Shutterstock (TNS) Microsoft Corp. may revise a program that shares coding flaws in its products with other companies after a suspected leak led to a sprawling cyber attack against thousands of Microsoft Exchange email clients globally.
The technology giant is weighing how and when to share data with at least some of the 81 participants in the Microsoft Active Protections Program, according to six people familiar with it including existing members who sought anonymity citing a Microsoft non-disclosure agreement. The others requested anonymity because they aren’t authorized to discuss the matter publicly.
MAPP grants some customers information about vulnerabilities in Microsoft’s products and services days or weeks ahead of public disclosure. It is widely regarded by participants as a critical data-sharing tool to defend against potential attacks.
What you need to know
Microsoft may make changes to the Microsoft Active Protections Program following the recent attack on its Exchange email servers.
A report claims that MAPP members may have leaked critical information about vulnerabilities.
Microsoft has looked into at least two Chinese companies, according to the report.
Following the most recent attacks on Microsoft Exchange email servers, Microsoft may have to revise how it shares security vulnerabilities. According to Bloomberg, a suspected leak led to the recent attacks on Exchange servers. The suspected leaks center around the Microsoft Active Protections Program (MAPP).
The MAPP has 81 participants that Microsoft shares vulnerabilities with. The program gives these partners early access so they can protect people from attacks. According to sources that spoke with Bloomberg, Microsoft is considering changes to the MAPP. The company fears that MAPP participants may have tipped hackers off about a critical vulnerability