Microsoft is investigating whether one of its large information-sharing programs was a source of a leak that led to the widespread exploitation of vulnerabilities in its Exchange Servers.
Wall Street Journal writes the company is investigating if its Microsoft Active Protections Program (MAPP) anti-malware partner in China leaked proof-of-concept code that Microsoft shared before it patched the vulnerabilities.
As part of the MAPP program, created in 2008, Microsoft shares data about vulnerabilities in its products to give security vendors around the world a head-start and add patches to their systems ahead of Microsoft patches. Of about 80 security companies on the MAPP, about 10 are based in China.
The program is a great initiative but there is always a risk that data on unpatched vulnerabilities could end up in the wrong hands.
Such violations happened in 2012, when Microsoft removed a Chinese vendor from the program. There’s hot speculation going on that a leak happened in February this year about flaws in the Exchange Server before the company released its patches.
The WSJ says Microsoft’s new investigation centers on the question of how a stealthy attack that began in early January picked up steam in the week before the company was able to send a software fix to customers.
The researchers in the WSJ article say some of the tools used in the second wave of the attack that began on Feb. 28, are similar to a “proof-of-concept” attack code that Microsoft distributed to MAPP program members on Feb. 23.
Microsoft reportedly declined to say whether it sent the code to any Chinese companies.
Following the first wave of attack, Microsoft rushed to push out patches a week earlier, on March 2, and not on March 9, according to researchers.