Microsoft confirmed last week that a portion of Windows 10 source code had leaked online, according to a report from The Verge. This is part of a massive leak of some 32 TB of data that includes private internal builds and other unreleased versions of Windows. This source code revelation could lead to countless zero-day Windows 10 exploits.
The leaked source code, amounting to some 1.2 GB in size, includes source code for Windows 10 hardware drivers, such as PnP code, USB and Wi-Fi stacks, storage drivers, and ARM-specific OneCore kernel code.
The availability of source code makes it easy for anyone to scour it for security vulnerabilities. Malicious attackers can take advantage of zero-day vulnerabilities to craft powerful exploits, an unleash malware in the wild.
However, this source code is already shared with partners, enterprises, governments, and other customers who choose to license it through the Shared Source initiative. Technically, it’s not like the leaked source code is a total secret that is kept only within Microsoft.
That notwithstanding, the public release of the partial source code could spell trouble in the future for Windows 10 users.
The leaked data includes numerous private builds of Windows 10 and Windows Server 2016. These builds were created for debugging and troubleshooting purposes, and includes private debugging symbols that are usually stripped out for public releases.
All 32 TB of the leaked data was originally posted on Beta Archive, but the site’s administrators have since removed at least some of the private data, such as the source code. Nevertheless, the damage is already done, and one can assume that malicious attackers already have their hands on the source code.