Is Microsoft leaking Critical Vulnerabilities to Hackers?

Posted on March 18, 2012 by Demoman

Hacking

You have got to be kidding me – Microsoft leaking attack vectors for its own Windows vulnerabilities to hackers these days? It appears so but it may not be intentional, however the Italian security researcher who discovered a critical vulnerability in the Microsoft Windows’ Remote Desktop Protocol (RDP) said Friday that he believes a barebones proof-of-concept (PoF) attack for the exploit that recently turned up on a Chinese website originated with the software giant or one of its security partners.

Microsoft earlier this week issued a patch for a critical flaw in RDP that could be used to crash computers running all versions of Windows, going so far as to add the warning to users that the company “strongly encourage[s] you to make a special priority of applying this particular update.”

Just a few days after the Patch Tuesday update, security researchers began reporting that a legitimate working exploit had been made available online which is capable of crashing unpatched computers running Windows 7 or causing a Distributed Denial-of-Service (DDoS) condition on Windows XP machines.

All in a day’s work for the tight-knit cybersecurity community, but the researcher who originally notified Microsoft of the GDP vulnerability thinks the exploit smells pretty fishy.

Luigi Auriemma, who discovered the vulnerability in May 2011 and reported it to Microsoft through ZDI/TippingPoint last August, spelled out his concerns in an Internet posting:

“Between 15 and 16 Mar someone released a precompiled console executable called “rdpclient.exe” somewhere on a chinese website (is http://115.com/file/be27pff7 the first location?). The program is a basic and poorly written proof-of-concept of the vulnerability and uses pre-built packets.

“After checking the packet dumped from the executable (the first python PoC) I noticed that the pre-built packet was the same one I sent to ZDI for quickly testing the vulnerability. It was very late here in Italy (05:00) so at the moment I thought that these “chinese hackers” were really very similar to me :)

Similar enough to actually be him, the researcher decided.

Further study of rdpclient.exe convinced Auriemma that it contained the pre-built packet he himself had constructed and sent along to Microsoft. That led him to speculate that the full executable PoC that turned up on the Chinese website was actually compiled by Microsoft itself, passed along to antivirus developer partners in the Microsoft Active Protections Program (MAPP) to devise a fix, and somewhere along the way got leaked out by Microsoft or one of its partners.

Microsoft isn’t saying if any of this actually happened yet, but did give PCMag the following statement from Yunsun Wee, director of Trustworthy Computing:

“Microsoft is actively investigating the disclosure of shared MAPP vulnerability details and will take the necessary actions to protect customers. Given that a proof-of-concept is publically available, we recommend customers apply the security update (MS12-020) as soon as possible to be protected.”

We’ll say it again—patch that Windows box now!

Source: PCMag.com

About Demoman

Over 20 years in the IT Industry it's time I gave back as well as tried a hand and sharing some of the things I see and know on a daily basis. I've worked for Dell, HP and Apple Computers. As well as a Computerized Testing firm were I served at their IT Manager. Each have taught me alot about technology, over the years I've also been involved with Beta Testing products like the Roomba, and software for Dungeon's and Dragons Online, as well Star Trek Online both I was involved with the Beta Test. If your interested in knowing more. Drop me a line I'd be happy to talk shop with ya.
This entry was posted in Hackers, Internet, Microsoft, OS and tagged , , , . Bookmark the permalink.

Leave a Reply