Microsoft has confirmed reports that some Windows 10 source code has leaked. The Register claims that 32TB of internal builds as well as large sections of source code were uploaded to betaarchive.com. While the scale of the leak is not yet known, Microsoft says that the files in question are “a portion of the source code […] used by OEMs and partners.”
The files leaked on Beta Archive are part of Microsoft’s Shared Source Kit, and it’s not clear that the leak is quite as big a deal as first thought — or as some reports are making out. Nevertheless, any form of leak is bad news for Microsoft.
The Register reports that the leaked code “includes the source to the base Windows 10 hardware drivers plus Redmond’s PnP code, its USB and Wi-Fi stacks, its storage drivers, and ARM-specific OneCore kernel code.” While this may already have been shared with OEMs and partners, there is a security risk associated with having the code made available for anyone to sift through.
It is said that unreleased builds of Windows have also leaked, but it is thought that these have actually been available for some time. The Verge contacted Microsoft for a response to the leaks, and the company said:
Our review confirms that these files are actually a portion of the source code from the Shared Source Initiative and is used by OEMs and partners.
The source code has now been removed from Beta Archive, but it is likely that this did not happen before it was made available elsewhere. The site refutes some of the Register’s report, saying:
First of all let us clear up a few facts. The “Shared Source Kit” folder did exist on the FTP until this article came to light. We have removed it from our FTP and listings pending further review just in case we missed something in our initial release. We currently have no plans to restore it until a full review of its contents is carried out and it is deemed acceptable under our rules.
The folder itself was 1.2GB in size, contained 12 releases each being 100MB. This is far from the claimed “32TB” as stated in The Register’s article, and cannot possibly cover “core source code” as it would be simply too small, not to mention it is against our rules to store such data.
At this time all we can deduct is that The Register refers to the large Windows 10 release we had on March 24th which included a lot of Windows releases provided to us, sourced from various forum members, Windows Insider members, and Microsoft Connect members. All of these we deemed safe for release to BetaArchive as they are all beta releases and defunct builds superseded by newer ones, and they were covered under our rules.
If any of this should change we will remove these builds from the FTP and we will happily comply with any instructions to do so by Microsoft.