Anyone still using Windows XP has been given an additional reason to finally upgrade to a supported Windows operating system. The source code for Windows XP SP1 and other Windows versions has been leaked online.
It has been almost 20 years since Microsoft released Windows XP. Microsoft provided support for the popular operating system for 12 years, with extended support coming to an end on April 8, 2014. After that date patches and security updates were no longer released. Microsoft has issued the occasional fix since then to correct serious vulnerabilities – such as the one exploited by WannaCry ransomware – but these have been rare. Only three updates have been released to correct flaws since support ended in 2014.
On September 25, 2020, the source code for Windows XP SP1 was released on 4Chan and the Mega file sharing site, amongst others. The source code is human readable code that explains how Windows XP runs programs, which can be used to learn about the operating system and find vulnerabilities that can be exploited.
Having the source code makes it much easier for vulnerabilities to be identified. If a vulnerability is found and an exploit is developed, it could potentially be used to remotely hack into Windows XP systems.
Windows XP was a popular operating system and many individuals have chosen to continue using the operating system despite the security risks. According to figures from Statcounter and Netmarketshare, in December 2019 the operating system still had a market share of between 1.16% and 1.29%.
Some businesses continue to use Windows XP as they have developed legacy software specifically for that operating system that does not work on later Windows versions. To mitigate risk, they keep those systems isolated from the Internet. That said, there are still many Windows XP devices that are exposed to the Internet that are vulnerable to attack.
The 4Chan post includes a torrent for 43GB of source code, which the poster alleges to have been compiling for the last two months. In addition to Windows XP, the torrent includes source code for Windows Server 2003, Windows CE 3, 4 and 5, Windows Embedded 7, Windows Embedded CE, Windows NT 3.5/4, Windows 2000, and MS DOS 3.30 and 6.0.
The poster claims that the leaked source code has been privately shared between hackers for several years, but the source code has not, until now, been publicly released. Microsoft is currently investigating the leak.
In addition to increasing the risk for Windows XP users, if any of the source code for Windows XP is included in later operating systems, they too could be vulnerable.