Windows 10 leak lets attackers study OS for vulnerabilities

Last week some of Windows 10 source code pertaining to storage, Wi-Fi and hardware drivers, USB stacks and ARM-specific OneCore kernel code was posted to the site BetaArchive. Initial media reports placed the leak at a jaw-dropping 32TB of data and included unreleased Windows builds.

But later stories said that 1.2GB of that leaked data was source code that came from Microsoft’s Shared Source Kit, which is distributed to Microsoft customers, partners and enterprise for debugging and reference purposes under the Shared Source Initiative. In other words, the leaked code was already available so new Windows information wasn’t revealed. Cybereason’s Intelligence Group found that mostly IO drivers were leaked in addition to files for Windows Boot Manager and EFI. Except for the Windows Plug and Play Manager, no other core kernel functionality was leaked.

What does the leak mean for individuals and organizations?

According to Cybereason Intelligence Group, this leak allows anyone to search the exposed code for Windows 10 vulnerabilities and build advanced attack vectors that leverage them. While BetaArchive voluntarily removed the source code it’s been mirrored on sites like Mega.nz. And it’s unsure how many people downloaded the code from BetaArchive before it was removed. Accessing BetaArchive’s servers requires people to share at least 10 posts containing beta software or the source code of abandonware so not anyone could download the source code. Still, the possibility that some people downloaded the code for nefarious purposes can’t be dismissed. And those that have access to the code can further spread it. 

Meanwhile, the information security community will try to develop solutions as fast as possible and attempt to stay ahead of the bad guys. This task is always daunting given the sophisticated adversaries that organizations are already facing and the asymmetrical advantage they have. 

We recommend organizations and individuals update and patch their OSes on a regular basis to minimize the chances of getting exploited with the hope that the discovered vulnerabilities would soon get fixed.

Fred O'Connor
About the Author

Fred O'Connor

Fred is a Senior Content Writer at Cybereason who writes a variety of content including blogs, case studies, ebooks and white papers to help position Cybereason as the market leader in endpoint security products.