Chinese firm leaked RDP exploit code

Powered by SC Magazine
 

Microsoft boots security firm from partner program.

Microsoft has blamed a Chinese security firm for leaking Remote Desktop Protocol (RDP) exploit code that was patched in March.

Hangzhou DPTech Technologies Co, a specialist in firewalls and intrusion prevention systems, breached its non-disclosure contract with the Microsoft Active Protections Program (MAPP) by releasing the code.

It was booted from Microsoft's vulnerability-sharing program last week.

Under MAPP, Microsoft shares vulnerability details with approved software security providers prior to its monthly fixes being released to allow security firms to immediately protect their customers once the patches are delivered.

Specifically MAPP provides its partners with a comprehensive explanation of the vulnerability, a blueprint to trigger the flaw, information on how to detect the bug and a proof-of-concept file.

The vulnerability in question, a "wormable" weakness in the Windows RDP, was discovered in May 2011 by researcher Luigi Auriemma, who reported his find to TippingPoint's Zero Day Initiative (ZDI) bug bounty service.

It was handed in August to Microsoft to develop a fix.

In March, Microsoft released a patch that came with a warning that the software giant expected to see a code-execution exploit released within 30 days.

It took about two days for a proof-of concept (PoC) to appear on a Chinese hacker site. No known remote exploit has been released.

Upon investigation, Auriemma discovered many similarities between the published PoC and the one that he sent ZDI so the service could test the vulnerability.

As further proof, the posted code appeared modelled after the PoC that Microsoft developed in November for internal tests, and which, he concluded, was likely distributed to partners as part of the MAPP.

"[The PoC published on the Chinese site] contains some debugging strings like 'MSRC11678' which is a clear reference to the Microsoft Security Response Center," Auriemma said.

Based on the evidence, Auriemma determined that those responsible for creating the publicly available PoC were the beneficiaries of a leak.

Microsoft said it would tighten the security controls around MAPP, though it would not elaborate on its plans.

MAPP team manager Maarten Van Horenbeeck said Microsoft took careful steps to ensure incidents like this rarely occurred.

"We recognise that there is the potential for vulnerability information to be misused," he said.

"In order to limit this as much as possible, we have strong non-disclosure agreements (NDA) with our partners. Microsoft takes breaches of its NDAs very seriously. In addition, we make sure to only release data shortly in advance of the security update.

"Today, we send MAPP data to our partners just as far in advance as they need to get that work done."

A Microsoft spokeswoman could not immediately be reached for comment. An email sent to DPTech for comment was not immediately returned.

This article originally appeared at scmagazineus.com

Copyright © SC Magazine, US edition


Chinese firm leaked RDP exploit code
 
 
 
Top Stories
Government exploit vendor hacked, client data exposed
Update: Australian agencies potentially compromised.
 
Australia's digital crescendo
Barely unpacked from his move from Amsterdam, Southern Cross Austereo's new digital boss Vijay Solanki is looking for Australia's untapped potential.
 
Turnbull nabs UK govt digital guru as DTO chief
Inaugural CEO to lead change agenda.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest articles on BIT Latest Articles from BIT
Windows 10 drops 29 July... but only for some
Jul 6, 2015
If you've reserved your copy of Windows 10 and are keenly awaiting its 29 July release, don't ...
Xerocon is heading to Melbourne!
Jul 1, 2015
We're not saying Xero is our FAVOURITE or anything, but Xero's 2015 Xerocon conference is being ...
New Microsoft Office apps for Android phones
Jun 26, 2015
Microsoft's latest Office apps for Android now work on phones as well as tablets, further ...
Windows 10 UK price revealed, but don't believe everything you hear
Jun 26, 2015
Windows 10 £99 price tag for users in the UK (who presumably don't already have Win 7 Pro ...
Now Xero notifies iOS users of new transactions
Jun 24, 2015
The latest version of Xero's iPhone app includes notifications when new transactions arrive from ...
Latest Comments
Polls
Is site blocking effective in stopping piracy?


   |   View results
Yes
  2%
 
No
  86%
 
Somewhat
  12%
TOTAL VOTES: 846

Vote