Particle.news
Download on the App Store
4 ARTICLES
·
6h ago

Microsoft Halts PoC Sharing With Some Chinese Firms, Narrows Access to Vulnerability Alerts

The move responds to July's SharePoint exploits following concerns over misuse of early-warning disclosures.

Computer code is seen on a screen above a Chinese flag in this July 12, 2017 illustration photo. REUTERS/Thomas White/Illustration/File Photo
The SharePoint logo on a phone, with the Microsoft logo in the background.
Software developer builds algorithms to spread CCP government socialist doctrine
Image

Overview

  • Microsoft said several Chinese companies will no longer receive proof-of-concept code through its Microsoft Active Protections Program.
  • The company reduced some partners’ access to early vulnerability feeds as it conducts confidential reviews and an internal investigation.
  • A Microsoft spokesperson told Bloomberg the tighter sharing applies in countries that require reporting vulnerabilities to their governments, including China.
  • Microsoft notified MAPP partners of SharePoint flaws on June 24, July 3, and July 7, and first observed exploitation attempts on July 7.
  • Attacks hit up to 400 organizations and have been used to deploy ransomware, patches have been issued, Beijing denies involvement, and Microsoft has not identified the restricted firms or disclosed investigative findings.