Exchange Server Exploit Code Leaked By Microsoft’s Chinese Partner?

Exchange Server Exploit Code Leaked By Microsoft’s Chinese Partner?

Microsoft is investigating whether one of its large information-sharing programs was a source of a leak that led to the widespread exploitation of vulnerabilities in its Exchange Servers.

Wall Street Journal writes the company is investigating if its Microsoft Active Protections Program (MAPP) anti-malware partner in China leaked proof-of-concept code that Microsoft shared before it patched the vulnerabilities.

As part of the MAPP program, created in 2008, Microsoft shares data about vulnerabilities in its products to give security vendors around the world a head-start and add patches to their systems ahead of Microsoft patches. Of about 80 security companies on the MAPP, about 10 are based in China. 

The program is a great initiative but there is always a risk that data on unpatched vulnerabilities could end up in the wrong hands.

Such violations happened in 2012, when Microsoft removed a Chinese vendor from the program. There’s hot speculation going on that a leak happened in February this year about flaws in the Exchange Server before the company released its patches.

The WSJ says Microsoft’s new investigation centers on the question of how a stealthy attack that began in early January picked up steam in the week before the company was able to send a software fix to customers. 

The researchers in the WSJ article say some of the tools used in the second wave of the attack that began on Feb. 28, are similar to a “proof-of-concept” attack code that Microsoft distributed to MAPP program members on Feb. 23. 

Microsoft reportedly declined to say whether it sent the code to any Chinese companies.

Following the first wave of attack, Microsoft rushed to push out patches a week earlier, on March 2, and not on March 9, according to researchers.

About the author

CIM Team

CIM Team

CyberIntelMag is the trusted authority in cybersecurity, comprised of leading industry experts for over 20 years, dedicated to serving cybersecurity professionals. Our goal is to provide a one-stop shop for knowledge and insight needed to navigate throughout today’s emerging cybersecurity landscape through in-depth coverage of breaking news, tutorials, product reviews, videos and industry influencers.