Microsoft Blames Security Info-Sharing Program for Attack Code Leak

Microsoft provided some sample exploit code to its security partners, and now that code has been seen in the wild.


How to Help Your Business Become an AI Early Adopter

Computerworld: Someone has leaked sample exploit code to hackers, and Microsoft isn't happy about it.

The story begins in March of 2011 when Italian security researcher Luigi Auriemma found a security vulnerability in Windows Remote Desktop Protocol. Auriemma passed the information on to HP TippingPoint's Zero Day Initiative, a bug bounty program. The HP group then created a sample exploit, which they passed on to Microsoft. Microsoft shared the exploit with members of the Microsoft Active Protection Program (MAPP), security vendors who have signed a strict non-disclosure agreement. However, it appears that someone violated that agreement because Auriemma found the exploit code in use on a Chinese website.

According to Microsoft's Yunsun Wee,"Microsoft is actively investigating the disclosure of these details and will take the necessary actions to protect customers and ensure that confidential information we share is protected pursuant to our contracts and program requirements."

Tags: Microsoft, security vulnerability, Remote Desktop Protocol

0 Comments (click to add your comment)
Comment and Contribute


(Maximum characters: 1200). You have characters left.



IT Management Daily
Don't miss an article. Subscribe to our newsletter below.

By submitting your information, you agree that datamation.com may send you Datamation offers via email, phone and text message, as well as email offers about other products and services that Datamation believes may be of interest to you. Datamation will process your information in accordance with the Quinstreet Privacy Policy.