Jump to content
Posted 13 March 2012 - 04:38 PM
Posted 16 March 2012 - 02:07 PM
SophosLabs has seen proof-of-concept code on Chinese websites which tries to exploit the recently announced Microsoft RDP vulnerability, causing computers to crash.
The code we've seen - in the form of Python scripts - attempts to exploit the MS12-020 RDP vulnerability and causes Windows computers to blue screen. It wouldn't be a surprise if whoever is writing this code to further develop the attacks to produce a fast-spreading internet worm.
"If I had some duct tape, I could fix that." - MacGyver
Posted 17 March 2012 - 12:34 AM
Microsoft's process for sharing information about security vulnerabilities in its products came under fire Friday after a roadmap for exploiting a severe, recently discovered flaw appeared on a hacking website in China.
The guideline, known as "proof-of-concept" code, most likely leaked from one of the more than 70 security companies that get advance warnings from the company about major new holes, according to the researcher who found the flaw.
The researcher who discovered the flaw in May last year, Italian Luigi Auriemma, first submitted his findings and the proof-of-concept to a security group led by Hewlett-Packard's TippingPoint. That group tested and vetted the research and passed it on to Microsoft in August so that the company could develop a patch.
Auriemma had been checking to see who would reverse-engineer the patch first, and was startled to find that the first code to circulate was his own.
0 members, 0 guests, 0 anonymous users