TweakTown
Tech content trusted by users in North America and around the world
5,671 Reviews & Articles | 36,049 News Posts

Microsoft may have leaked code capable of attacking critical Windows bug

Microsoft could be responsible for leaking code capable of exploiting a Windows bug.

| Hacking & Security News | Posted: Mar 16, 2012 11:29 pm

No, I'm not trying to use scare tactics. No, I don't want you to rip out your link to the internet. I just want you to beware: Microsoft may have had a hand in leaking executable code that was used in a proof-of-concept (PoC). The data packet that was used was the same that Luigi Auriemma, an Italian security researcher, discovered and reported way back in May of 2011. Last Tuesday, Microsoft updated all flavors of Windows to patch the critical RDP vulnerability. Both Microsoft, and I, strongly recommend that you update and patch all of your machines running Windows.

 

TweakTown image news/2/3/23040_20_microsoft_may_have_leaked_code_capable_of_attacking_critical_windows_bug.jpg

 

Auriemma has stated:

 

In short it seems written by Microsoft for [its] internal tests and was leaked probably during its distribution to their 'partners' for the creation of antivirus signatures and so on. The other possible scenario is [that] a Microsoft employee was [the] direct or indirect source of the leak. [A] hacker intrusion looks the less probable scenario at the moment.

 

Other researchers have said that the RDP proof-of-concept was unreliable, and only crashed Windows. The existing code, however, would be a good starting point for a successful exploit, they noted. "Microsoft has spread the potential starting point for an unauthenticated kernel-level worm,"Auriemma charged. "Weren't they here to protect the users?" The Microsoft patch MS12-020 is available via Windows Update and Windows Server Update. It is highly recommended to install the patch as soon as possible, because Gun.io, which bills itself as a place to "Hire the best hackers," is offering a reward to the first working exploit of the bug.

NEWS SOURCE
Computerworld.com

Related Tags

Further Reading: Read and find more Hacking & Security news at our Hacking & Security news index page.

Do you get our news RSS feed? Get It!

Post a Comment about this news

Latest Tech News Posts

View More News Posts

Latest Downloads

View More Latest Downloads

TweakTown Web Poll

Question: Did EA kill the Battlefield franchise with the terrible BF4 issues?

Yes, Battlefield is doomed

No, Battlefield will live on strong

I'm not sure, but I know EA needs to improve its game

or View the Results

View More Polls

Forum Activity

View More Forum Posts

Press Releases

View More Press Releases
Get TweakTown updates via Facebook!
Just click the "Like" button below