GitHub will remove exploits for vulnerabilities under attack

GitHub will remove exploits for vulnerabilities under attack

Last week the GitHub management announced that they are making changes to the anti-malware rules and will remove exploits that are under attack.

Let me remind you that the revision of the rules is a direct consequence of the scandal that erupted in March 2021. That time, Microsoft, which owns GitHub, reported a series of ProxyLogon vulnerabilities that were used by hacker groups to compromise Exchange servers around the world.

When the OS vendor quickly released patches, the Vietnamese cybersecurity researcher reversed these patches and created a PoC exloit for ProxyLogon based on them, which was then uploaded to GitHub. Within hours of uploading the code to GitHub, the Microsoft security team stepped in and removed the expert’s PoC, sparking industry outrage and Microsoft’s criticism.

While Microsoft was simply trying to protect the owners of Exchange servers from attacks, and GitHub eventually allowed the researcher and others to re-upload the exploit code to the site, GitHub decided to remove all ambiguities in the policies of their platform so that such situations do not happen again.

In April, the GitHub developers even held an open discussion with the cybersecurity community, so that users themselves could help determine how exactly GitHub employees should deal with malware and exploits uploaded to the platform.

GitHub representatives have now summed up these discussions and officially announced that repositories created to host malware for malicious campaigns, as well as repositories that act as control servers or used to distribute malicious scripts, are no longer allowed on the platform.

GitHub will remove exploits

At the same time, the placement of PoC exploits and malware is allowed if they have a dual purpose. In the context of malware and exploits, this means that the same tool can be used to exchange new information and research, but at the same time can be used for malicious activity.

But the new GitHub policy on PoC exploits and malware states that the platform reserves the right to block or permanently delete even dual-use content if it can prevent active attacks or malicious campaigns that exploit GitHub, for example, in CDN quality.

The company emphasizes that in case of erroneous deletions on GitHub there is an appeal process, that is, any decision can be appealed.

In the rare cases of very large-scale misuse of dual-use content, we may restrict access to such content to interrupt an ongoing attack or malicious campaign that uses the GitHub platform to [run] an exploit or as a malicious CDN. In some cases, such a restriction may take the form of placing content for authentication, and if this is not possible, as a last resort, it may mean disabling access and completely removing [the content]. If possible, we will also contact the project owners and report restrictions. the company says.

Let me remind you that I also wrote that GitHub replaced the term “master” with a more neutral one.

Leave a Reply

Your email address will not be published. Required fields are marked *