The source code for several operating systems, including Windows XP and Windows Server 2003, was leaked to 4chan as a 42.9 GB torrent file.
The content of this torrent file includes source code for several older Microsoft operating systems such as Windows 2000, Embedded (CE 3, CE 4, CE 5, CE, 7), Windows NT (3.5 and 4), XP, and Server. 2003, reported by ZDNet.
The files also contained source code for the first Xbox operating system, MS-DOS (3.30 and 6), and source code for various components of Windows 10.
Although Microsoft has yet to confirm the leak, several Windows experts who have analyzed the files have said they look realistic while downplaying the leak.
Many of the files leaked this week had actually been circulating the net years before, and the leak appears to be a collection of previous leaks.
For example, the source code for some Windows 10 components was leaked online in 2017, and the Xbox and Windows NT files were leaked earlier this year. Other leaks are even older and have been on the forums since the early 2010s.
The only new items that seem to have leaked this week are the source code for Windows XP, Server 2003, and Windows 2000.
The leaker claims that many OS source packages were copied and exchanged privately by data brokers.
IT professionals told ZDNet that the source code for such operating systems was never completely private, but was simply closed. They also believe the files were leaked from academia.
Microsoft has historically provided access to the source code of its operating systems to governments around the world for the purpose of security audits and to academic groups for research purposes.
The leak is news to the general public, but not a surprise to scientists and software developers.
“All these files have been around for years," wrote a HakerNews aggregator user. "Especially the WRK [Windows Research Kernel], which anyone with a .edu [email account] can already download."
In addition, there are other issues with this week’s leak, which many have called a gimmick.
The reason is that the leak was made public on 4chan, a regular meeting place for QAnon, a far-right group that shares silly conspiracy theories online. The leaked torrent file was filled with an assortment of videos promoting various Bill Gates conspiracy theories, coinciding with some of QAnon’s plans.
Trick or not, the leaked files seem real. However, it is still unclear whether there are enough files for users to compile and boot XP or Server 2003, or whether various parts are missing from the files.
It will likely take a few days to figure this out, unless Microsoft decides to make it clear by issuing a statement.
Some news sites are also vociferously promoting the theory that because XP’s source code is leaked online, users of the operating system are at risk from malware writers.
But let’s be honest, XP users have been "at risk" ever since Microsoft ended support for the operating system. With a market share of around 1% of the total user base, Windows XP is not as attractive to malware developers as it used to be. No attacker would put so much effort into auditing decade-old source code to find vulnerabilities with such little payoff.