Barney's Blog

Blog archive

Possible Microsoft Partner Leak of RDP Exploit Code

Microsoft released a fix for Windows last week that took care of a Remote Desktop Protocol issue.

Two days later a proof-of-concept (POC) code hits online that could allow hackers to exploit this flaw for those who didn't yet apply the patch.  While hackers coming together quickly to release an attack vector doesn't seem out of the ordinary, what was hidden in the POC was: data from an executable code created by Microsoft and sent to its partners for antivirus update purposes.

Sounds like someone forwarded a Microsoft e-mail that they shouldn't have. That's what the original security researcher that discovered the flaw thinks. And so does Microsoft, who is following the clues to the source.

""Microsoft is actively investigating the disclosure of these details and will take the necessary actions to protect customers and ensure that confidential information we share is protected pursuant to our contracts and program requirements," said the company in a blog post.

The problem is that with the multiple partners and security software vendors who have had their hands on Microsoft's executable code, I honestly think that finding the source of the leak will be harder than completely curing Windows of all future remote code execution flaws.

I do have a feeling that security software company Symantec is crossing its fingers that the info didn't come from someone on its side. That company has already had its fill of bad PR concerning leaked code this year.  And it's only March. 
--By Chris Paoli

Posted by Chris Paoli on 03/21/2012 at 1:19 PM


Featured

  • Industrial Control System Honeypot Illustrates Bad Security Practices

    Security solutions provider Trend Micro has published results (PDF) from running an industrial control system (ICS) "honeypot."

  • Ransomware: What It Means for Your Database Servers

    Ransomware affects databases in very specific ways. Joey describes the mechanics of a SQL Server ransomware attack, what DBAs can do to protect their systems, and what security measures they should be advocating for.

  • Windows Admin Center vs. Hyper-V Manager: What's Better for Managing VMs?

    Microsoft's preferred interface for Windows Server is Windows Admin Center, but can it really replace Hyper-V Manager for managing virtual machines? Brien compares the two management tools.

  • Microsoft Offers More Help on Windows Server 2008 Upgrades

    Microsoft this week published additional help resources for organizations stuck on Windows Server 2008, which fell out of support on Jan. 14.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.