Red Hot Cyber
Cybersecurity is about sharing.
Recognize the risk, combat it, share your experiences,
and encourage others to do better than you.
Pietro Melillo : 26 June 2024 07:45
On June 11, a Microsoft engineer inadvertently made 4GB of internal code related to Microsoft PlayReady public. The information leak occurred on the Microsoft Developer Community, a forum dedicated to developers.
The leaked material included:
These components are crucial for content protection and digital rights management (DRM) within Microsoft platforms.
Vorresti toccare con mano la Cybersecurity e la tecnologia? Iscriviti GRATIS ai WorkShop Hands-On della RHC Conference 2025 (Giovedì 8 maggio 2025)
Se sei un ragazzo delle scuole medie, superiori o frequenti l'università, oppure banalmente un curioso di qualsiasi età, il giorno giovedì 8 maggio 2025 presso il teatro Italia di Roma (a due passi dalla stazione termini e dalla metro B di Piazza Bologna), si terranno i workshop "hands-on", creati per far avvicinare i ragazzi alla sicurezza informatica e alla tecnologia. Questo anno i workshop saranno:
Supporta RHC attraverso:
Ti piacciono gli articoli di Red Hot Cyber? Non aspettare oltre, iscriviti alla newsletter settimanale per non perdere nessun articolo.
The Construction of the PlayReady Library
Researchers from the AG Security Research Lab successfully compiled the Windows PlayReady DLL library using the leaked code. Interestingly, a user from the Microsoft Developer Community provided step-by-step instructions on how to initiate the compilation process, further facilitating the researchers’ work.
Another point of interest concerns the Microsoft Symbol Server, which does not block requests for PDB files corresponding to Microsoft’s WarBird libraries. This detail led to the unintentional leakage of additional sensitive information.
Adam Gowdiak from the AG Security Research Lab reported the incident to Microsoft. In response, Microsoft removed the post from the forum. However, at the time of writing this article, the download link is still active, raising concerns about Microsoft’s security and management of sensitive information.
This incident highlights the importance of accurate management of confidential information and sensitive data within development platforms. Microsoft will need to address the implications of this data leak and implement stricter measures to prevent similar incidents in the future.
The incident may lead to a review of security policies and information management within Microsoft, as well as raising questions about the reliability of developer sharing platforms. Security experts and developers will need to collaborate to ensure that such incidents do not recur, thereby protecting sensitive information and maintaining user trust.
In conclusion, the June 11 incident serves as a wake-up call for all tech companies: data security must be a top priority, and any breach can have significant consequences for a company’s reputation and reliability.
Pietro Melillo