Possible Microsoft Partner Leak of RDP Exploit Code
Microsoft released a fix for Windows last week that took care of a Remote Desktop Protocol issue.
Two days later a proof-of-concept (POC) code hits online that could allow hackers to exploit this flaw for those who didn't yet apply the patch. While hackers coming together quickly to release an attack vector doesn't seem out of the ordinary, what was hidden in the POC was: data from an executable code created by Microsoft and sent to its partners for antivirus update purposes.
Sounds like someone forwarded a Microsoft e-mail that they shouldn't have. That's what the original security researcher that discovered the flaw thinks. And so does Microsoft, who is following the clues to the source.
""Microsoft is actively investigating the disclosure of these details and will take the necessary actions to protect customers and ensure that confidential information we share is protected pursuant to our contracts and program requirements," said the company in a blog post.
The problem is that with the multiple partners and security software vendors who have had their hands on Microsoft's executable code, I honestly think that finding the source of the leak will be harder than completely curing Windows of all future remote code execution flaws.
I do have a feeling that security software company Symantec is crossing its fingers that the info didn't come from someone on its side. That company has already had its fill of bad PR concerning leaked code this year. And it's only March.
--By Chris Paoli
Posted by Chris Paoli on 03/21/2012 at 1:19 PM