Just two days later, however, proof-of-concept exploit code appeared in the wild. Already, there's a bounty--now up to $1,500--to see who can be the first to weaponize that code and add it to the popular penetration testing toolkit Metasploit. Sunday, furthermore, an anonymous user posted Metasploit plug-in code to Pastebin, though it's unclear yet whether the code works.
Last week, as news of the leaked proof-of-concept exploit code surfaced, accusations began flying over who had given would-be attackers a head start. Suspicion quickly fell on the HP TippingPoint Zero Day Initiative (ZDI), which offers bounties for bugs. Timing-wise, Italian security researcher Luigi Auriemma said in a blog post that he discovered the bug in May 2011 and then sold it to ZDI, which verified the flaw and notified Microsoft in August 2011. Auriemma said that he wasn't responsible for the leak.
Read the full article here.
Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.