32TB of Windows 10 Internal Builds, Core Source Code Leak Online

According to an exclusive report via The Register, "a massive trove of Microsoft's internal Windows operating system builds and chunks of its core source code have leaked online." From the report: The data -- some 32TB of installation images and software blueprints that compress down to 8TB -- were uploaded to betaarchive.com, the latest load of files provided just earlier this week. It is believed the data has been exfiltrated from Microsoft's in-house systems since around March. The leaked code is Microsoft's Shared Source Kit: according to people who have seen its contents, it includes the source to the base Windows 10 hardware drivers plus Redmond's PnP code, its USB and Wi-Fi stacks, its storage drivers, and ARM-specific OneCore kernel code. Anyone who has this information can scour it for security vulnerabilities, which could be exploited to hack Windows systems worldwide. The code runs at the heart of the operating system, at some of its most trusted levels. In addition to this, hundreds of top-secret builds of Windows 10 and Windows Server 2016, none of which have been released to the public, have been leaked along with copies of officially released versions.

Neat.

Maybe it tells us the secret to shutting down a laptop using ACPI in a way that doesn't drain the battery dead 2 hours after it "powers off" using Linux

Re:Neat.

[aliquis]

Or why the machine can't wake up if I let it park the CPU in Windows 10 but it worked fine in Windows 8.1.

(Phenom X4 9850 on ASUS 790FX board.)

I know it was you Comey. Horrible. Horrible.

Really very, very horrible. Really horrible. Very very not good at all, let me tell you. Leakers on any media, horrible. Don't watch that video.

Oh no, security problems might be found!

Anyone who has this information can scour it for security vulnerabilities, which could be exploited to hack Windows systems worldwide.

You mean like.. BSD and Linux? Sounds like the way it should be -- the security by obscurity fad faded a long time ago.

Re: Oh no, security problems might be found!

[Bert64]

"Many eyes makes bugs shallow" is not so much the point...
Rather is having a level playing field for everyone, anyone can see the code, good and bad guys alike.

With closed source *you* probably don't have the code and white hat security researchers probably don't have the code, but you have no idea who else (NSA and similar agencies, criminals etc) does. Chances are with closed source those who do have the code are more likely to have hostile motives.

Telemetry

[OtisSnerd]

Maybe now we'll be able to find out what the telemetry actually sends back to MS and the three-letter agencies. It would also be nice for some to develop a way to completely kill it.

Re:Telemetry

[OtisSnerd]

I've seen that list before, but I suspect that it's not complete. After all the forced upgrades, and all but pointing guns at their 'customers' to force them to upgrade, I wouldn't trust them to tell me the the color of the sky, let alone believe that the list they posted is complete.

Re:32 TB?

[haruchai]

How much is it if you skip all the #ifdef BUGS sections?

That compiles down to 640k, just enough for everybody

Re:Reminds me ...

[Bert64]

Then you should have redesigned the network such that the printers were not directly accessible to users, and they had to funnel data through a central print server which *does* log what was printed and by whom. Aside from the reason given (likely a severe violation of the company code of conduct), you get other benefits too like keeping (usually horrendously insecure) printers away from the user network, being able to tell who's printing copies of company data that might have leaked out, and keeping track of how much is being printed.

Betaarchive admin official statement

[ark1]

https://www.betaarchive.com/fo...

Seems The Register story may not be accurate, or if you prefer FAKE NEWS!

Waste

[Air-conditioned+cowh]

What a horrific waste of valuable hard drive space.

Re:32TB?

[Z00L00K]

Going to need a new OS because now the malware creators have the ability to find yet undiscovered security holes and utilize them.

Relax...

[Lussarn]

Relax! Our most valuable and most secure operating system is out there for free! How am I suppose to explain that?

I don't know... Say it was all part of the plan!

Re: 32TB?

[cyber-vandal]

Better not use Linux or FreeBSD. I hear they let anyone look at the source.

Winbeta themselves have refuted almost everything

[Artem+S.+Tashkinov]

Source

The Register article has got BetaArchive a fair amount of attention this evening. They claim, and I quote âoe32TB of Windows 10 internal builds, core source code leak onlineâ.

First of all let us clear up a few facts. The âoeShared Source Kitâ folder did exist on the FTP until this article came to light. We have removed it from our FTP and listings pending further review just in case we missed something in our initial release. We currently have no plans to restore it until a full review of its contents is carried out and it is deemed acceptable under our rules.

The folder itself was 1.2GB in size, contained 12 releases each being 100MB. This is far from the claimed âoe32TBâ as stated in The Registerâ(TM)s article, and cannot possibly cover âoecore source codeâ as it would be simply too small, not to mention it is against our rules to store such data.

At this time all we can deduct is that The Register refers to the large Windows 10 release we had on March 24th which included a lot of Windows releases provided to us, sourced from various forum members, Windows Insider members, and Microsoft Connect members. All of these we deemed safe for release to BetaArchive as they are all beta releases and defunct builds superseded by newer ones, and they were covered under our rules.

If any of this should change we will remove these builds from the FTP and we will happily comply with any instructions to do so by Microsoft.

With regards to the BBC article http://www.bbc.co.uk/news/tech... about two Britons that have been arrested following an alleged Microsoft hack, we donâ(TM)t believe there is any connection with this alleged âoeWindows 10 core source code leakâ.

Update 09:58 GMT 24/06/2017 A spokesperson for Microsoft contacted The Register and said: "Our review confirms that these files are actually a portion of the source code from the Shared Source Initiative and is used by OEMs and partners."

Re:Use it to build a fucking non-updating distro

[dwywit]

Start, run, services.msc
Scroll to Windows Updates
Right-click, stop
Right-click, properties
Select startup type, choose 'disabled', apply
OK, close

Happy now? Don't even need to reboot. Wow, didn't even need a command prompt to make that happen (although you could it that way if want to).

You can visit wsusoffline once a month or so - at *your* convenience, to download and install updates. BTW, you should donate a dollar or three to the site if you find it useful (not my site, just a happy user).

FWIW, mint and ubuntu also nag (albeit politely, and without forced reboots*).

* you can find the reboot trigger in Window's 'Scheduled tasks' and change the parameters, including when to reboot.

Re:Too bad

[infolation]

The point is not a personal audit of every line of code, but a network of trust - code that is able to be audited by a network of known individuals who build trust in that code. GNU-Linux, and the code of free software, already relies on the notion of 'standing on the shoulders of giants' and the principle of an auditing process over time is no different. Auditors are motivated to work because they know their contributions build over time to a verifiable and trustworthy system.

It is the complete lack of transparancy that impedes trust in Microsoft's code. Inspecting a code dump does not build trust because there is no incentive for 3rd parties to audit the dump. In the long term it cannot contribute to an open, auditable Microsoft code base.