"During our investigation into the disclosure of confidential data shared with our Microsoft Active Protections Program (MAPP) partners, we determined that a member ... Hangzhou DPTech Technologies Co., Ltd., had breached our non-disclosure agreement (NDA)," Yunsun Wee, director of Microsoft's Trustworthy Computing group, wrote in a post to a company blog. "Microsoft takes breaches of our NDAs very seriously and has removed this partner from the MAPP Program."
Microsoft launched its investigation in mid-March after Italian security researcher Luigi Auriemma said code in an exploit circulating on a Chinese website was identical to what he had provided HP TippingPoint's bug bounty program to qualify for a reward.
Auriemma had uncovered a vulnerability in Windows' Remote Desktop Protocol (RDP) in May 2011, then reported it to TippingPoint. His code was used by the Zero Day Initiative to create a working exploit as part of the bounty program's bug verification work. ZDI passed along the exploit and other information about the RDP vulnerability to Microsoft.