Attack on Microsoft Exchange servers may have been caused by a leak from the MAPP

News
By published

Microsoft shares data with its partners to help protect people's systems, but some partners may have decided to leak the information.

Microsoft logo
Microsoft logo (Image credit: Daniel Rubino / Windows Central)

What you need to know

  • Microsoft may make changes to the Microsoft Active Protections Program following the recent attack on its Exchange email servers.
  • A report claims that MAPP members may have leaked critical information about vulnerabilities.
  • Microsoft has looked into at least two Chinese companies, according to the report.

The MAPP has 81 participants that Microsoft shares vulnerabilities with. The program gives these partners early access so they can protect people from attacks. According to sources that spoke with Bloomberg, Microsoft is considering changes to the MAPP. The company fears that MAPP participants may have tipped hackers off about a critical vulnerability around February 18.

Microsoft first released patches to the problem on March 2, so knowing about the vulnerability on or around February 18 would provide an opportunity to take advantage of it.

Microsoft's report is said to focus on at least two Chinese companies. Microsoft declined to comment to Bloomberg on any potential changes to the MAPP and wouldn't share any details about its MAPP disclosures in February or any potential leaks. Microsoft did, however, state that it is still committed to the program and its members in the U.S., Israel, Russia, China, Japan, Australia, India, and parts of Europe.

"We believe there are many benefits to mutual information sharing with the security community to help protect our mutual customers against attacks," Microsoft said in a statement. "We continue to evaluate how to best balance the benefits of this sharing with the risk of early disclosures."

China's Ministry of Foreign Affairs told Bloomberg, "China resolutely opposes any form of online attacks or infiltration. This is our clear and consistent stance. Relevant Chinese laws on data collection and handling clearly safeguards data security and strongly oppose cyber-attacks and other criminal activity."

Two Chinese companies have been removed from the MAPP in the past. Hangzhou DPtech Technologies Co. was removed in 2012 for breaching a non-disclosure agreement, according to Microsoft.

Qihoo 360 Technology Co. was removed last year. According to Bloomberg's sources, the company was removed after being placed on the U.S. Entity list related to export controls.

Potential changes to the MAPP include moving around which members are in the highest tier of the program, changing how much critical intelligence Microsoft shares with companies close to certain countries, and using a watermark to track digital code.

Sean Endicott
Sean Endicott
News Writer and apps editor

Sean Endicott is a news writer and apps editor for Windows Central with 11+ years of experience. A Nottingham Trent journalism graduate, Sean has covered the industry’s arc from the Lumia era to the launch of Windows 11 and generative AI. Having started at Thrifter, he uses his expertise in price tracking to help readers find genuine hardware value.

Beyond tech news, Sean is a UK sports media pioneer. In 2017, he became one of the first to stream via smartphone and is an expert in AP Capture systems. A tech-forward coach, he was named 2024 BAFA Youth Coach of the Year. He is focused on using technology—from AI to Clipchamp—to gain a practical edge.