Particle.news
Download on the App Store
5 ARTICLES
·
14h ago

Microsoft Limits MAPP Exploit Code for Chinese Firms After SharePoint Zero‑Day Surge

Partners in countries that must report discovered bugs to their governments will now receive only high‑level vulnerability descriptions rather than proof‑of‑concept code.

Computer code is seen on a screen above a Chinese flag in this July 12, 2017 illustration photo. REUTERS/Thomas White/Illustration/File Photo
The SharePoint logo on a phone, with the Microsoft logo in the background.
Software developer builds algorithms to spread CCP government socialist doctrine
Image

Overview

  • Microsoft confirmed it has stopped sending proof‑of‑concept exploit code to some MAPP participants, explicitly including companies in China, and will provide general written summaries instead.
  • The change follows rapid, large‑scale exploitation of two SharePoint zero‑days (CVE‑2025‑53770 and CVE‑2025‑53771) that compromised more than 400 on‑premises servers worldwide.
  • Microsoft has publicly tied the activity to China‑linked groups Linen Typhoon and Violet Typhoon, with Storm‑2603 also observed using the flaws, while Beijing has issued a denial.
  • Security researchers flagged the timing of MAPP alerts on June 24, July 3, and July 7 against first observed attacks on July 7, prompting suspicions of a leak from within the program.
  • Microsoft says its internal review is ongoing and declined to identify restricted firms, while emphasizing it can suspend or remove participants found to violate program rules.