TechCentralTechCentral
    Facebook Twitter YouTube LinkedIn
    Facebook Twitter LinkedIn YouTube
    TechCentralTechCentral
    NEWSLETTER
    • News

      Load shedding returns, and may last until Thursday

      16 August 2022

      Jo’burg to issue RFP for 500MW of electricity ‘within weeks’

      16 August 2022

      MTN hires outgoing Icasa CEO Willington Ngwepe into top role

      16 August 2022

      Rain in embarrassing climbdown over Telkom statement

      16 August 2022

      Coal miner Seriti plans R12-billion Mpumalanga wind farm

      16 August 2022
    • World

      Semiconductor boom turns to bust

      16 August 2022

      Tencent plans to offload R400-billion Meituan stake: sources

      16 August 2022

      Ether leaps higher on verge of Merge

      16 August 2022

      Institutions eye crypto but retail investors remain nervous

      15 August 2022

      Tencent woes mount, even after $560-billion selloff

      12 August 2022
    • In-depth

      African unicorn Flutterwave battles fires on multiple fronts

      11 August 2022

      The length of Earth’s days has been increasing – and no one knows why

      7 August 2022

      As Facebook fades, the Mad Men of advertising stage a comeback

      2 August 2022

      Crypto breaks the rules. That’s the point

      27 July 2022

      E-mail scams are getting chillingly personal

      17 July 2022
    • Podcasts

      Qush on infosec: why prevention is always better than cure

      11 August 2022

      e4’s Adri Führi on encouraging more women into tech careers

      10 August 2022

      How South Africa can woo more women into tech

      4 August 2022

      Book and check-in via WhatsApp? FlySafair is on it

      28 July 2022

      Interview: Why Dell’s next-gen PowerEdge servers change the game

      28 July 2022
    • Opinion

      No reason South Africa should have a shortage of electricity: Ramaphosa

      11 July 2022

      Ntshavheni’s bias against the private sector

      8 July 2022

      South Africa can no longer rely on Eskom alone

      4 July 2022

      Has South Africa’s advertising industry lost its way?

      21 June 2022

      Rob Lith: What Icasa’s spectrum auction means for SA companies

      13 June 2022
    • Company Hubs
      • 1-grid
      • Africa Data Centres
      • Altron Document Solutions
      • Amplitude
      • Atvance Intellect
      • Axiz
      • BOATech
      • CallMiner
      • Digital Generation
      • E4
      • ESET
      • Euphoria Telecom
      • IBM
      • Kyocera Document Solutions
      • Microsoft
      • Nutanix
      • One Trust
      • Pinnacle
      • Skybox Security
      • SkyWire
      • Tarsus on Demand
      • Videri Digital
      • Zendesk
    • Sections
      • Banking
      • Broadcasting and Media
      • Cloud computing
      • Consumer electronics
      • Cryptocurrencies
      • Education and skills
      • Energy
      • Fintech
      • Information security
      • Internet and connectivity
      • Internet of Things
      • Investment
      • IT services
      • Motoring and transport
      • Public sector
      • Science
      • Social media
      • Talent and leadership
      • Telecoms
    • Advertise
    TechCentralTechCentral
    Home»In-depth»Microsoft may revamp bug disclosures after suspected leak

    Microsoft may revamp bug disclosures after suspected leak

    In-depth By Agency Staff28 April 2021
    Facebook Twitter LinkedIn WhatsApp Telegram Email

    Microsoft may revise a programme that shares coding flaws in its products with other companies after a suspected leak led to a sprawling cyberattack against thousands of Microsoft Exchange e-mail clients globally.

    The technology giant is weighing how and when to share data with at least some of the 81 participants in the Microsoft Active Protections Programme (MAPP), according to six people familiar with it including existing members who sought anonymity citing a Microsoft non-disclosure agreement. The others requested anonymity because they aren’t authorised to discuss the matter publicly.

    MAPP grants some customers information about vulnerabilities in Microsoft’s products and services days or weeks ahead of public disclosure. It is widely regarded by participants as a critical data-sharing tool to defend against potential attacks.

    Microsoft fears MAPP participants may have tipped off hackers after the company shared a critical vulnerability with its top tier of members

    However, Microsoft fears MAPP participants may have tipped off hackers after the company shared a critical vulnerability with its top tier of members around 18 February, according to four people familiar with Microsoft’s investigation into the cause of the attack. Microsoft publicly released software updates to patch the problem on 2 March.

    The company’s inquiry has focused on at least two Chinese companies as possible sources of the leak, according to the people familiar with the probe. Four MAPP participants said they’d recently disclosed detailed logs of network activity to Microsoft since the Exchange attack. In some cases, companies volunteered the data unprompted, while in others Microsoft requested additional data. The companies asked to remain anonymous, citing their non-disclosure agreement with Microsoft.

    Chinese hackers

    Microsoft’s vulnerability disclosure in late February was followed by one of the most efficient, wide-ranging cyberattacks in history. Microsoft has blamed state-sponsored Chinese hackers, dubbed Hafnium, for the attack which compromised more than 60 000 government, corporate and private e-mail systems around the world, much of which occurred over the last weekend in February.

    Microsoft declined to comment on potential changes to MAPP, nor would the company discuss its MAPP disclosures in February or possible leaks by participants. The company said it remained committed to the programme and its wide-ranging list of members from the US, Israel, Russia, China, Japan, Australia, India and parts of Europe.

    “We believe there are many benefits to mutual information sharing with the security community to help protect our mutual customers against attacks,” the company said in a statement. “We continue to evaluate how to best balance the benefits of this sharing with the risk of early disclosures.”

    In response to queries, China’s ministry of foreign affairs stated: “China resolutely opposes any form of online attacks or infiltration. This is our clear and consistent stance. Relevant Chinese laws on data collection and handling clearly safeguards data security and strongly oppose cyberattacks and other criminal activity.”

    China has proposed a global security standard that it says is “for the benefit of international digital governance” and urged others to work with it to safeguard global data security. “We hope the media adopts a professional and responsible attitude, relying on comprehensive evidence when determining the nature of cyberspace events, but not groundless speculation,” according to the ministry’s statement.

    Until MAPP was created, both criminal hackers and computer researchers would wait for Microsoft to disclose patches on the second Tuesday of every month, known as “Patch Tuesday”. The two camps would then race to reverse engineer the patches in hopes of identifying the root vulnerability, which attackers could then exploit and defenders would attempt to protect against, according to Microsoft.

    Hangzhou DPtech Technologies was kicked out in 2012 for breaching the non-disclosure agreement

    Patch Tuesday still exists. MAPP was started in 2008 to give some of Microsoft’s biggest customers a head-start against the criminals.

    At least 13 Chinese companies have participated. Two of them have been removed. Hangzhou DPtech Technologies was kicked out in 2012 for breaching its non-disclosure agreement, according to Microsoft. A cybersecurity researcher found that Hangzhou had leaked evidence of a critical vulnerability in a Microsoft product to Chinese hackers.

    Three tiers

    Last year, Qihoo 360 Technology was removed after being the target of US-imposed export controls due to national security concerns, according to three people familiar with the matter. A year earlier, Microsoft named Qihoo 360, Tencent Holdings and Palo Alto Networks as the top contributors to MAPP.

    MAPP is organised into three tiers: entry level, advance notification and validation. Members of the validation group — mostly virus-detection firms — are invited to receive vulnerabilities sometimes weeks ahead of public disclosure. Some of the details shared with MAPP participants are subject to a non-disclosure agreement.

    Microsoft may elect to reshuffle members of the top tier, according to three people familiar with options being considered by the company. The Microsoft Security Response Centre, which runs MAPP, may also simply reassess how much critical intelligence they share with companies considered close to certain nations, including China, according to the people.

    Microsoft president Brad Smith

    Microsoft could also embed a unique test in pieces of its code, known as a watermark, that serve as sort of digital bread crumbs in the event of a leak. It’s unclear if watermarks were used in the data distributed to MAPP participants in February, but Microsoft has previously used them and could reintroduce them in the future, according to one of the people.

    Microsoft requires MAPP participants to share data and vulnerabilities the same way it discloses the bugs in its products. Multiple MAPP participants said that Microsoft’s requests for information have surged in recent years but especially in the months since the Exchange and SolarWinds cyberattacks. In the latter instance, which was publicly disclosed in December, Russian hackers infiltrated at least nine US agencies and 100-private-sector companies after installing malicious code in software updates for Texas-based SolarWinds.

    But there are risks for Microsoft. Many of the companies on the MAPP list are presumed to have at least informal ties with the state security apparatus in their country of domicile, meaning Microsoft’s vulnerability disclosures may be shared with governments with some frequency, said one former MAPP member who asked not to be identified because of an NDA.

    While there are risks in partnering with Iranian, North Korean, Russian or Chinese companies, Microsoft also uses the programme to its advantage

    Microsoft is unlikely to remove any Chinese participants despite the possible Exchange leak, according to two people familiar with the MAPP review. But the company could limit how much data it shares with members in China, the people said. A Chinese cybersecurity law requires corporations to provide access to their technology and assist with investigations involving crime and national security.

    If Microsoft were to eliminate MAPP participants in countries not politically aligned with the US, the company would handcuff part of its own intelligence operation. “While there are risks in partnering with Iranian, North Korean, Russian or Chinese companies, Microsoft also uses the programme to its advantage,” said Chester Wisniewski, a principal research scientist at the cybersecurity firm Sophos.

    Realpolitik

    Microsoft president and chief legal officer Brad Smith said in January 2020 that the company generates about 2% of its global sales from China, or about US$2.9-billion that year. The potential to enhance that revenue could motivate the company’s disclosure policies, said Robert Potter, CEO of Internet 2.0, a cybersecurity firm which advises the US and Australian governments.

    “Like all large companies, Microsoft has to balance maintaining market access inside of China and security considerations,” Potter said. “Over time, this balance is getting harder to maintain and this introduces risks to other customers. The pressure is making that decision more binary.”  — Reported by Kartikay Mehrotra, (c) 2021 Bloomberg LP

    Brad Smith Microsoft top
    Share. Facebook Twitter LinkedIn WhatsApp Telegram Email
    Previous ArticleGoogle’s ad resurgence is just getting started
    Next Article A human-centric approach to protect against cybersecurity threats

    Related Posts

    Load shedding returns, and may last until Thursday

    16 August 2022

    Jo’burg to issue RFP for 500MW of electricity ‘within weeks’

    16 August 2022

    MTN hires outgoing Icasa CEO Willington Ngwepe into top role

    16 August 2022
    Add A Comment

    Comments are closed.

    Promoted

    HPE SimpliVity: addressing SMBs’ data conundrums

    16 August 2022

    Digital transformation – don’t get caught unprepared

    16 August 2022

    Seven reasons your business needs IP surveillance cameras

    15 August 2022
    Opinion

    No reason South Africa should have a shortage of electricity: Ramaphosa

    11 July 2022

    Ntshavheni’s bias against the private sector

    8 July 2022

    South Africa can no longer rely on Eskom alone

    4 July 2022

    Subscribe to Updates

    Get the best South African technology news and analysis delivered to your e-mail inbox every morning.

    © 2009 - 2022 NewsCentral Media

    Type above and press Enter to search. Press Esc to cancel.