On Friday afternoon, The Register published an article reporting a leak of 32TB of Windows builds and source code. This is a significant breach and could cause security concerns for Windows 10 users in the coming months.
All large software systems contain bugs – small mistakes made by the humans who programmed them. Some may only cause minor annoyances, such as text being the wrong color. Others can be dangerous, leaving users’ data exposed. It’s no surprise then that attackers who write malware are always on the lookout for such bugs.
Usually the hardest task for a hacker is finding them. That’s because Windows operating system code is compiled into assembly code designed to be read by processors. As a result, it is a slow, tedious process for humans to read through it all.
It may take hours or days to look over even a few hundred lines of code after they are compiled – and the Windows 10 codebase contains tens of millions of them. Given that volume, it is entirely possible Windows 10 contains vulnerabilities that have not yet been found and patched.
That’s a serious security issue because, unlike assembly code, the source code that was leaked is designed to be read by humans. Now that it’s available, more attackers can study its contents and write malicious programs to exploit it.
That’s the bad news. The good news is that Microsoft will surely be working even harder to find any bugs before the bad guys do. So, it’s a good idea (always, but especially now) to install any software updates immediately. They will contain the patches to any vulnerabilities Microsoft identifies.
In addition, this is a good time to review your company’s overall security posture and make sure you don’t have any gaps. If you’d like more information on how to build layered security, visit our website and download our free whitepaper.