Microsoft on Friday confirmed that sample attack code created by the company had likely leaked to hackers from a program it runs with antivirus vendors. Code that was submitted to Microsoft last year to demonstrate a serious exploit in Windows has somehow made it into the wild, either through Redmond itself or one of its security partners. The exploit targets a vulnerability in Windows' remote desktop protocol, giving an attacker full control over a system and the ability to easily spread to other machines with remote desktop enabled.
Security researchers raised alarms when a working exploit for the flaw was spotted in China shortly after the release, leading many to believe that malware writers were able to breach the Microsoft Active Protections Program security platform.
Learn Insider Threat Detection with Application Response Strategies
Discover how application detection, response, and automated behavior modeling can revolutionize your defense against insider threats.Join Now
"The details of the proof-of-concept code appear to match the vulnerability information shared with Microsoft Active Protections Program partners," said Yunsun Wee, Microsoft's director of its Trustworthy Computing effort.
The patches for the new hole were distributed on Tuesday, as part of Microsoft's regular monthly cycle for security fixes. The hole is a very serious one, because full exploitation would allow an attacker to control machines running Windows XP and later Windows versions that have Remote Desktop Protocol enabled, as long as the network doesn't demand authentication.
Microsoft launched MAPP in 2008. The program has 79 security firm partners, including AVG, Cisco, Kaspersky, McAfee, Trend Micro, and Symantec, as well as several Chinese antivirus companies. A full list of MAPP members can be found on this Microsoft Web page .