The proof-of-concept exploit now circulating among hackers does not allow remote code execution -- necessary to compromise a PC or server, and then plant malware on the system -- but instead crashes a vulnerable machine, said Portnoy. The result: The classic Windows "Blue Screen of Death."

Portnoy also echoed what Microsoft's Wee said of the similarity between the public exploit and Auriemma's code. "We can confirm that the executable [exploit] does have a packet that was part of what Luigi gave us," said Portnoy.

Microsoft launched MAPP in 2008. The program has 79 security firm partners, including AVG, Cisco, Kaspersky, McAfee, Trend Micro and Symantec, as well as several Chinese antivirus companies. A full list of MAPP members can be found on this .

On Friday, Wee did not say whether Microsoft had a list of suspects, but noted that all information it passes to MAPP partners was under a "a strict Non-Disclosure Agreement (NDA)." If the leak did originate with a MAPP partner, it would be the first ever for the program.

Microsoft's update patches the RDP bug, and can be downloaded and installed via the Microsoft Update and Windows Update services, as well as through Windows Server Update Services.