Chinese Firm Booted from MAPP

Monday, May 7, 2012 @ 08:05 AM gHale


Microsoft has kicked a Chinese security company out of its Microsoft Active Protections Program (MAPP) vulnerability information sharing program following a leak of proof-of-concept code for a serious security hole in all versions of Windows.

Hangzhou DPTech Technologies Co., Ltd, is a Chinese firm described as a “high-tech company integrating research and development, manufacturing and sales in the network security industry,” Microsoft said.

RELATED STORIES
RDP Bug Goes Big Time
RDP Exposure at 5 Million
Attack Code Leak on the MAPP
Patch Tuesday also Exploit Tuesday

After an investigation into the embarrassing proof-of-concept leak, Microsoft said Hangzhou DPTech Technologies breached the strict non-disclosure agreement (NDA) meant to ensure sensitive information doesn’t fall into the wrong hands.

“Microsoft takes breaches of our NDAs very seriously and has removed this partner from the MAPP Program,” said Yunsun Wee, director, Microsoft Trustworthy Computing.

Starting this month, Wee said Microsoft will strengthen existing controls and take actions to better protect the MAPP information.

“We believe that these enhancements will better protect our information, while furthering customer protection by aiding partners developing active protections,” she said.

Microsoft did not elaborate on the new controls. Ever since MAPP launched in August 2008, there have been at least three confirmed leaks that included the publication of proof-of-concept code snippets on Chinese-language web sites. Microsoft previously suspended an unidentified Chinese security vendor from the program but there remains a risk that technical details of high-risk vulnerabilities could reach cyber-criminals before Windows users get a change to apply security patches.

MAPP data given to security vendors ahead of Patch Tuesday includes:
• A detailed technical write-up on the vulnerability;
• A step-by-step process they can follow to parse an affected file format, or network protocol, that identifies which elements need to have particular values, or exceed specific boundaries, in order to trigger the security vulnerability;
• Information on how to detect the vulnerability, or exploitation thereof (e.g. event log entries, or stack traces);
• A Proof-of-Concept file that is in itself not malicious, but contains the specific condition that will trigger the vulnerability. Partners can leverage this file to test detection signatures they develop using the step-by-step process provided.



Leave a Reply

You must be logged in to post a comment.