-
March 18th, 2012, 20:59 PM
#1
Head Honcho
Administrator
Microsoft blames security info-sharing program for attack code leak
Microsoft on Friday confirmed that sample attack code created by the company had likely leaked to hackers from a program it runs with antivirus vendors.
"Details of the proof-of-concept code appear to match the vulnerability information shared with Microsoft Active Protection Program (MAPP) partners," Yunsun Wee, a director with Microsoft's Trustworthy Computing group, said in a statement posted on the company's site.
"Microsoft is actively investigating the disclosure of these details and will take the necessary actions to protect customers and ensure that confidential information we share is protected pursuant to our contracts and program requirements," Wee added.
Under MAPP, Microsoft provides select antivirus companies with technical information about bugs before Microsoft patches the flaws. MAPP is meant to give third-party security vendors advance warning so that they can craft detection signatures.
Among the things Microsoft shares with MAPP members, according to a program FAQ, are "proof-of-concept or repro tools that further illuminate the issue and help with additional protection enhancement."
Full story: Computerworld
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
Bookmarks