Close Menu
TechCentralTechCentral

    Subscribe to the newsletter

    Get the best South African technology news and analysis delivered to your e-mail inbox every morning.

    Facebook X (Twitter) YouTube LinkedIn
    WhatsApp Facebook X (Twitter) LinkedIn YouTube
    TechCentralTechCentral
    • News

      ‘System offline’ scourge to end, says Schreiber – but industry must pay

      23 June 2025

      Why the spectrum gold rush may soon be over

      23 June 2025

      Tech stability key to getting South Africa off damaging financial grey list

      23 June 2025

      Naspers shifts to an AI-first strategy – and it’s paying off

      23 June 2025

      Letter: South Africa risks missing AI wave while world surges ahead

      23 June 2025
    • World

      Watch | Starship rocket explodes in setback to Musk’s Mars mission

      19 June 2025

      Trump Mobile dials into politics, profit and patriarchy

      17 June 2025

      Samsung plots health data hub to link users and doctors in real time

      17 June 2025

      Beijing’s chip champions blacklisted by Taiwan

      16 June 2025

      China is behind in AI chips – but for how much longer?

      13 June 2025
    • In-depth

      Meta bets $72-billion on AI – and investors love it

      17 June 2025

      MultiChoice may unbundle SuperSport from DStv

      12 June 2025

      Grok promised bias-free chat. Then came the edits

      2 June 2025

      Digital fortress: We go inside JB5, Teraco’s giant new AI-ready data centre

      30 May 2025

      Sam Altman and Jony Ive’s big bet to out-Apple Apple

      22 May 2025
    • TCS

      TechCentral Nexus S0E3: Behind Takealot’s revenue surge

      23 June 2025

      TCS | South Africa’s Sociable wants to make social media social again

      23 June 2025

      TCS+ | AfriGIS’s Helen Hulett on how tech can help resolve South Africa’s water crisis

      18 June 2025

      TechCentral Nexus S0E2: South Africa’s digital battlefield

      16 June 2025

      TechCentral Nexus S0E1: Starlink, BEE and a new leader at Vodacom

      8 June 2025
    • Opinion

      South Africa pioneered drone laws a decade ago – now it must catch up

      17 June 2025

      AI and the future of ICT distribution

      16 June 2025

      Singapore soared – why can’t we? Lessons South Africa refuses to learn

      13 June 2025

      Beyond the box: why IT distribution depends on real partnerships

      2 June 2025

      South Africa’s next crisis? Being offline in an AI-driven world

      2 June 2025
    • Company Hubs
      • Africa Data Centres
      • AfriGIS
      • Altron Digital Business
      • Altron Document Solutions
      • Altron Group
      • Arctic Wolf
      • AvertITD
      • Braintree
      • CallMiner
      • CambriLearn
      • CYBER1 Solutions
      • Digicloud Africa
      • Digimune
      • Domains.co.za
      • ESET
      • Euphoria Telecom
      • Incredible Business
      • iONLINE
      • Iris Network Systems
      • LSD Open
      • NEC XON
      • Network Platforms
      • Next DLP
      • Ovations
      • Paracon
      • Paratus
      • Q-KON
      • SevenC
      • SkyWire
      • Solid8 Technologies
      • Telit Cinterion
      • Tenable
      • Vertiv
      • Videri Digital
      • Wipro
      • Workday
    • Sections
      • AI and machine learning
      • Banking
      • Broadcasting and Media
      • Cloud services
      • Contact centres and CX
      • Cryptocurrencies
      • Education and skills
      • Electronics and hardware
      • Energy and sustainability
      • Enterprise software
      • Fintech
      • Information security
      • Internet and connectivity
      • Internet of Things
      • Investment
      • IT services
      • Lifestyle
      • Motoring
      • Public sector
      • Retail and e-commerce
      • Science
      • SMEs and start-ups
      • Social media
      • Talent and leadership
      • Telecoms
    • Events
    • Advertise
    TechCentralTechCentral
    Home » In-depth » Microsoft may revamp bug disclosures after suspected leak

    Microsoft may revamp bug disclosures after suspected leak

    By Agency Staff28 April 2021
    Twitter LinkedIn Facebook WhatsApp Email Telegram Copy Link
    News Alerts
    WhatsApp

    Microsoft may revise a programme that shares coding flaws in its products with other companies after a suspected leak led to a sprawling cyberattack against thousands of Microsoft Exchange e-mail clients globally.

    The technology giant is weighing how and when to share data with at least some of the 81 participants in the Microsoft Active Protections Programme (MAPP), according to six people familiar with it including existing members who sought anonymity citing a Microsoft non-disclosure agreement. The others requested anonymity because they aren’t authorised to discuss the matter publicly.

    MAPP grants some customers information about vulnerabilities in Microsoft’s products and services days or weeks ahead of public disclosure. It is widely regarded by participants as a critical data-sharing tool to defend against potential attacks.

    Microsoft fears MAPP participants may have tipped off hackers after the company shared a critical vulnerability with its top tier of members

    However, Microsoft fears MAPP participants may have tipped off hackers after the company shared a critical vulnerability with its top tier of members around 18 February, according to four people familiar with Microsoft’s investigation into the cause of the attack. Microsoft publicly released software updates to patch the problem on 2 March.

    The company’s inquiry has focused on at least two Chinese companies as possible sources of the leak, according to the people familiar with the probe. Four MAPP participants said they’d recently disclosed detailed logs of network activity to Microsoft since the Exchange attack. In some cases, companies volunteered the data unprompted, while in others Microsoft requested additional data. The companies asked to remain anonymous, citing their non-disclosure agreement with Microsoft.

    Chinese hackers

    Microsoft’s vulnerability disclosure in late February was followed by one of the most efficient, wide-ranging cyberattacks in history. Microsoft has blamed state-sponsored Chinese hackers, dubbed Hafnium, for the attack which compromised more than 60 000 government, corporate and private e-mail systems around the world, much of which occurred over the last weekend in February.

    Microsoft declined to comment on potential changes to MAPP, nor would the company discuss its MAPP disclosures in February or possible leaks by participants. The company said it remained committed to the programme and its wide-ranging list of members from the US, Israel, Russia, China, Japan, Australia, India and parts of Europe.

    “We believe there are many benefits to mutual information sharing with the security community to help protect our mutual customers against attacks,” the company said in a statement. “We continue to evaluate how to best balance the benefits of this sharing with the risk of early disclosures.”

    In response to queries, China’s ministry of foreign affairs stated: “China resolutely opposes any form of online attacks or infiltration. This is our clear and consistent stance. Relevant Chinese laws on data collection and handling clearly safeguards data security and strongly oppose cyberattacks and other criminal activity.”

    China has proposed a global security standard that it says is “for the benefit of international digital governance” and urged others to work with it to safeguard global data security. “We hope the media adopts a professional and responsible attitude, relying on comprehensive evidence when determining the nature of cyberspace events, but not groundless speculation,” according to the ministry’s statement.

    Until MAPP was created, both criminal hackers and computer researchers would wait for Microsoft to disclose patches on the second Tuesday of every month, known as “Patch Tuesday”. The two camps would then race to reverse engineer the patches in hopes of identifying the root vulnerability, which attackers could then exploit and defenders would attempt to protect against, according to Microsoft.

    Hangzhou DPtech Technologies was kicked out in 2012 for breaching the non-disclosure agreement

    Patch Tuesday still exists. MAPP was started in 2008 to give some of Microsoft’s biggest customers a head-start against the criminals.

    At least 13 Chinese companies have participated. Two of them have been removed. Hangzhou DPtech Technologies was kicked out in 2012 for breaching its non-disclosure agreement, according to Microsoft. A cybersecurity researcher found that Hangzhou had leaked evidence of a critical vulnerability in a Microsoft product to Chinese hackers.

    Three tiers

    Last year, Qihoo 360 Technology was removed after being the target of US-imposed export controls due to national security concerns, according to three people familiar with the matter. A year earlier, Microsoft named Qihoo 360, Tencent Holdings and Palo Alto Networks as the top contributors to MAPP.

    MAPP is organised into three tiers: entry level, advance notification and validation. Members of the validation group — mostly virus-detection firms — are invited to receive vulnerabilities sometimes weeks ahead of public disclosure. Some of the details shared with MAPP participants are subject to a non-disclosure agreement.

    Microsoft may elect to reshuffle members of the top tier, according to three people familiar with options being considered by the company. The Microsoft Security Response Centre, which runs MAPP, may also simply reassess how much critical intelligence they share with companies considered close to certain nations, including China, according to the people.

    Microsoft president Brad Smith

    Microsoft could also embed a unique test in pieces of its code, known as a watermark, that serve as sort of digital bread crumbs in the event of a leak. It’s unclear if watermarks were used in the data distributed to MAPP participants in February, but Microsoft has previously used them and could reintroduce them in the future, according to one of the people.

    Microsoft requires MAPP participants to share data and vulnerabilities the same way it discloses the bugs in its products. Multiple MAPP participants said that Microsoft’s requests for information have surged in recent years but especially in the months since the Exchange and SolarWinds cyberattacks. In the latter instance, which was publicly disclosed in December, Russian hackers infiltrated at least nine US agencies and 100-private-sector companies after installing malicious code in software updates for Texas-based SolarWinds.

    But there are risks for Microsoft. Many of the companies on the MAPP list are presumed to have at least informal ties with the state security apparatus in their country of domicile, meaning Microsoft’s vulnerability disclosures may be shared with governments with some frequency, said one former MAPP member who asked not to be identified because of an NDA.

    While there are risks in partnering with Iranian, North Korean, Russian or Chinese companies, Microsoft also uses the programme to its advantage

    Microsoft is unlikely to remove any Chinese participants despite the possible Exchange leak, according to two people familiar with the MAPP review. But the company could limit how much data it shares with members in China, the people said. A Chinese cybersecurity law requires corporations to provide access to their technology and assist with investigations involving crime and national security.

    If Microsoft were to eliminate MAPP participants in countries not politically aligned with the US, the company would handcuff part of its own intelligence operation. “While there are risks in partnering with Iranian, North Korean, Russian or Chinese companies, Microsoft also uses the programme to its advantage,” said Chester Wisniewski, a principal research scientist at the cybersecurity firm Sophos.

    Realpolitik

    Microsoft president and chief legal officer Brad Smith said in January 2020 that the company generates about 2% of its global sales from China, or about US$2.9-billion that year. The potential to enhance that revenue could motivate the company’s disclosure policies, said Robert Potter, CEO of Internet 2.0, a cybersecurity firm which advises the US and Australian governments.

    “Like all large companies, Microsoft has to balance maintaining market access inside of China and security considerations,” Potter said. “Over time, this balance is getting harder to maintain and this introduces risks to other customers. The pressure is making that decision more binary.”  — Reported by Kartikay Mehrotra, (c) 2021 Bloomberg LP



    Brad Smith Microsoft top
    Subscribe to TechCentral Subscribe to TechCentral
    Share. Facebook Twitter LinkedIn WhatsApp Telegram Email Copy Link
    Previous ArticleGoogle’s ad resurgence is just getting started
    Next Article A human-centric approach to protect against cybersecurity threats

    Related Posts

    Major rift opens between Microsoft and OpenAI

    17 June 2025

    The future of database management is hybrid. Are you ready?

    6 June 2025

    How AI is rewriting the rules of software development

    4 June 2025
    Company News

    IoT connectivity management in South Africa – expert insights

    23 June 2025

    Let’s reimagine Joburg using the power of tech, data and AI

    23 June 2025

    Netstar doubles down on global markets while backing SA growth

    23 June 2025
    Opinion

    South Africa pioneered drone laws a decade ago – now it must catch up

    17 June 2025

    AI and the future of ICT distribution

    16 June 2025

    Singapore soared – why can’t we? Lessons South Africa refuses to learn

    13 June 2025

    Subscribe to Updates

    Get the best South African technology news and analysis delivered to your e-mail inbox every morning.

    © 2009 - 2025 NewsCentral Media

    Type above and press Enter to search. Press Esc to cancel.