Microsoft Limits Chinese Access to Cybersecurity Flaw Database after Hack
PorAinvest
jueves, 21 de agosto de 2025, 5:56 am ET2 min de lectura
MSFT--
The MAPP program is designed to provide security software companies around the world with early details about flaws in Microsoft products, enabling them to update their protections more quickly. However, Microsoft's investigation into the recent attacks suggests that details about the vulnerabilities may have leaked from the program, potentially leading to the hacks [1].
The decision to curtail Chinese companies' access to the program follows a pattern of leaks from Chinese firms in MAPP. In 2012, Microsoft accused Hangzhou DPtech Technologies Co. of breaching a non-disclosure agreement and disclosing information that exposed a major vulnerability in Windows. More recently, in 2021, Microsoft suspected at least two other Chinese MAPP partners of leaking information about vulnerabilities in its Exchange servers, leading to a global hacking campaign [1].
Microsoft's move comes amid growing concerns about cybersecurity cooperation with China. A 2021 law in China mandates that any company or security researcher who identifies a cybersecurity vulnerability must report it within 48 hours to the Ministry of Industry and Information Technology. This requirement has raised concerns about the potential for Chinese firms to use information from MAPP for their own purposes [1].
While Microsoft has taken steps to prevent misuse of the program, the company has also shut down its transparency centers in China, where the government could review the source code of its technology. Microsoft had previously provided access to its source code in China since at least 2003, but it has since retired these facilities [1].
Microsoft's actions are part of a broader trend of US tech firms reassessing their relationships with China. While some firms, like Google, have left the Chinese market after hacking cases, others, like Apple, continue to rely heavily on China for sales and production [1].
References:
[1] https://www.bloomberg.com/news/articles/2025-08-20/microsoft-curbs-early-access-for-chinese-firms-to-cyber-flaws
[2] https://www.businesstimes.com.sg/companies-markets/telcos-media-tech/microsoft-curbs-early-access-chinese-firms-notifications-about-cybersecurity-flaws
Microsoft has scaled back Chinese companies' access to its early warning system for cybersecurity flaws, MAPP, after hackers used details from the program to fuel attacks on Microsoft SharePoint servers in July. The company believes that some Chinese firms in the program were linked to the surge in attacks and will no longer receive proof-of-concept code. This move follows a pattern of leaks from Chinese firms in MAPP, including a 2012 leak and a 2021 global spying campaign. Other major US tech firms, such as Google, have taken different paths in China, with Google leaving the market after a hacking case in 2010 and Apple still relying heavily on China for sales and production.
Microsoft Corp. has restricted Chinese companies' access to its early warning system for cybersecurity flaws, the Microsoft Active Protections Program (MAPP), following a series of attacks that exploited vulnerabilities in its SharePoint software. The company believes that some Chinese firms in the program were involved in the attacks and will no longer provide proof-of-concept code to these participants [1].The MAPP program is designed to provide security software companies around the world with early details about flaws in Microsoft products, enabling them to update their protections more quickly. However, Microsoft's investigation into the recent attacks suggests that details about the vulnerabilities may have leaked from the program, potentially leading to the hacks [1].
The decision to curtail Chinese companies' access to the program follows a pattern of leaks from Chinese firms in MAPP. In 2012, Microsoft accused Hangzhou DPtech Technologies Co. of breaching a non-disclosure agreement and disclosing information that exposed a major vulnerability in Windows. More recently, in 2021, Microsoft suspected at least two other Chinese MAPP partners of leaking information about vulnerabilities in its Exchange servers, leading to a global hacking campaign [1].
Microsoft's move comes amid growing concerns about cybersecurity cooperation with China. A 2021 law in China mandates that any company or security researcher who identifies a cybersecurity vulnerability must report it within 48 hours to the Ministry of Industry and Information Technology. This requirement has raised concerns about the potential for Chinese firms to use information from MAPP for their own purposes [1].
While Microsoft has taken steps to prevent misuse of the program, the company has also shut down its transparency centers in China, where the government could review the source code of its technology. Microsoft had previously provided access to its source code in China since at least 2003, but it has since retired these facilities [1].
Microsoft's actions are part of a broader trend of US tech firms reassessing their relationships with China. While some firms, like Google, have left the Chinese market after hacking cases, others, like Apple, continue to rely heavily on China for sales and production [1].
References:
[1] https://www.bloomberg.com/news/articles/2025-08-20/microsoft-curbs-early-access-for-chinese-firms-to-cyber-flaws
[2] https://www.businesstimes.com.sg/companies-markets/telcos-media-tech/microsoft-curbs-early-access-chinese-firms-notifications-about-cybersecurity-flaws
Divulgación editorial y transparencia de la IA: Ainvest News utiliza tecnología avanzada de Modelos de Lenguaje Largo (LLM) para sintetizar y analizar datos de mercado en tiempo real. Para garantizar los más altos estándares de integridad, cada artículo se somete a un riguroso proceso de verificación con participación humana.
Mientras la IA asiste en el procesamiento de datos y la redacción inicial, un miembro editorial profesional de Ainvest revisa, verifica y aprueba de forma independiente todo el contenido para garantizar su precisión y cumplimiento con los estándares editoriales de Ainvest Fintech Inc. Esta supervisión humana está diseñada para mitigar las alucinaciones de la IA y garantizar el contexto financiero.
Advertencia sobre inversiones: Este contenido se proporciona únicamente con fines informativos y no constituye asesoramiento profesional de inversión, legal o financiero. Los mercados conllevan riesgos inherentes. Se recomienda a los usuarios que realicen una investigación independiente o consulten a un asesor financiero certificado antes de tomar cualquier decisión. Ainvest Fintech Inc. se exime de toda responsabilidad por las acciones tomadas con base en esta información. ¿Encontró un error? Reportar un problema
Comentarios
Aún no hay comentarios