Security News > 2021 > March > Microsoft's GitHub under fire after disappearing proof-of-concept exploit for critical Microsoft Exchange vuln
On Wednesday, shortly after security researcher Nguyen Jang posted a proof-of-concept exploit on GitHub that abuses a Microsoft Exchange vulnerability revealed earlier this month, GitHub, which is owned by Microsoft, removed code, to the alarm of security researchers.
The bug, referred to as ProxyLogon, was one of four Microsoft Exchange zero-days that Microsoft patched in an out-of-band release on March 3, 2021.
Jang posted a write-up of his work, in Vietnamese, with a link to the code on GitHub.
While the PoC code remains accessible in code repos hosted elsewhere, such as competitor GitLab, security researchers have been quick to condemn GitHub for its inconsistent standards and Microsoft for supposed self-interested meddling.
In other words, given how many systems are still vulnerable and under active attack out there, can you really fault Microsoft for trying to limit the spread of exploit code that could be used to bring those installations to their knees?
GitHub did not immediately respond to The Register's request for comment but it defended its actions to Vice by stating that Jang's PoC code pertains to a recently disclosed vulnerability that's being actively exploited.
News URL
https://go.theregister.com/feed/www.theregister.com/2021/03/12/github_disappears_exploit/
Related news
- Ivanti warns of critical vTM auth bypass with public exploit (source)
- Microsoft Issues Patches for 90 Flaws, Including 10 Critical Zero-Days (source)
- GitHub Enterprise Server vulnerable to critical auth bypass flaw (source)
- Microsoft Patches Critical Copilot Studio Vulnerability Exposing Sensitive Data (source)
- You probably want to patch this critical GitHub Enterprise Server bug now (source)
- GitHub Patches Critical Security Flaw in Enterprise Server Granting Admin Privileges (source)
- Critical GitHub Enterprise Server auth bypass flaw fixed (CVE-2024-6800) (source)
- Microsoft: Exchange Online mistakenly tags emails as malware (source)
- New QR Code Phishing Campaign Exploits Microsoft Sway to Steal Credentials (source)
- Threat Actors Exploit Microsoft Sway to Host QR Code Phishing Campaigns (source)