Last March, Microsoft suffered an information leak with its Microsoft Active Protections Program (MAPP) which led to a few threats that exploited a vulnerability in Microsoft’s Remote Desktop Protocol (RDP) functionality. Microsoft blames its Chinese technology partner Hangzhou DPTech Technologies for the leak.
According to its post on the TechNet blog, Microsoft’s director of Trustworthy Computing, Yunsun Wee laid the blame squarely on the Chinese partner. “During our investigation into the disclosure of confidential data shared with our Microsoft Active Protections Program (MAPP) partners, we determined that a member of the MAPP program, Hangzhou DPTech Technologies Co., Ltd., had breached our nondisclosure agreement (NDA). Microsoft takes breaches of our NDAs very seriously and has removed this partner from the MAPP Program.” The security breach is particularly worrisome because Chinese hackers got access to information entrusted to Hangzhou DPTech which enabled cyber criminals access to information which they can use to exploit the RDP vulnerability. If this was not bad enough, they got the information before Microsoft customers were furnished the information they required to patch the vulnerability.
As a result, Microsoft released three patches rated critical. All told, the Redmond, WA software giant released seven security bulletins. These included an interesting critical patch for the Office productivity suite. Usually, security threats against Office need users to access a file that contains a malicious program. Since user access and interaction is needed, Office security threats are normally rated lower than critical. They are often labeled “important” updates. However, in March, the Office update was labeled “critical.” Some security analysts speculate that the “critical” rating is because the patch impacts a vulnerability that deals with how the application processes data. These analysts cited recent phishing attacks on Mac systems to illustrate the point that attacks against Microsoft’s productivity software tend to revolve around priming such software for phishing attacks.
The other two critical patches impact most Windows computers currently in operation since they address vulnerabilities present in Windows XP all the way through Windows 7. In fact, it is hard to imagine an organization that won’t be affected by these two critical patches since most computers currently in use fall within the affected versions.