Various media outlets are reporting that the source code for the legacy operating systems Windows XP and Windows Server 2003 have leaked online.
According to reports, the source code for both operating systems is being shared via torrents on file-sharing sites.
And, according to The Verge, it really *is* what it claims to be: Microsoft’s source code for good ol’ Windows XP and Windows Server 2003.
Now the good news is that most organisations aren’t using these operating systems anymore. Microsoft sounded the death knell on Windows XP back in 2014, and stopped releasing security patches.
(To be pedantic, Microsoft stopped releasing Windows XP security patches *until* 2017 when they raced out a fix for the “ETERNALBLUE” exploit that was most infamously used by the WannaCry ransomware. But that was very much an exceptional situation.)
But that’s not to say that Windows XP is entirely dead. For instance, last year the UK Government confirmed that 2,300 NHS computers were still running Windows XP, and no doubt there are other organisations out there working with older computers, running operating systems that are never being patched.
The public release of operating source code potentially opens opportunities for hackers to uncover security holes in the software that they might try to exploit. In some cases these same vulnerabilities *might* still exist in more modern versions of the operating system too.
As ever, my recommendation is to run a modern version of your operating system – whether it is a flavour of Windows or not – and keep it updated with security patches.
There’s an associated danger, however, with the news that Microsoft’s source code has leaked out. Lots of people are probably curious and tempted – using their high speed broadband connections – to download it in all its 42.9 GB glory.
The risk is that high demand could perk the interest of cybercriminals, who might plant poisoned versions of the torrent on file-sharing sites in the hope that users might download it and could accidentally infect themselves with malware.
It would be pretty galling to be hit by cryptomining code or have your files scrambled by ransomware just because you were curious about Microsoft’s source code.
There’s one other word of caution. It is reported that some of the torrents don’t just contain source code, but also material (files and movies) related to nonsensical Bill Gates conspiracy theories:
An odd thing, you might think, for someone to distribute alongside Microsoft’s source code.
Don’t believe everything you read on the internet, and always be cautious about what you choose to download and run on your PC.
h/t Images of torrent contents from @RoninDey on Twitter.
Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.