Yesterday, Microsoft issued a statement on an investigation meant to determine which of its security partners was responsible for a data leak back in March.
In a blog post on Technet, Yunsun Wee, director, Microsoft Trustworthy Computing, notes that Hangzhou DPTech Technologies Co., Ltd. was responsible for the breach.
The company, a member of the Microsoft Active Protections Program (MAPP), let slip details on a vulnerability that affected Microsoft’s products, and which could result in denial of service.
On March 15th, Microsoft announced that it was aware of public proof-of-concept code that was designed to exploit said vulnerability, which was patched only a few days before.
“The details of the proof-of-concept code
appear to match the vulnerability information shared with Microsoft Active Protections Program (MAPP) partners,” Yunsun Wee said at the time.
The Redmond-based software giant has started an investigation on the matter, and determined that the aforementioned Chinese partner was responsible for the code’s leak.
“During our investigation into the disclosure of confidential data shared with our Microsoft Active Protections Program (MAPP) partners, we determined that a member of the MAPP program, Hangzhou DPTech Technologies Co., Ltd., had breached our non-disclosure agreement (NDA),” Wee states
As a result, the company decided to remove the partner from its MAPP Program, while also looking into ways to strengthen control and protection of sensitive information.
“We believe that these enhancements will better protect our information, while furthering customer protection by aiding partners developing active protections,” Microsoft announced.
The MAPP program was developed to provide defenders with info on discovered vulnerabilities before the security bulletins are out, so that they could get their protection signatures ready in due time.
“By providing technical details about a vulnerability directly to defenders, we strengthen their ability to create more effective and accurate signatures in a shorter timeframe,” Maarten Van Horenbeeck, senior program manager, Microsoft Security Response Center, explains
This is why details related to the vulnerabilities addressed in MS12-020 were provided with all MAPP partners under a strict Non-Disclosure Agreement, a move that led to said code leak.