Auriemma said that code found in a proof-of-concept exploit on a Chinese website was identical to what he had provided HP TippingPoint's Zero Day Initiative (ZDI) bug bounty program. His code was then used by ZDI to create a working exploit as part of the bounty program's bug verification work.

ZDI then passed along information about the RDP vulnerability, including the exploit that used Auriemma's code, to Microsoft.

According to Auriemma, the public exploit included the string "MSRC11678," a reference to a Microsoft Security Response Center (MSRC) case number, indicating that the leak came from Microsoft.

ZDI denied it had been the source of the leak. "We're 100% confident that the leak didn't come from us, and Microsoft is comfortable with us saying that," Aaron Portnoy, the leader of TippingPoint's security research team and the had of ZDI, said in an interview Friday.

Portnoy also described the chain of custody of Auriemma's code -- a specially-constructed data packet that triggers the RDP vulnerability -- from its May 2011 submission to ZDI to its inclusion in the concept exploit that ZDI provided Microsoft in August 2011 as part of a broader analysis of the vulnerability.