Red Hot Cyber
Cybersecurity is about sharing.
Recognize the risk, combat it, share your experiences,
and encourage others to do better than you.
Pietro Melillo : 26 June 2024 07:45
On June 11, a Microsoft engineer inadvertently made 4GB of internal code related to Microsoft PlayReady public. The information leak occurred on the Microsoft Developer Community, a forum dedicated to developers.
The leaked material included:
These components are crucial for content protection and digital rights management (DRM) within Microsoft platforms.
CORSO NIS2 : Network and Information system 2
La direttiva NIS2 rappresenta una delle novità più importanti per la sicurezza informatica in Europa, imponendo nuovi obblighi alle aziende e alle infrastrutture critiche per migliorare la resilienza contro le cyber minacce.
Con scadenze stringenti e penalità elevate per chi non si adegua, comprendere i requisiti della NIS2 è essenziale per garantire la compliance e proteggere la tua organizzazione.
Accedi All'Anteprima del Corso condotto dall'Avv. Andrea Capelli sulla nostra Academy e segui l'anteprima gratuita.
Per ulteriori informazioni, scrivici ad [email protected] oppure scrivici su Whatsapp al 379 163 8765
Supporta RHC attraverso:
Ti piacciono gli articoli di Red Hot Cyber? Non aspettare oltre, iscriviti alla newsletter settimanale per non perdere nessun articolo.
The Construction of the PlayReady Library
Researchers from the AG Security Research Lab successfully compiled the Windows PlayReady DLL library using the leaked code. Interestingly, a user from the Microsoft Developer Community provided step-by-step instructions on how to initiate the compilation process, further facilitating the researchers’ work.
Another point of interest concerns the Microsoft Symbol Server, which does not block requests for PDB files corresponding to Microsoft’s WarBird libraries. This detail led to the unintentional leakage of additional sensitive information.
Adam Gowdiak from the AG Security Research Lab reported the incident to Microsoft. In response, Microsoft removed the post from the forum. However, at the time of writing this article, the download link is still active, raising concerns about Microsoft’s security and management of sensitive information.
This incident highlights the importance of accurate management of confidential information and sensitive data within development platforms. Microsoft will need to address the implications of this data leak and implement stricter measures to prevent similar incidents in the future.
The incident may lead to a review of security policies and information management within Microsoft, as well as raising questions about the reliability of developer sharing platforms. Security experts and developers will need to collaborate to ensure that such incidents do not recur, thereby protecting sensitive information and maintaining user trust.
In conclusion, the June 11 incident serves as a wake-up call for all tech companies: data security must be a top priority, and any breach can have significant consequences for a company’s reputation and reliability.
Pietro Melillo