Microsoft is investigating a potential leak within its Microsoft Active Protections Program (MAPP), an early alert system for cybersecurity firms. The probe aims to determine if the leak enabled Chinese hackers to exploit vulnerabilities in Microsoft's SharePoint service before patches were released. The investigation was prompted by concerns that advanced knowledge of these flaws allowed for widespread exploitation.
The MAPP program, established 17 years ago, provides cybersecurity experts with advance notice of security concerns, allowing them to develop fixes before vulnerabilities become public. Members receive patch information 24 hours before public release, with a subset getting notifications five days earlier. Microsoft has attributed the SharePoint breaches to state-sponsored hackers from China.
Microsoft has stated that they are reviewing the incident to identify areas for improvement. The company emphasizes that partner programs are a crucial part of their security response. Past incidents have led to the removal of partners from the MAPP program for breaching non-disclosure agreements, highlighting the ongoing challenges of balancing information sharing and security.
Related Articles
SharePoint Flaws Exploited Globally
Read more about SharePoint Flaws Exploited Globally →
Microsoft Halts China-Based Engineering
Read more about Microsoft Halts China-Based Engineering →
Microsoft Bans DeepSeek App
Read more about Microsoft Bans DeepSeek App →
AI Erodes Bug Bounties
Read more about AI Erodes Bug Bounties →