Security News > 2021 > March > Microsoft's GitHub under fire after disappearing proof-of-concept exploit for critical Microsoft Exchange vuln
On Wednesday, shortly after security researcher Nguyen Jang posted a proof-of-concept exploit on GitHub that abuses a Microsoft Exchange vulnerability revealed earlier this month, GitHub, which is owned by Microsoft, removed code, to the alarm of security researchers.
The bug, referred to as ProxyLogon, was one of four Microsoft Exchange zero-days that Microsoft patched in an out-of-band release on March 3, 2021.
Jang posted a write-up of his work, in Vietnamese, with a link to the code on GitHub.
While the PoC code remains accessible in code repos hosted elsewhere, such as competitor GitLab, security researchers have been quick to condemn GitHub for its inconsistent standards and Microsoft for supposed self-interested meddling.
In other words, given how many systems are still vulnerable and under active attack out there, can you really fault Microsoft for trying to limit the spread of exploit code that could be used to bring those installations to their knees?
GitHub did not immediately respond to The Register's request for comment but it defended its actions to Vice by stating that Jang's PoC code pertains to a recently disclosed vulnerability that's being actively exploited.
News URL
https://go.theregister.com/feed/www.theregister.com/2021/03/12/github_disappears_exploit/
Related news
- VEILDrive Attack Exploits Microsoft Services to Evade Detection and Distribute Malware (source)
- Microsoft Exchange adds warning to emails abusing spoofing flaw (source)
- Microsoft pulls Exchange security updates over mail delivery issues (source)
- 1000s of Palo Alto Networks firewalls hijacked as miscreants exploit critical hole (source)
- Microsoft 365 outage impacts Exchange Online, Teams, Sharepoint (source)
- Hackers exploit critical bug in Array Networks SSL VPN products (source)
- Microsoft re-releases Exchange updates after fixing mail delivery (source)
- Exploit released for critical WhatsUp Gold RCE flaw, patch now (source)
- PoC exploit for critical WhatsUp Gold RCE vulnerability released (CVE-2024-8785) (source)
- Microsoft: Another Chinese cyberspy crew targeting US critical orgs 'as of yesterday' (source)