Microsoft-owned GitHub has removed a proof-of-concept (PoC) exploit for critical ProxyLogon bugs in Microsoft Exchange, causing a backlash from security researchers. The exploit has recently led to infections of as many as 100,00 servers. Microsoft rushed out patches last week for the vulnerabilities in response to a number of Chinese groups exploiting the bugs.
- "This is huge, removing a security researcher's code from GitHub against their own product and which has already been patched. This is not good," Dave Kennedy, founder of TrustedSec, tweeted.
- "It’s unfortunate that there’s no way to share research and tools with professionals without also sharing them with attackers, but many people (like me) believe the benefits outweigh the risks," tweeted Tavis Ormandy, a member of Google's Project Zero.
- Palo Alto Networks estimates that 125,000 Exchange servers have yet to install Microsoft's patches.
- Attackers are installing new DEARCRY ransomware after hacking into Exchange servers through the ProxyLogon bugs, according to security researcher Michael Gillespie.
- Attack rates on Exchange server bugs are doubling every few hours, Check Point Research has found.