Exploit code published for RDP worm hole; Does Microsoft have a leak?
Summary: The code publication has set off alarm bells in the corridors at Redmond because there are clear signs that Microsoft’s pre-patch vulnerability sharing program has been breached or has suffered a major leak.
Microsoft says it has strict guidelines to ensure the data doesn’t fall into the wrong hands but, in this case, my sources tell me the Chinese hackers had access to MAPP information even before the patch was released.
“I can say with 100% certainty that MAPP information got into the wrong hands,” said a security researcher with access to the MAPP information.
SEE: Microsoft: Expect exploits for critical Windows worm hole ]
This was confirmed by Luigi Auriemma, the security researcher credited by Microsoft with finding and reporting the RDP code execution vulnerability. On Twitter, Auriemma said the a packet stored in the Chinese proof-of-concept was the “EXACT ONE” he provided to TippingPoint ZDI (Zero Day Initiative), the company that bought the rights to the bug information.
I warned that it was a risky move because of the likelihood that information flowing through MAPP could be siphoned off and sold to malicious attackers.
In response to these events, Auriemma has now publicly released his advisory from 16 May 2011, including the PoC codeDirect download. The H's associates at heise Security found that the PoC is indeed able to elicit a blue screen of death on an unpatched Windows 7 system.