+ - Microsoft Names Chinese Firm Hangzhou DPTech as Source of RDP Code Leak->
Submitted
by
Trailrunner7
Trailrunner7 writes "Two months after exploit code the Microsoft RDP MS12-020 vulnerability made its way into the open before the company released a patch, Microsoft has put the blame for the leak on a Chinese security company, Hangzhou DPTech Technologies. Microsoft said Thursday that it has removed the company from its MAPP information-sharing program.
Microsoft officials said that after word of the leak got out in March they began an investigation to find the source. The security researcher who originally found the RDP bug and reported to Microsoft through the Zero Day Initiative, Luigi Auriemma, said at the time that he suspected that the leak had come from somewhere in the MAPP program, either through one of the partner companies or inside Microsoft itself. The proof-of-concept exploit code that appeared on a Chinese site included a packet that Auriemma wrote himself and forwarded to ZDI.
"During our investigation into the disclosure of confidential data shared with our Microsoft Active Protections Program (MAPP) partners, we determined that a member of the MAPP program, Hangzhou DPTech Technologies Co., Ltd., had breached our non-disclosure agreement (NDA). Microsoft takes breaches of our NDAs very seriously and has removed this partner from the MAPP Program," Yunsun Wee of Microsoft's Trustworthy Computing group said."
Link to Original Source
Microsoft officials said that after word of the leak got out in March they began an investigation to find the source. The security researcher who originally found the RDP bug and reported to Microsoft through the Zero Day Initiative, Luigi Auriemma, said at the time that he suspected that the leak had come from somewhere in the MAPP program, either through one of the partner companies or inside Microsoft itself. The proof-of-concept exploit code that appeared on a Chinese site included a packet that Auriemma wrote himself and forwarded to ZDI.
"During our investigation into the disclosure of confidential data shared with our Microsoft Active Protections Program (MAPP) partners, we determined that a member of the MAPP program, Hangzhou DPTech Technologies Co., Ltd., had breached our non-disclosure agreement (NDA). Microsoft takes breaches of our NDAs very seriously and has removed this partner from the MAPP Program," Yunsun Wee of Microsoft's Trustworthy Computing group said."
Link to Original Source
Microsoft Names Chinese Firm Hangzhou DPTech as Source of RDP Code Leak More Login
Microsoft Names Chinese Firm Hangzhou DPTech as Source of RDP Code Leak