By now you’ve probably seen dozens of Articles touting the alleged leak of the Windows XP Source code!
The Windows XP source code was allegedly leaked online
Looks Like the Windows XP Source Code Just Leaked on 4chan
And so many others, I mean an easy “Windows xp leak” will give you lots of things to read… But I’m focused a little more on what this will mean and how this is likely to plague us for…, Well, it perfectly sums up 2020 after all!
Tech Radar recently published this article, If you can believe it, millions of people are still using Windows XP in which they cite 1.26% of the worlds computers currently run Windows XP still. STILL. Fortunately that’s only like 25 million computers, so it’s a drop in the bucket!
Why this matters and perfectly sums up 2020!
With only 25 Million or so computers likely impacted by this, what is this going to mean for the rest of us? Well, for the purpose of this article… We are going to assume this is true. There’s been talk of Windows XP source being traded around private communities for some time, but let’s pretend for a moment that the greater masses of hackers will suddenly have access to this. We may see an increase in Ransomware/Malware, Viral payloads, and best of all, potential Denial of Service bots to join into everyones favorite new botnet! Some of the hopes surrounding this is that Key Medical systems, Banking systems, Military systems and utility systems are NO LONGER RUNNING ON WINDOWS XP.
This is important because if any of these systems ARE still running on this platform… Well, let’s just call it ‘2020’ …
It matters very much that you keep your systems current, patched, preferably on a Supported Operating system (Remember, Windows 7 and Windows Server 2008/R2 JUST came off of support in January 14 of this year! Microsoft End of Support for Windows 7, 2008(R2), NSA Vulnerabilities and you! )
It’s important to take a moment and try to identify whether you somehow have some kind of Windows XP or Windows XP Embedded system in your infrastructure and in your environment. It was essential 5 years ago to have gotten off the platform, and now that priority goes up 1-million-fold. Most of you are going to be perfectly fine, but some of you… Try to identify, discover and remediate, it’s all that can be asked.
Are you worried about anything else?
Yes actually now that you mention it. There are a few things that worry me about this. It’s the model of code inference, and code re-use. I know, every time we do something, write an application, write a new module or library, or perhaps write an operating system, we always do it completely from scratch without even one scratch piece of code that’s ever been seen before. Right? No? That’s what I thought.
While I certainly am not SAYING that there is any re-usable code, I know a savvy developer-hacker can glean insight into potential problems that could apply to future code bases (ala, Windows 7, Windows 8, and even Windows 10). It’s not always the ‘latest and greatest’ hacks that you have to worry about, and being a closed ecosystem vs an open ecosystem doesn’t promise you any protections, allow this exhibit.
Shell Shock – Linux Bash Vulnerability
Unlike Windows XP, Linux is a completely open platform where anyone can look at the source code. So on 24 September 2014 when this critical vulnerability was disclosed, you might think, well, the source code has always been open, so someone must have introduced this vulnerability into the codebase! But instead you would find this gem…
Analysis of the source code history of Bash shows the bug was introduced on 5 August 1989, and released in Bash version 1.03 on 1 September 1989.
An absolutely devastating and critical vulnerability sat “dormant” in a publicly accessible piece of source code for over 25 years before being discovered, and thus disclosed.
So am I worried? Yea. I’m worried for the Windows XP users, but I’m equally worried for the users of ALL of the other adjacent platforms and newer versions of Windows. So good luck out there, patch patch patch, update update update and be careful!