DV Hardware - bringing you the hottest news about processors, graphics cards, Intel, AMD, NVIDIA, hardware and technology!

   Home | News submit | News Archives | Reviews | Articles | Howto's | Advertise
 
DarkVision Hardware - Daily tech news
November 18, 2018 
Main Menu
Home
Info
News archives
Articles
Howto
Reviews
 

Who's Online
There are currently 256 people online.

 

Latest Reviews
Arctic BioniX F120 and F140 fans
Jaybird Freedom 2 wireless sport headphones
Ewin Racing Champion gaming chair
Zowie P-TF Rough mousepad
Zowie FK mouse
BitFenix Ronin case
Ozone Rage ST headset
Lamptron FC-10 SE fan controller
 

Follow us
RSS
 

Exploit for Microsoft Windows RDP vulnerability leaks

Posted on Tuesday, March 20 2012 @ 16:11:03 CET by


Last Tuesday Microsoft issued a critical security update for a Remote Desktop Protocol (RDP) flaw in Windows that allows hackers to execute code on systems under the "system" privilege level. The software giant estimated it would take about 30 days until hackers would discover how to exploit the bug, but Bit Tech writes today that someone has leaked working proof-of-concept code, meaning attackers now have everything they need to exploit the vulnerability.
The code doesn't appear to have been developed independently, either. Security researcher Luigi Auriemma, who spotted the flaw and provided a proof-of-concept to Microsoft via TippingPoint's Zero Day Initiative (ZDI) cash-for-bugs security programme, claims that the public proof-of-concept code contains the exact same packet he crafted in his submission to Microsoft. The implication: somebody at Microsoft or TippingPoint leaked the information to the bad guys.

Microsoft, naturally, denies doing any such thing. Instead, the company claims that the leak may have come from one of its Microsoft Active Protections Programme (MAPP) partners, of which ZDI is a member. 'The details of the proof-of-concept code appear to match the vulnerability information shared with Microsoft Active Protections Programme partners,' the company's director of trustworthy computing Yunsun Wee admits. 'Consistent with the charter of the MAPP program, we released details related to the vulnerabilities addressed in MS12-020 to MAPP partners under a strict Non-Disclosure Agreement in advance of releasing the security bulletin.'

'Microsoft is actively investigating the disclosure of these details and will take the necessary actions to protect customers and ensure that confidential information we share is protected pursuant to our contracts and programme requirements,' Wee adds.




 



 

DV Hardware - Privacy statement
All logos and trademarks are property of their respective owner.
The comments are property of their posters, all the rest © 2002-2018 DM Media Group bvba