A security researcher, who has the Twitter handle Vess, [real name Dr Vesselin Vladimirov Bontchev] posted a screenshot of the message from one individual who re-posted the PoC, saying: "Lulz. The original ProxyLogon exploit is back on GitHub – uploaded not by the author but by several others, sometimes accompanied with a nice comment."
The code was originally published on GitHub on 10 March by a Vietnamese researcher Nguyen Jang, according to a report in The Record, a website owned by the CIA-backed threat intelligence firm Recorded Future.
Lulz. The original ProxyLogon exploit is back on GitHub - uploaded not by the author but by several others, sometimes accompanied with a nice comment: pic.twitter.com/zwA8ZOTF2P— Vess (@VessOnSecurity) March 12, 2021
But hours later, GitHub took down the code. iTWire asked the company why it did this, but has so far received no reply.
Some other researchers were flabbergasted by the actions of GitHub. David Kennedy, the chief executive and founder of security firm TrustedSec, said in a tweet: "Wow, I am completely speechless here. Microsoft really did remove the PoC code from GitHub.
correct timeline:— ? (@nf3xn) March 13, 2021
MSFT: sorry guys all public OWA needs to go off as there is in-the-wild exploitation, details in the emergency patch next month. hunt for china chopper since Jan.
"This is huge, removing a security researchers code from GitHub against their own product and which has already been patched. This is not good."
The comment referred to by Vess was this: "Why does GitHub remove this exploit because it is against the acceptable use policy – but tons of other proof of concept exploits and frameworks are OK?
"Is it because GitHub is owned by Microsoft?
"Censoring exploits is bad for security, even if an individual exploit sometimes can put companies at risk which should have already fixed their systems. And GitHub puts up a bad precedence."