EDGE 2015 is starting in

Find out more EDGE 2015
Menu
Microsoft boots Chinese firm for leaking Windows exploit

Microsoft boots Chinese firm for leaking Windows exploit

Kicks Hangzhou DPTech out of MAPP after tracing proof-of-concept code leak

Microsoft on Thursday identified a Chinese security partner as the source of a leak last March in its highly restricted vulnerability information-sharing program.

The company, Hangzhou DPTech Technologies, was tossed out of the Microsoft Active Protection Program (MAPP) for leaking the proof-of-concept exploit.

"During our investigation into the disclosure of confidential data shared with our Microsoft Active Protections Program (MAPP) partners, we determined that a member ... Hangzhou DPTech Technologies Co., Ltd., had breached our non-disclosure agreement (NDA)," Yunsun Wee, director of Microsoft's Trustworthy Computing group, wrote in a post to a company blog. " Microsoft takes breaches of our NDAs very seriously and has removed this partner from the MAPP Program."

Wee also said that starting with this month's security updates -- slated to ship Tuesday -- Microsoft has "strengthened existing controls and took actions to better protect our information."

He did not elaborate on the steps Microsoft has taken to prevent another leak or explain why the company decided DPTech was the source of the leak.

DPTech is based in Hangzhou, a major city in eastern China southwest of Shanghai. According to the company's website, it develops and sells network security products that include UTM (unified threat management) systems, IPS (intrusion prevention systems) appliances, application firewalls and vulnerability scanning software.

Andrew Storms, director of security operations at nCircle Security, was stunned that Microsoft named DPTech.

"It's not like [Microsoft] to call out someone," Storms said. "I'm not surprised they cut the offender out of the program [but] I would have expected it happen silently."

Microsoft launched its investigation in mid-March after Italian security researcher Luigi Auriemma said code in an exploit circulating on a Chinese website was identical to what he had provided HP TippingPoint's bug bounty program to qualify for a reward.

Auriemma had uncovered a vulnerability in Windows' Remote Desktop Protocol (RDP) in May 2011, then reported it to TippingPoint. His code was used by the Zero Day Initiative to create a working exploit as part of the bounty program's bug verification work. ZDI passed along the exploit and other information about the RDP vulnerability to Microsoft.

Microsoft patched the RDP vulnerability in its March Patch Tuesday update, and rated the fix "critical," the highest threat ranking in its four-step system.

Later on the same day that Auriemma claimed the leak had given hackers a head start on a worm, Microsoft confirmed that the leak had likely originated with MAPP.

Under MAPP, Microsoft provides select security vendors with technical information and a proof-of-concept exploit before patches go public. MAPP is meant to give the security companies time to craft detection signatures.

MAPP counts 73 companies as members, including several other vendors based in China. Six weeks ago, MAPP's rolls listed 78 firms.

When asked if Microsoft had kicked other partners from the program, a Microsoft spokeswoman declined to comment. Instead, she pointed to another Thursday blog post in which Maarten Van Horenbeeck, the senior program manager whose team runs MAPP, defended the information-sharing practice.

In the post, Van Horenbeeck alluded to culling the MAPP membership.

"We routinely evaluate MAPP partners to ensure they are adhering to program guidelines, taking action to correct any partner deviations from our program charter," said Van Horenbeeck. That action, he continued, could include "removing the partner from our program," as Microsoft did with DPTech.

Matt Hamblen covers mobile and wireless, smartphones and other handhelds, and wireless networking for Computerworld. Follow Matt on Twitter at @matthamblen or subscribe to Matt's RSS feed. His email address is mhamblen@computerworld.com.

See more by Matt Hamblen on Computerworld.com.

Read more about malware and vulnerabilities in Computerworld's Malware and Vulnerabilities Topic Center.

EDGE 2015:: For all the latest on EDGE 2015 including the keynote speakers visit the EDGE mini-site now

2015 ARN ICT Industry Awards: Nominations for the 2015 ARN ICT Industry Awards close on June 26. NOMINATE NOW!!!

Follow Us

Join the ARN newsletter!

Error: Please check your email address.

Upcoming

Slideshows

IN PICTURES: OKI Data Australia partner event (+10 photos)
Business Products

IN PICTURES: OKI Data Australia partner event (+10 photos)

OKI recently hosted its ChannelOne dealer forum for its executive series channel partners to get together and learn about the company's new high-performance ES8400 A3 multifunction series printers. After a welcome and business overview from OKI Data Australia managing director, Dennie Kawahara, delegates were given a comprehensive overview of the new product, as well as an update on the latest marketing initiatives and software solutions, before being treated to live demos and a product showcase. Partners were also given a preview of OKI’s upcoming A3 digital LED white toner printer. With more than 60 delegates attending from all over the country, the day concluded with dinner at Casa Ristorante Italiano in Sydney and several delegates also participated in a friendly game of golf the following morning.

IN PICTURES: OKI Data Australia partner event (+10 photos)
Email 101: 11 tips to manage your email

Email 101: 11 tips to manage your email

If you’re a college graduate entering the workforce, you may quickly find you aren’t prepared for the volume of email that awaits you in the corporate world. These 11 tips will help you master forwards, filtering and more.

Email 101: 11 tips to manage your email

iasset.com is a channel management ecosystem that automates all major aspects of the entire sales, marketing and service process, including data tracking, integrated learning, knowledge management and product lifecycle management.

Show Comments