Microsoft Finds Security Leak, Windows Exploit at Chinese Vendor [informationweek.com]

Microsoft today announced that it had rooted out the source of a leak from within its third-party security software firm partnership program that resulted in the weaponization of a bug in Windows--raising questions about whether the Microsoft Active Protections Program (MAPP) could be vulnerable to other such breaches.

Chinese firewall and IPS vendor Hangzhou DPTech Technologies, according to Microsoft, was the culprit behind a rapid-fire turnaround of a working exploit for the Windows Remote Desktop (RDP) flaw in mid-March, just after the bug was patched by Microsoft. Microsoft said that Patch