18 stories
today

Windows Remote Desktop flaw exploit code leaked, who is to blame?

Chinese hackers have released a concept code that provides a roadmap to exploit a dangerous Remote Desktop flaw that was just recently patched by Microsoft. On top of that, the code was reportedly leaked from Microsoft’s pre-patch vulnerability sharing program.

Just recently, Microsoft released a critical update that addressed a Remote Desktop flaw that affected all versions of Windows. On top of that, the company anticipated an exploit to be developed by hackers within the next 30 days due to the attractiveness of the threat. So hopefully you patched your systems because now it is being reported that the exploit code has leaked. All fingers are pointing towards Microsoft’s pre-patch vulnerability sharing program as this is one heck of a major leak.

For those that don’t know, the sharing program, called Microsoft Active Protections Program (MAPP), was launched in 2008 and consists of providing vulnerability data and triggers to anti-virus and intrusion prevention/detection companies so that they can work ahead of time to reproduce the vulnerabilities and deliver signatures without false positives.

Now the blame is being placed on Microsoft as it is being reported that the Chinese hackers had access to the MAPP information before the patch was even created. “I can say with 100% certainty that MAPP information got into the wrong hands,” a security researcher with access to the MAPP information stated.

If Microsoft confirms this leak, it would be a big blow towards the company’s efforts in securing its Windows operating system.

Further reading: , ,