“During our investigation into the disclosure of confidential data shared with our Microsoft Active Protections Program (MAPP) partners, we determined that a member of the MAPP program, Hangzhou DPTech Technologies Co., Ltd., had breached our nondisclosure agreement (NDA)”, wrote Yunsun Wee, director of Microsoft Trustworthy Computing. Microsoft declined to be more specific about the disclosure.
Reports indicate that Hangzhou DPTech Technologies was identified as the source of the leak of a critical vulnerability in Windows’ remote desktop protocol (RDP).
Microsoft issued a patch for the RDP vulnerability in March and urged users to make fixing the flaw a “special priority” because of the “attractiveness of this vulnerability to attackers.”
Researcher Luigi Auriemma, who found the RDP flaw and reported it to Microsoft through the Zero Day Initiative (ZDI), said that he suspected the leak had come from the MAPP program, according to Dennis Fisher, editor of Kaspersky Lab’s Threatpost.
The proof-of-concept exploit code that appeared on a Chinese site included a packet that Auriemma wrote himself and sent to ZDI, Fisher noted.
"The packet I gave to ZDI was unique because I modified it by hand. There are no doubts on this thing. Microsoft is the source of the leak, probably during the distribution to MAPP partners, but I still have some doubts", Auriemma said in an email interview at the time of the leak.