[ISN] Suspicions aroused as exploit for critical Windows bug is leaked

From: InfoSec News <alerts_at_private>
Date: Mon, 19 Mar 2012 01:32:58 -0500 (CDT)
http://arstechnica.com/business/news/2012/03/suspicions-arroused-as-exploit-for-critical-windows-bug-is-leaked.ars

By Dan Goodin
Ars Technica
March 16, 2012

Attack code privately submitted to Microsoft to demonstrate the severity 
of a critical Windows vulnerability is circulating on the 'Net, 
prompting the researcher who discovered it to say it was leaked by the 
software maker or one of its trusted partners.

The precompiled executable surfaced on Chinese-language web links such 
as this one on Thursday, two days after Microsoft released a patch for 
the hole, which affects all supported versions of the Windows operating 
system. The company warned users to install the fix as soon as possible 
because the vulnerability allows attackers to hit high-value targets 
with self-replicating exploits that remotely install malicious software. 
Microsoft security personnel have predicted exploit code will be 
independently developed in the next month.

Luigi Auriemma, the Italian security researcher who discovered the 
vulnerability and submitted proof-of-concept code to Microsoft and one 
of its partners in November, wrote in an email that he's "100% sure" the 
rdpclient.exe binary was taken from the exploit he wrote. In a later 
blog post, he said evidence his code was copied included an internal 
tracking number the Microsoft Security Response Center assigned to the 
vulnerability. He also cited other striking similarities in the packet 
that triggers the vulnerability.

"So yes, the pre-built packet stored in 'rdpclient.exe' IS mine," he 
wrote. "No doubts."

[...]


______________________________________________________________________________
CISSP and CEH training with Expanding Security is the fastest, easiest way
to grock the relevant data you need now.   A free class invite is in every
PainPill.  Sign up for the free weekly PainPill .  It's that easy.
http://www.expandingsecurity.com/PainPill
Received on Sun Mar 18 2012 - 23:32:58 PDT

This archive was generated by hypermail 2.2.0 : Sun Mar 18 2012 - 23:36:58 PDT