Microsoft is dealing with a significant Windows 10 security headache this weekend, as the company has confirmed that a portion of the operating system’s source code was in fact posted online. Shared on the online repository site BetaArchive earlier this week, Microsoft has said that the code is genuine and comes from the Shared Source Kit, which is shared with the company’s trusted partners.
Originally reported by The Register a few days earlier, the leak was first believed to include roughly 32TB of files, and contain unreleased Windows builds. However, both BetaArchive and Microsoft have confirmed to The Verge that the data was much smaller, “just 1.2GB in size,” and has already been removed from the repository’s servers.
The source code that as posted contained information on Windows 10’s USB, storage, and WiFi drivers, along with ARM-specific OneCore kernel code. The leak also contained private debugging symbols, which give programmers information on what functions and data are being used by certain code, and are removed from versions of the OS used by the public.
While it’s fortunate that the leak wasn’t as large as originally thought, it’s still a significant security issue for Microsoft. BetaArchive removed the code from its site voluntarily, without pressure from Microsoft; but it’s unknown how many people downloaded it before then, meaning it still could be being passed around, and there’s concern the data could be used to create Windows 10 exploits.