Security Advisor

Microsoft Kicks Out Partner for Leak

Microsoft doesn't like it when you divulge information that you shouldn't be divulging. Especially if it puts millions of users in harm's way of hackers' nasty tricks.

Remember when Microsoft proof-of-concept code on a nasty RDP exploit made it online ahead of the fix? If not, here's the original story from March.

Microsoft wasn't going to take this breach of trust laying down and vowed to find the culprit responsible. Apparently, it has.

In a Microsoft Security Response Center blog, the company announced that the leak came from China-based Hangzhou DPTech Technologies Co., and that the guilty company's services would no longer be needed in the Microsoft Active Protections Program (MAPP).

Also, Microsoft will be changing the secret handshake that allows entry into the clubhouse.

"Additionally, starting with our May release, we strengthened existing controls and took actions to better protect our information," said Yunsun Wee, director of Microsoft Trustworthy Computing. "We believe that these enhancements will better protect our information, while furthering customer protection by aiding partners developing active protections."

I guess that means little information was provided to Hangzhou DPTech Technologies on May's seven security bulletin items (that's how you do a seamless transition!).

And since someone brought it up, this month's security update, released yesterday, combats quite a few remote code execution flaws -- five of the seven bulletins battle this type of exploit.

About the Author

Chris Paoli is the site producer for Redmondmag.com and MCPmag.com.

Featured

  • Microsoft Adding Google G Suite Migration in Exchange Admin Center

    Microsoft's Exchange Admin Center will be getting the ability to move Google G Suite calendar, contacts and e-mail data over to the Office 365 service "in the coming weeks."

  • Qualcomm Back in Datacenter Fray with AI Chip

    The chip maker joins a crowded field of vendors that are designing silicon for processing AI inference workloads in the datacenter.

  • Microsoft To Ship Surface Hub 2S Conference Device in June

    Microsoft on Wednesday announced a June U.S. ship date for one of its Surface Hub 2S conferencing room products, plus a couple of other product milestones.

  • Kaspersky Lab Nabs Another Windows Zero-Day

    Kaspersky Lab this week described more about a zero-day Windows vulnerability (CVE-2019-0859) that its researchers recently discovered, and how PowerShell was used by the exploit.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.