Microsoft patch process was once again beaten up as the exploit code for the vulnerability lying in the RDP (remote desktop) was leaked as confirmed by a source on twitter. According to a bulletin (CVE-2012-0002) released by Microsoft, a remote code execution vulnerability existed in the way that the Remote Desktop Protocol accesses an object in memory that has been improperly initialized or has been deleted. An attacker who successfully exploited this vulnerability could run arbitrary code on the target system. An attacker could then install programs; view,change, or delete data, or create new accounts with full user rights. Chinese hackers have released proof-of-concept code that provides an overview to exploit a dangerous RDP vulnerability that was patched by Microsoft earlier this week. The publication of the code on a Chinese language forum depicts the urgency to apply Microsoft’s MS12-020 update, which addresses a remote, pre-authentication, network-accessible code execution vulnerability in Microsoft’s implementation of the RDP protocol.
This breach has set alarming bells as there are clear signs that Microsoft’s pre-patch vulnerability sharing program has been breached or has suffered a major leak. The program, called MAPP ( Microsoft Active Protections Program), provides vulnerability data and triggers to anti-virus, intrusion prevention/detection and corporate network security vendors about 24 hours before the patch is released. The program provides detection guidance ahead of time to help security vendors reproduce the vulnerabilities and ship signatures and detection capabilities without false positives.
Mr Luigi Auriemma, the security researcher credited by Microsoft on finding and reporting the RDP code execution vulnerability had made a tweet that a release in the Chinese proof-of-concept was the “EXACT ONE” he provided to TippingPoint ZDI (Zero Day Initiative), the company that bought the rights to the bug information. Mr Auriemma suggest there was a clear leak somewhere along the line, publicly pointing fingers at Microsoft and ZDI.