.png){kind=small}
.png)
.png)
.png)
.png)
1 hour ago
2
ARTICLE AD BOX
Microsoft
has curtailed Chinese companies' access to advance notifications about cybersecurity vulnerabilities after investigating whether leaked information led to massive hacks targeting its
SharePoint
software, according to Bloomberg. The company restricted access last month for participants in countries "where they're required to report vulnerabilities to their governments," which includes China.The decision affects the
Microsoft Active Protections Program
(MAPP), which provides security firms worldwide with early details about software flaws so they can protect customers faster. More than 400 government agencies and corporations were breached in recent SharePoint attacks that Microsoft blamed on
state-sponsored Chinese hackers
, including the US National Nuclear Security Administration, Reuters reported.
Chinese law creates security concerns for tech giants
The restrictions stem partly from a 2021 Chinese law requiring companies and researchers to report cybersecurity vulnerabilities to China's Ministry of Industry and Information Technology within 48 hours. This mandate raises concerns that sensitive information could be shared with government-backed hackers.
Under the new policy, affected Chinese MAPP participants will no longer receive "proof of concept" code demonstrating vulnerabilities. Instead, they'll get general written descriptions sent simultaneously with public patch releases, eliminating their previous 24-hour advance notice, Bloomberg reported.
Pattern of alleged leaks spans over a decade
This isn't Microsoft's first concern about Chinese MAPP partners. In 2012, the company accused
Hangzhou DPtech Technologies
of breaching agreements and exposing Windows vulnerabilities. In 2021, Microsoft suspected two Chinese partners leaked Exchange server information, enabling a global hacking campaign attributed to the Chinese espionage group Hafnium, according to previous Bloomberg reporting.Dakota Cary, a cybersecurity consultant at SentinelOne, called Microsoft's decision "fantastic," noting that "Chinese companies in MAPP have to respond to incentives from the government."Microsoft also confirmed to Reuters it shuttered "transparency centers" in China where the government previously reviewed source code for potential backdoors. These facilities have been "long retired," with no visits since 2019, ending a program that began in 2003 when Microsoft became the first commercial software company providing Chinese authorities source code access.
English (US) ·