymous message board 4chan source code (or parts of the code) of Windows XP and Server 2003.
Other 4chan users later combined the archive with older source code leaks and distributed the whole thing as a torrent file. Apart from the XP/2K3, the resulting collection, which is around 41 GB in size, only contains code that had previously appeared on the Internet – including the Windows NT and 2000 code leaked in 2004 and Xbox code that leaked in May of this year became public.
User feedback on 4chan and initial analyzes by security researchers and Windows experts indicate that the leak is genuine. However, Microsoft has not commented so far.
Dangers from new exploits
The fact that Microsoft Operating system versions that are no longer supported – for example on many ATMs or cash register systems – pose a risk in themselves. Because the lack of security updates for known vulnerabilities makes such systems particularly vulnerable. Some security researchers are now warning that the current code leak, if it is real, could make it even easier for potential attackers to find previously hidden vulnerabilities and develop effective exploits.
Others, however, also note that that Microsoft has been granting source inspection to certain groups of people upon request for many years. This applies, for example, to governments, to university members for research purposes and to other companies as licensees. Thus, the code was not really “secret” beforehand. been. Incidentally, licensees were already under suspicion during the leak in 2004.