The big leak: Microsoft's epic security fail

It appears the source of a recent zero-day exploit was Microsoft's program to prevent zero-day exploits. Why is Cringely not surprised?

1 2 Page 2
Page 2 of 2

The effect of the RDP vulnerability, if you're unlucky enough to encounter it: the blue screen of death. In other words, no perceptible difference from Windows' normal operation. And Microsoft has already released a patch. No harm, no foul, right?

Not exactly. Unless this leak is found and patched immediately, the system created to combat zero-day exploits could soon become the leading source for zero-day exploits. The RDP attack can't be the only bad code these guys were playing with, and the next worm-ready malware may not be so benign or so obvious.

Even if this leaks begins and ends with the RDP exploit, this system has been compromised and can no longer be trusted. Without an early-warning system for these kinds of exploits, we all just got a whole lot less secure. As Luigi wrote on his personal site:

[I]f the author of the leak is one of the MAPP partners... it's the epic fail of the whole system, what do you expect if you give the [proof of concept] to your "super trusted" partners?

Epic fail. Another two words that go together -- like "Microsoft" and "insecurity."

Is this leak as serious as it sounds? Did I leave any metaphor unturned? Post your thoughts below or email me:

This article, "The big leak: Microsoft's epic security fail," was originally published at Follow the crazy twists and turns of the tech industry with Robert X. Cringely's Notes from the Field blog, and subscribe to Cringely's Notes from the Underground newsletter.

Copyright © 2012 IDG Communications, Inc.

1 2 Page 2
Page 2 of 2
How to choose a low-code development platform