Attack on Microsoft Exchange servers may have been caused by a leak from the MAPP

Microsoft logo
Microsoft logo (Image credit: Daniel Rubino / Windows Central)

What you need to know

  • Microsoft may make changes to the Microsoft Active Protections Program following the recent attack on its Exchange email servers.
  • A report claims that MAPP members may have leaked critical information about vulnerabilities.
  • Microsoft has looked into at least two Chinese companies, according to the report.

Following the most recent attacks on Microsoft Exchange email servers, Microsoft may have to revise how it shares security vulnerabilities. According to Bloomberg, a suspected leak led to the recent attacks on Exchange servers. The suspected leaks center around the Microsoft Active Protections Program (MAPP).

The MAPP has 81 participants that Microsoft shares vulnerabilities with. The program gives these partners early access so they can protect people from attacks. According to sources that spoke with Bloomberg, Microsoft is considering changes to the MAPP. The company fears that MAPP participants may have tipped hackers off about a critical vulnerability around February 18.

Microsoft first released patches to the problem on March 2, so knowing about the vulnerability on or around February 18 would provide an opportunity to take advantage of it.

Microsoft's report is said to focus on at least two Chinese companies. Microsoft declined to comment to Bloomberg on any potential changes to the MAPP and wouldn't share any details about its MAPP disclosures in February or any potential leaks. Microsoft did, however, state that it is still committed to the program and its members in the U.S., Israel, Russia, China, Japan, Australia, India, and parts of Europe.

"We believe there are many benefits to mutual information sharing with the security community to help protect our mutual customers against attacks," Microsoft said in a statement. "We continue to evaluate how to best balance the benefits of this sharing with the risk of early disclosures."

China's Ministry of Foreign Affairs told Bloomberg, "China resolutely opposes any form of online attacks or infiltration. This is our clear and consistent stance. Relevant Chinese laws on data collection and handling clearly safeguards data security and strongly oppose cyber-attacks and other criminal activity."

Two Chinese companies have been removed from the MAPP in the past. Hangzhou DPtech Technologies Co. was removed in 2012 for breaching a non-disclosure agreement, according to Microsoft.

Qihoo 360 Technology Co. was removed last year. According to Bloomberg's sources, the company was removed after being placed on the U.S. Entity list related to export controls.

Potential changes to the MAPP include moving around which members are in the highest tier of the program, changing how much critical intelligence Microsoft shares with companies close to certain countries, and using a watermark to track digital code.

CATEGORIES
Sean Endicott
News Writer and apps editor

Sean Endicott is a tech journalist at Windows Central, specializing in Windows, Microsoft software, AI, and PCs. He's covered major launches, from Windows 10 and 11 to the rise of AI tools like ChatGPT. Sean's journey began with the Lumia 740, leading to strong ties with app developers. Outside writing, he coaches American football, utilizing Microsoft services to manage his team. He studied broadcast journalism at Nottingham Trent University and is active on X @SeanEndicott_ and Threads @sean_endicott_.