Overview

• Microsoft launched an internal investigation on July 25 to determine if details from its Active Protections Programme were shared with Chinese state-sponsored hackers before public patching.
• Emergency updates for three on-premises SharePoint versions were deployed between July 20 and 22 after initial July fixes failed to stop exploit chains.
• Exploit attempts first appeared on July 7, coinciding with MAPP notifications on June 24, July 3 and July 7, suggesting a leak window among vetted partners.
• More than 400 government agencies and corporations worldwide, including the US National Nuclear Security Administration, have been compromised in the large-scale espionage campaign.
• Microsoft has begun auditing its partner-alert mechanisms and pledged to strengthen controls and transparency across its 17-year-old Active Protections Programme following similar alleged leaks in 2012 and 2021.