Microsoft is Investigating Windows XP Source Code Leak

The source code for Windows XP with Service Pack 1 (SP1) and Windows Server 2003 has allegedly leaked online, alongside snippets of code for other outdated Microsoft platforms like MS-DOS and Windows CE.

“We are investigating the matter,” a Microsoft statement notes of the incident.

Windows Intelligence In Your Inbox

Sign up for our new free newsletter to get three time-saving tips each Friday — and get free copies of Paul Thurrott's Windows 11 and Windows 10 Field Guides (normally $9.99) as a special welcome gift!

"*" indicates required fields

This field is for validation purposes and should be left unchanged.

This isn’t the first time Windows source code has leaked online: Full or partial source code dumps for Windows NT 3.5, Windows 2000, and Windows 10 have leaked at different times in the past, as has the source code for the OS for the original Xbox console and the Xbox Series X graphics system.

Microsoft hasn’t supported Windows XP in over 6 years, and the system is now so out-of-date that it’s unlikely, but not impossible, that hackers could use the code to find vulnerabilities in modern and supported versions of Windows.

And here’s a fun tidbit: The Verge has uncovered an early and unreleased theme for Windows XP, called Candy, that (badly) emulated the Mac OS X “Aqua” look and feel.

Tagged with

Share post

Please check our Community Guidelines before commenting

Conversation 20 comments

  • CompSciGuy31415

    26 September, 2020 - 11:03 am

    <p>Ooooh, Aqua</p>

  • oscar1

    26 September, 2020 - 11:33 am

    <p>They have had a number of source code leaks by now as Paul points out, whats up with that? Cant they control the security around the source code? </p>

    • StevenLayton

      26 September, 2020 - 12:41 pm

      <blockquote><a href="#579603"><em>In reply to oscar1:</em></a><em> three letter NSA, lol</em></blockquote><p><br></p>

    • bkkcanuck

      27 September, 2020 - 12:50 am

      <blockquote><em><a href="#579603">In reply to oscar1:</a></em></blockquote><p>Much easier said than done… source code is rather small overall, can be copied to a flash drive – and carried out. The number of developers that would have access to it is rather large over the history of the project (developers have to have access to really the entire history of a project so that when there is a defect identified they can identify when it was introduced and all that it affects). The security of source code is usually a factor of the morality and integrity of your developers and one bad apple can lead to leaks like this (the fact it does not leak more often — is a miracle). More-so in the age of working from home and COVID.</p>

      • oscar1

        27 September, 2020 - 5:58 am

        <blockquote><em><a href="#579669">In reply to bkkcanuck:</a></em></blockquote><p>Apple has had no source code leak from macOS X/macOS, how do you explain that? They have had a minor iOS leak but not from their desktop system.</p><p>Security has very little to do with &nbsp;"morality and integrity&nbsp;" and very much more with the security measures being taken.</p>

        • bkkcanuck

          27 September, 2020 - 6:54 am

          <blockquote><em><a href="#579696">In reply to oscar1:</a></em></blockquote><p>The underlying OS of macOS (Darwin) is open source… Apple leaked it themselves. </p><p><br></p><p>In fact, any company I have worked for — it would not have been that difficult to walk out with a copy of the source code… if I had wanted to (entire banking systems). Moral or not, the source code would have no value for me… My knowledge in the industry is worth more than the source code… which tends to be compromised by many factors… I have no doubt I would be better off starting out designing a new system from scratch than using existing source code. Even compiled, it would not be that difficult to figure out that the code behind the system was stolen… All factors put together – the source code is really not worth that much other than to the company whose system it is.</p>

        • jim_vernon

          Premium Member
          27 September, 2020 - 3:17 pm

          <blockquote><em><a href="#579696">In reply to oscar1:</a></em></blockquote><p>Why would you ignore the iOS leak? </p>

    • hrlngrv

      Premium Member
      27 September, 2020 - 6:02 pm

      <p><a href="; target="_blank"><em>In reply to oscar1:</em></a></p><p>You'd think that as soon as XP reached EOS, its source code would have been made unavailable to all but the few programmers still maintaining it for ATMs, other dedicated hardware, and the few enterprises willing to pay for further upgrades.</p><p>If the leak came from one of those programmers, it shouldn't take long to investigate.</p><p>However, my money is one carelessness by someone charged with archiving it somewhere safe. Actually, it'd be amusing if it had been recovered from an unemptied recycle bin.</p>

    • markjulmar

      28 September, 2020 - 11:38 am

      <blockquote><em><a href="#579603">In reply to oscar1:</a></em></blockquote><p><br></p><p>As mentioned by others, a lot of developers over the history of the company have access to it and it's easy to copy. In addition, MVPs can get access to it, and I think it's been made available to some educational institutions as well as a learning asset. There's no hacking or company security issue here — it's just a factor of how many people have access to it.</p>

    • topbuzzer

      28 September, 2020 - 12:29 pm

      <blockquote><em><a href="#579603">In reply to oscar1:</a></em></blockquote><p>Yaa but who uses windows xp right now, that's what Microsoft though and loosen the security maybe</p>

  • William Armstrong

    26 September, 2020 - 2:36 pm

    <p>This is the same leak that has been passed around for the last 15+ years. </p>

  • jimchamplin

    Premium Member
    26 September, 2020 - 3:03 pm

    <p>I'm sorry, I have my doubts about this "Candy" theme. It has too many earmarks of amateurish third-party themes from the early XP days. Even the first versions of Watercolor were better off than this. The fact that things like the sidebar icons in the common dialog are unthemed, and the listboxes in the Display Properties window point to this not being authentic. Add to it the icons are in their final, finished post-Beta 2 state (look at that Recycle Bin!) and there's no watermark on the desktop.</p><p><br></p><p>I'm not saying the Verge is <em>lying</em>, but this looks… iffy, especially when we're not shown a Winver box to know what build we're seeing. It's definitely not from 2000. On the other hand, nowhere in the article do they claim that these shots are of the leaked code, just that it's the theme, so I may be way off-base here. :)</p>

  • proftheory

    Premium Member
    26 September, 2020 - 8:44 pm

    <p>I know even the Big Companies get hacked (and not just because they are running Windows) and have data exfiltrated but why is it still accessible?</p><p>I would have expected that stuff to be tape backuped and put offline somewhere.</p><p><br></p>

  • bkkcanuck

    27 September, 2020 - 9:18 pm

    <blockquote><em><a href="#579887">In reply to oscar1:</a></em></blockquote><p>That is no 'small part' it is the heart of the operating system the kernel (and utilities). What you don't have in the public domain is the skin that sits on top — the UI. You have to ask what it is that a company may consider a risk at having the source code for their operating system public. Is someone going to copy the source code and make a new operating system with stolen code? No, You would be sued into the ground faster than a company creating a mac clone with binary code. What could incentivize a leak of source code – well one major item might be looking for security holes for malicious attacks… but there is no incentive here since pretty much all the code that is security related is in the kernel. Source code is important IP to the owning company, as well as their customer base… This leak of Windows XP and 2003 OS code is at most a curiosity – but of little real importance. </p>

  • bkkcanuck

    28 September, 2020 - 2:58 am

    <blockquote><em><a href="#579916">In reply to vegito03:</a></em></blockquote><p>Likely you do…. when you withdraw money or use an ATM.</p>

  • topbuzzer

    28 September, 2020 - 12:28 pm

    <p>Who use Windows xp anyway. It's pretty old now. But do you think windows xp code is that much important as it's pretty old and I don't think by getting windows xp codes anyone anything with the latest version of Windows. </p>

  • dougkinzinger

    28 September, 2020 - 1:51 pm

    <p>I remember when I beta tested Windows Whistler – what became XP – it had different themes too, the one I recall was similar to the Windows 2000 theme with gradients, but had some stylized blue bits near the top right of the application windows, if memory serves. Long time ago.</p>

  • esmcelroy

    Premium Member
    30 September, 2020 - 6:08 pm

    <p>As far as hacking concerns go, I'd be mostly worried about the Windows CE leaks – how many embedded systems haven't been updated in over a decade, especially mission-critical systems?</p>

Windows Intelligence In Your Inbox

Sign up for our new free newsletter to get three time-saving tips each Friday

"*" indicates required fields

This field is for validation purposes and should be left unchanged.

Thurrott © 2023 Thurrott LLC