Hackers have their hands on code that Microsoft created the show off an attack. Apparently, Microsoft shared the proof of concept code with members of its Microsoft Active Protection Program. The proof of concept code was shared with various antivirus vendors to allow them to protect end-users from similar attacks.
Microsoft found out the proof of concept code was in hacker hands this past Friday when an Italian security researcher named Luigi Auriemma discovered the code on a Chinese website. He found it was identical to what he had provided HP during one of its bug bounty programs. The code he provided was used by HP's TippingPoint Zero Day Initiative (ZDI) to create a working exploit for the bug program verification work.
Once the exploit was proven to work, it was passed on to Microsoft along with the code that Auriemma had created. ZDI denies it was the source of the leak, but investigation is underway. I'm sure the point where the code was leaked will be discovered. How ironic would it be if one of Microsoft's partner antivirus companies were discovered to be the leak source?
"Details of the proof-of-concept code appear to match the vulnerability information shared with Microsoft Active Protection Program (MAPP) partners," Yunsun Wee, a director with Microsoft's Trustworthy Computing group, said in a statement.
"Microsoft is actively investigating the disclosure of these details and will take the necessary actions to protect customers and ensure that confidential information we share is protected pursuant to our contracts and program requirements," Wee added.