Security News > 2021 > March > Microsoft's GitHub under fire after disappearing proof-of-concept exploit for critical Microsoft Exchange vuln

Microsoft's GitHub under fire after disappearing proof-of-concept exploit for critical Microsoft Exchange vuln
2021-03-12 00:32

On Wednesday, shortly after security researcher Nguyen Jang posted a proof-of-concept exploit on GitHub that abuses a Microsoft Exchange vulnerability revealed earlier this month, GitHub, which is owned by Microsoft, removed code, to the alarm of security researchers.

The bug, referred to as ProxyLogon, was one of four Microsoft Exchange zero-days that Microsoft patched in an out-of-band release on March 3, 2021.

Jang posted a write-up of his work, in Vietnamese, with a link to the code on GitHub.

While the PoC code remains accessible in code repos hosted elsewhere, such as competitor GitLab, security researchers have been quick to condemn GitHub for its inconsistent standards and Microsoft for supposed self-interested meddling.

In other words, given how many systems are still vulnerable and under active attack out there, can you really fault Microsoft for trying to limit the spread of exploit code that could be used to bring those installations to their knees?

GitHub did not immediately respond to The Register's request for comment but it defended its actions to Vice by stating that Jang's PoC code pertains to a recently disclosed vulnerability that's being actively exploited.


News URL

https://go.theregister.com/feed/www.theregister.com/2021/03/12/github_disappears_exploit/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Microsoft 365 50 1369 2819 161 4399
Github 12 2 45 29 19 95