Monday, 26 June 2017

Windows 10 code leak raises serious security concerns

Parts of the source code for Windows 10 have been leaked online, and although the spillage isn’t as serious as first thought, the incident still represents a major security worry – both for users and for Microsoft.

This saga developed over the weekend, and began with a report from The Register which claimed that ‘massive’ chunks of Windows 10’s source code – the nuts and bolts of the operating system’s programming – along with unreleased internal builds of the desktop OS had been dumped online: some 32TB of the stuff.

However, Microsoft later confirmed the leak to The Verge, but asserted that it was a relatively minor affair, and that most of the aforementioned 32TB of data had already been available online for quite some time (months, or even years).

Microsoft issued a statement to say: “Our review confirms that these files are actually a portion of the source code from the Shared Source Initiative and is used by OEMs and partners.”

Microsoft’s claim is that the leaked material actually amounted to 1.2GB of source code, which was posted to the Beta Archive website. These files reportedly relate to the USB, storage and Wi-Fi drivers of Windows 10.

As the firm stated above, Microsoft already shares the source code with third-party partners as part of the Shared Source Initiative – and while this might be ‘minor’ compared to the initial claimed huge avalanche of leaked data and whole internal builds, it’s still a worrying situation for Windows 10 users.

Malware mayhem

That’s because malicious types out there could still potentially make use of this material to craft exploits targeted at Windows 10 users, obviously a less-than-ideal situation for Microsoft which is pushing its newest OS hard as the most secure version of Windows ever.

The code has now been removed from Beta Archive, with the website making the decision to do so voluntarily. But the damage may have already been done in terms of who may have downloaded the material before it was taken down.

This incident could possibly be connected to the arrest of two men in the UK which is part of a probe into somebody gaining access to Microsoft’s internal network, one of whom is allegedly connected to the Beta Archive site, but it’s not clear yet if that is the case. If there are any further announcements from Microsoft on the matter, we’ll update this story.

http://ift.tt/2rSLH3c

No comments:

Post a Comment