Portions of the Windows Shared Source Kit leak out

Microsoft started off this last weekend with an embarassing security snafu. The folks over at The Register reported that 32 TB of non-public data taken from Microsoft's network was uploaded to Beta Archive. This massive haul reportedly included source code for hardware drivers and various Windows builds, leading The Register to raise the concern that the information could be used to identify and exploit security vulnerabilities in Windows.

Microsoft itself confirmed that the files contain part of the Shared Source Kit, a restricted-access package containing (among other items) source code for the Windows components that handle Wi-Fi, USB, and the plug-and-play system. While the company doesn't make this kit available to the general public, Microsoft does provide access to these files to government agencies, OEMs, and hardware partners for the purposes of optimization, development, and debugging. It's possible, then, that the leaked files weren't acquired from Microsoft's systems, but from a partner working with the Shared Source Kit.

Interestingly, Beta Archive disputes a number of the claims made by The Register. The file hosting site says that while the folder containing these files was uploaded to its FTP servers, it's been since removed and there are no plans to restore it. Furthermore, Beta Archive states that the folder in question was actually 1.2 GB in size, not the whopping 32 TB reported by The Register. The data package contained 12 Windows builds, each about 100 MB in size. Beta Archive claims that those files aren't large enough to contain the core source code for a Windows build, and wonders if The Register was looking at a release made earlier this year which included beta builds of Windows that have since been superseded and rendered defunct.

With all this mind, this leak is probably not that big of a deal. It's embarassing for Microsoft to have some of its non-public files exposed, but it appears that the magnitude of the leak is much smaller than initially reported. It's less likely, then, that there will be significant ramifications for the security of Windows systems worldwide.

Comments closed
    • kuraegomon
    • 5 years ago

    I almost overlooked this little gem, blinded by the magnificence of Chuck’s OP. Upvotes for both of you!

    • spugm1r3
    • 5 years ago

    It’s probably 32TB of .flac files of Cortana reading the code in a snarky programmer’s voice. The real measure of an AI is not the code it produces, but the code it shames.

    • lilbuddhaman
    • 5 years ago

    They can’t even turn the telemetry off in dev builds.

    • ozzuneoj
    • 5 years ago

    .WAV

    • Wirko
    • 5 years ago

    True or not true but it’s perfectly credible.

    There are 114,000 employees at Microsoft (currently). Let’s suppose half of them do some work.
    About 1,100 days passed between Windows 7 and Windows 8 RTM dates.

    So it took about 1,000,000,000 hours of work to do nothing else but rip Start menu and Aero from the Windows source. Granted, they took great care and did it right.

    Must have been terabytes of code.

    • Mr Bill
    • 5 years ago

    What windows would be if not for shared dll’s. 😉

    • chubbyhorse
    • 5 years ago

    Here, take my up-vote

    • smilingcrow
    • 5 years ago

    Recorded at 192/24 in 7.1 surround sound.

    • jihadjoe
    • 5 years ago

    32TB of source!? What were they? .flac files of someone reading the code?

    • morphine
    • 5 years ago

    Hahaha. Have three internet cookies.

    • chuckula
    • 5 years ago

    [quote<]Furthermore, Beta Archive states that the folder in question was actually 1.2 GB in size, not the whopping 32 TB reported by The Register.[/quote<] I agree and I believe 1.2 GB much more than 32 TB (although both could be wrong). It could be a snapshot of repositories that include umpteen million revisions and various copies of random stuff that's not source code but takes up lots of bytes. So the most up to date version of the source code (if its even in there) is clearly only a small fraction of this purported leak.

    • Glorious
    • 5 years ago

    LOL @ 32TB. Yah, no.

    The vast, vast majority of enthusiasts don’t have that kind of storage readily available, much less any random journalist, tech or otherwise. It would take half-a-week minimum just to download it at gigabit speed.

    And if compressed? Even at 10%, that’s still 3.2 TB. And decompressing it would take a long time and we’re still back to the first problem when it comes to actually verifying it.

    And for source code? Really? Every Microsoft product’s source, ever, can’t that big.

    On the face of it, the claim simply isn’t believable.

    • tipoo
    • 5 years ago

    Well that’s one way to go open source!

    That’s GNU/Windows, please.

    • cygnus1
    • 5 years ago

    chuckula made me chuckle

    • Mr Bill
    • 5 years ago

    Groan

    • chuckula
    • 5 years ago

    That’s nothing compared to the ongoing espionage campaign that has been leaking the entire Linux kernel source code on a daily basis for literally DECADES.

    • Neutronbeam
    • 5 years ago

    I think we all know that when it comes to credibility, The Register is, ah, terable.

Pin It on Pinterest

Share This

Share this post with your friends!