9 stories
today

BetaArchive accidentally leaks Windows 10 source code for parts of Windows 10’s driver stack

In an accidental leak by BetaArchive, source code for Windows 10’s driver stack, that is normally only provided to third parties, such as OEMs and partners, was made publicly available.

Some news organisations quickly jumped to conclusions over the leak, suggesting that 32TB of data was leaked, and that this would cause a large increase in security exploits on Windows 10. However, as many put it – this was FUD. In fact, only parts of the driver stack were leaked (of which, it is likely Microsoft has processes in place to protect areas that could be affected by this, as they’d anticipate a leak when they provide it to third parties), and that, this is different to when, in 2004, parts of Windows’ actual source code was leaked, which didn’t lead to an increase in security exploits, making it unlikely that this particular leak would.

Within the files, there were a number of released and unreleased Windows 10 builds from Redstone 2 – which has already been released publicly to customers, thus already superseded by new builds.

In response to the leak, BetaArchive released the following statement:

First of all let us clear up a few facts. The “Shared Source Kit” folder did exist on the FTP until this article came to light. We have removed it from our FTP and listings pending further review just in case we missed something in our initial release. We currently have no plans to restore it until a full review of its contents is carried out and it is deemed acceptable under our rules.

The folder itself was 1.2GB in size, contained 12 releases each being 100MB. This is far from the claimed “32TB” as stated in The Register’s article, and cannot possibly cover “core source code” as it would be simply too small, not to mention it is against our rules to store such data.

At this time all we can deduct is that The Register refers to the large Windows 10 release we had on March 24th which included a lot of Windows releases provided to us, sourced from various forum members, Windows Insider members, and Microsoft Connect members. All of these we deemed safe for release to BetaArchive as they are all beta releases and defunct builds superseded by newer ones, and they were covered under our rules.

If any of this should change we will remove these builds from the FTP and we will happily comply with any instructions to do so by Microsoft.

Additionally, a spokesperson for Microsoft said:

Our review confirms that these files are actually a portion of the source code from the Shared Source Initiative and is used by OEMs and partners.

It would appear that this is not a leak of a serious nature, and not one that will cause any significant security concerns.

Further reading: , ,

What do you think to this leak?