A new flaw found in Microsoft's Windows Remote Desktop Protocol (RDP) allows computers to be remotely accessed and enables an attacker to install malicious code. The bug also reportedly contains an exact copy of information Microsoft only gives to trusted security companies. A new flaw has been found in Windows’ Remote Desktop Protocol (RDP) that, if exploited, could cause a denial-of-service condition. And the bug reportedly contains an exact copy of information Microsoft only gives to security companies. Computers that don’t have network-level authentication could be remotely accessed and an attacker could install malicious code, according to reports. The bug contains an exact copy of information Microsoft only sent out to Microsoft Active Protection Program (MAPP) participants. MAPP gives a small, vetted group of security firms early access to vulnerability and patch information. ThreatPost reports that researcher Luigi Auriemma says the exploit code found on a Chinese download site contains “the exact packet that he sent to TippingPoint’s Zero Day Initiative in his original advisory on the vulnerability.” SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe “ZDI engineers typically confirm the bug, work up a protection signature for TippingPoint’s appliances and then send the data on to the affected company, in this case Microsoft,” says Auriemma. Microsoft released a patch for the bug last Tuesday. Also in the news this week: More malware uses stolen digital certificates to bypass defenses: Security companies have recently identified multiple malware threats that use stolen digital certificates. The malware uses certificates stolen from RealTek, JMicron, Conpavi AG and others. Hackers are using the certificates because some antivirus solutions assume digitally signed files are OK and don’t scan them. 40 percent of U.S. gov websites are unsafe: Two studies have found that 40 percent of federal websites do not support DNS Security extensions even though they were ordered to do so two years ago. The Department of Defense and CIA were among the agencies at risk. Government found to produce worst software: Research by Veracode found eight out of 10 apps from industry and government do not live up to the company- or agency-security criteria. The company found 16 percent of government Web applications were secure, compared with 24 percent from the finance industry and 28 percent of commercial software. Many nations investigate Google for bypassing Safari privacy: The U.S. Federal Trade Commission and France’s CNIL are both probing the search giant in regards to its bypass of privacy settings on the Safari Web browser. Last month Google and other advertisers were found to be using code that bypassed the browser’s cookie blocking. Related content opinion Why Bitcoins are Just as Viable as Any Other Currency The true value of any currency is a reflection of how much people believe it's worth, according to CIO blogger Constantine von Hoffman. But it's wise to remember just how fast beliefs can change. By Constantine von Hoffman Apr 15, 2013 4 mins Government Technology Industry opinion No Surprise: Docs Show Obama Administration Lying About Drones President Obama has repeatedly said drones would only be used against members of al Qaida and allied groups. However, leaked intelligence documents show the administration has been using them to settle political and tribal feuds for at least four yea By Constantine von Hoffman Apr 10, 2013 3 mins Regulation Government opinion How Big Data Can Quickly Become Big Garbage The bigger the data the bigger the chance of mistakes or inaccuracies. In that vein, a large database used by retailers to screen people accused of stealing from employers is identifying innocent people and could result in major lawsuits, according t By Constantine von Hoffman Apr 04, 2013 2 mins Big Data opinion Why Crazy Trumps Logic on the Internet The earth is flat. Vaccines cause autism. 9/11 was a government conspiracy. These are just a few of the many ideas that continue to find adherents online despite overwhelming proof that they're not based on fact. CIO.com blogger Constantine von By Constantine von Hoffman Apr 02, 2013 3 mins Government Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe