Microsoft on Thursday identified a Chinese security partner as the source of a leak last March in its highly restricted vulnerability information-sharing program.
The company, Hangzhou DPTech Technologies, was tossed out of the Microsoft Active Protection Program (MAPP) for leaking the proof-of-concept exploit.
"During our investigation into the disclosure of confidential data shared with our Microsoft Active Protections Program (MAPP) partners, we determined that a member ... Hangzhou DPTech Technologies Co., Ltd., had breached our non-disclosure agreement (NDA)," Yunsun Wee, director of Microsoft's Trustworthy Computing group, wrote in a post to a company blog. " Microsoft takes breaches of our NDAs very seriously and has removed this partner from the MAPP Program."
Wee also said that starting with this month's security updates -- slated to ship Tuesday -- Microsoft has "strengthened existing controls and took actions to better protect our information."
He did not elaborate on the steps Microsoft has taken to prevent another leak or explain why the company decided DPTech was the source of the leak.
DPTech is based in Hangzhou, a major city in eastern China southwest of Shanghai. According to the company's website, it develops and sells network security products that include UTM (unified threat management) systems, IPS (intrusion prevention systems) appliances, application firewalls and vulnerability scanning software.
Andrew Storms, director of security operations at nCircle Security, was stunned that Microsoft named DPTech.
"It's not like [Microsoft] to call out someone," Storms said. "I'm not surprised they cut the offender out of the program [but] I would have expected it happen silently."
Microsoft launched its investigation in mid-March after Italian security researcher Luigi Auriemma said code in an exploit circulating on a Chinese website was identical to what he had provided HP TippingPoint's bug bounty program to qualify for a reward.
Auriemma had uncovered a vulnerability in Windows' Remote Desktop Protocol (RDP) in May 2011, then reported it to TippingPoint. His code was used by the Zero Day Initiative to create a working exploit as part of the bounty program's bug verification work. ZDI passed along the exploit and other information about the RDP vulnerability to Microsoft.
Microsoft patched the RDP vulnerability in its March Patch Tuesday update, and rated the fix "critical," the highest threat ranking in its four-step system.
Source
The company, Hangzhou DPTech Technologies, was tossed out of the Microsoft Active Protection Program (MAPP) for leaking the proof-of-concept exploit.
"During our investigation into the disclosure of confidential data shared with our Microsoft Active Protections Program (MAPP) partners, we determined that a member ... Hangzhou DPTech Technologies Co., Ltd., had breached our non-disclosure agreement (NDA)," Yunsun Wee, director of Microsoft's Trustworthy Computing group, wrote in a post to a company blog. " Microsoft takes breaches of our NDAs very seriously and has removed this partner from the MAPP Program."
Wee also said that starting with this month's security updates -- slated to ship Tuesday -- Microsoft has "strengthened existing controls and took actions to better protect our information."
He did not elaborate on the steps Microsoft has taken to prevent another leak or explain why the company decided DPTech was the source of the leak.
DPTech is based in Hangzhou, a major city in eastern China southwest of Shanghai. According to the company's website, it develops and sells network security products that include UTM (unified threat management) systems, IPS (intrusion prevention systems) appliances, application firewalls and vulnerability scanning software.
Andrew Storms, director of security operations at nCircle Security, was stunned that Microsoft named DPTech.
"It's not like [Microsoft] to call out someone," Storms said. "I'm not surprised they cut the offender out of the program [but] I would have expected it happen silently."
Microsoft launched its investigation in mid-March after Italian security researcher Luigi Auriemma said code in an exploit circulating on a Chinese website was identical to what he had provided HP TippingPoint's bug bounty program to qualify for a reward.
Auriemma had uncovered a vulnerability in Windows' Remote Desktop Protocol (RDP) in May 2011, then reported it to TippingPoint. His code was used by the Zero Day Initiative to create a working exploit as part of the bounty program's bug verification work. ZDI passed along the exploit and other information about the RDP vulnerability to Microsoft.
Microsoft patched the RDP vulnerability in its March Patch Tuesday update, and rated the fix "critical," the highest threat ranking in its four-step system.
Source
0 comments:
Post a Comment