This week, Microsoft released a new security update for Windows XP, Windows Vista and Windows 7. The update contained a fix for a flaw that was discovered in Windows' remote desktop protocol that, if used by hackers, could have allowed them to break into a Windows PC to run malicious code.
At the time,
Microsoft urged everyone to update their Windows PCs as soon as possible: http://scforum.info/index.php/topic,7505.0.html , stating, "Developing a working exploit will not be trivial – we would be surprised to see one developed in the next few days. However, we expect to see working exploit code developed within the next 30 days."
Now it looks like that exploit could be created even sooner than Microsoft thought. According to ZDNet.com, Chinese hackers have already released a proof-of-concept code that could allow others to create the exploit for the remote desktop protocol flaw.
Not only does this mean that Windows PC users should get that update installed right now, it also might mean Microsoft could have a security leak. The article states that the company runs a program called Microsoft Active Protections Program, or MAPP. The program is designed to give companies such as anti-virus makers and corporate security groups a heads-up on any exploits Microsoft has discovered 24 hours before a Windows security update is released.
The fact that a hacker group has already created code that could be used to go after the Windows remote desktop protocol flaw may mean that someone, either at Microsoft or at one of the companies in the MAPP group, leaked out that information. So far, Microsoft has yet to comment on if it has found such a leak.
(NW)