Microsoft started off this last weekend with an embarassing security snafu. The folks over at The Register reported that 32 TB of non-public data taken from Microsoft's network was uploaded to Beta Archive. This massive haul reportedly included source code for hardware drivers and various Windows builds, leading The Register to raise the concern that the information could be used to identify and exploit security vulnerabilities in Windows.
Microsoft itself confirmed that the files contain part of the Shared Source Kit, a restricted-access package containing (among other items) source code for the Windows components that handle Wi-Fi, USB, and the plug-and-play system. While the company doesn't make this kit available to the general public, Microsoft does provide access to these files to government agencies, OEMs, and hardware partners for the purposes of optimization, development, and debugging. It's possible, then, that the leaked files weren't acquired from Microsoft's systems, but from a partner working with the Shared Source Kit.
Interestingly, Beta Archive disputes a number of the claims made by The Register. The file hosting site says that while the folder containing these files was uploaded to its FTP servers, it's been since removed and there are no plans to restore it. Furthermore, Beta Archive states that the folder in question was actually 1.2 GB in size, not the whopping 32 TB reported by The Register. The data package contained 12 Windows builds, each about 100 MB in size. Beta Archive claims that those files aren't large enough to contain the core source code for a Windows build, and wonders if The Register was looking at a release made earlier this year which included beta builds of Windows that have since been superseded and rendered defunct.
With all this mind, this leak is probably not that big of a deal. It's embarassing for Microsoft to have some of its non-public files exposed, but it appears that the magnitude of the leak is much smaller than initially reported. It's less likely, then, that there will be significant ramifications for the security of Windows systems worldwide.
Reply With Quote
Bookmarks