We’ve asked Microsoft for comment, although it already said it was “investigating the matter.” The Verge claimed the code was legitimate, with Ronin Dey and others also supporting those beliefs (via Windows Central).
One version of the code leak also includes code for MS DOS, Windows CE, Windows Embedded and Windows NT, although those aren’t believed to be new leaks. Experts talking to ZDNet believed the new leaks came from academia, which has long had access to Windows source code to help bolster its security.
This won’t necessarily lead to security issues on par with the WannaCry ransomware attack. While WannaCry exploited Windows XP flaws, the campaign succeeded in part due to poor security policies. No amount of source code will change that, especially if it doesn’t include later XP releases. Microsoft also ended regular support for Windows XP in 2014, limiting any help to organizations with special contracts. Windows XP has been vulnerable for years, and this isn’t likely to make the situation worse.
The Windows XP SP1 source code leak looks pretty legit
Thanks to @RoninDey for confirming https://t.co/A2Ap1fKX5x
— Greg Linares (@Laughing_Mantis) September 24, 2020