Red Hot Cyber
Cybersecurity is about sharing.
Recognize the risk, combat it, share your experiences,
and encourage others to do better than you.
Pietro Melillo : 26 June 2024 07:45
On June 11, a Microsoft engineer inadvertently made 4GB of internal code related to Microsoft PlayReady public. The information leak occurred on the Microsoft Developer Community, a forum dedicated to developers.
The leaked material included:
These components are crucial for content protection and digital rights management (DRM) within Microsoft platforms.
Vuoi diventare un esperto del Dark Web e della Cyber Threat Intelligence (CTI)?
Stiamo per avviare il corso intermedio in modalità "Live Class", previsto per febbraio.
A differenza dei corsi in e-learning, disponibili online sulla nostra piattaforma con lezioni pre-registrate, i corsi in Live Class offrono un’esperienza formativa interattiva e coinvolgente.
Condotti dal professor Pietro Melillo, le lezioni si svolgono online in tempo reale, permettendo ai partecipanti di interagire direttamente con il docente e approfondire i contenuti in modo personalizzato.
Questi corsi, ideali per aziende, consentono di sviluppare competenze mirate, affrontare casi pratici e personalizzare il percorso formativo in base alle esigenze specifiche del team, garantendo un apprendimento efficace e immediatamente applicabile.
Non perdere i nostri corsi e scrivi subito su WhatsApp al numero
379 163 8765
per richiedere informazioni
"
Supporta RHC attraverso:
Ti piacciono gli articoli di Red Hot Cyber? Non aspettare oltre, iscriviti alla newsletter settimanale per non perdere nessun articolo.
The Construction of the PlayReady Library
Researchers from the AG Security Research Lab successfully compiled the Windows PlayReady DLL library using the leaked code. Interestingly, a user from the Microsoft Developer Community provided step-by-step instructions on how to initiate the compilation process, further facilitating the researchers’ work.
Another point of interest concerns the Microsoft Symbol Server, which does not block requests for PDB files corresponding to Microsoft’s WarBird libraries. This detail led to the unintentional leakage of additional sensitive information.
Adam Gowdiak from the AG Security Research Lab reported the incident to Microsoft. In response, Microsoft removed the post from the forum. However, at the time of writing this article, the download link is still active, raising concerns about Microsoft’s security and management of sensitive information.
This incident highlights the importance of accurate management of confidential information and sensitive data within development platforms. Microsoft will need to address the implications of this data leak and implement stricter measures to prevent similar incidents in the future.
The incident may lead to a review of security policies and information management within Microsoft, as well as raising questions about the reliability of developer sharing platforms. Security experts and developers will need to collaborate to ensure that such incidents do not recur, thereby protecting sensitive information and maintaining user trust.
In conclusion, the June 11 incident serves as a wake-up call for all tech companies: data security must be a top priority, and any breach can have significant consequences for a company’s reputation and reliability.
Pietro Melillo