Microsoft has quietly rolled back some of its early-warning cybersecurity measures for Chinese companies following a wave of hacking attempts targeting its SharePoint software. The tech giant has limited participants from countries like China—where firms may be legally required to report vulnerabilities to authorities—from receiving detailed “proof of concept” code in advance of security patches. Instead, these companies will now only receive general written descriptions of known flaws, provided at the same time as the patch is released.
This move comes in the wake of a major SharePoint breach last month that affected hundreds of organizations globally, including critical U.S. agencies. Microsoft suspects that some participants in its Microsoft Active Protections Program (MAPP), which shares vulnerability data with security vendors ahead of public disclosure, may have leaked sensitive details that enabled attackers to exploit the flaws.
David Cuddy, a Microsoft spokesperson, said the company is cognizant of the potential for misuse of its shared information. As such, it’s taking comprehensive steps—both publicly stated and confidential—to prevent exploitation. Participants found in violation of their contracts, including clauses prohibiting offensive cyber activity, are subject to suspension or removal from the program.
The Chinese government has denied any involvement in the SharePoint attacks, but the timing of the hacking surge—immediately following Microsoft’s disclosures on June 24, July 3, and July 7—raised red flags among experts. Some cybersecurity observers now consider a leak within MAPP as the most plausible explanation for how the attackers gained an edge.
For now, Microsoft has not disclosed which firms have lost access or offered updates on the internal investigation. Still, the decision signals a tightening of its approach to vulnerability sharing and underscores the delicate balance between enabling rapid defense and safeguarding sensitive data.
