Skip to main content

Microsoft fears code-sharing program could be the source of Exchange security nightmare

(Image credit: Image Credit: JPstock / Shutterstock)

Microsoft is under the impression that the criminals responsible for the recent and highly devastating Exchange hack were tipped off by one (or more) of its customers. As a result, the company is considering changing the way it communicates with its clients.

In a recent Bloomberg report, it was explained that Microsoft runs a special initiative called the Microsoft Active Protections Program (MAPP), through which it notifies certain customers of the vulnerabilities it discovers a few weeks before disclosing them publicly. 

The group counts 81 members and some of them were notified of the Exchange vulnerability in advance. While Microsoft isn’t pointing any fingers, Bloomberg says the company's investigation is leading towards two Chinese customers. 

Microsoft gave the following statement, emphasizing that no changes to the program have yet been made: “We believe there are many benefits to mutual information sharing with the security community to help protect our mutual customers against attacks. We continue to evaluate how to best balance the benefits of this sharing with the risk of early disclosures.”

Microsoft believes Chinese state-sponsored attackers were behind the Exchange hack, which led to the compromise of more than 60,000 email systems around the world, many of which belonged to the US government.

China has denied all allegations and all claims of being involved in any type of cybercrime:

“China resolutely opposes any form of online attacks or infiltration. This is our clear and consistent stance. Relevant Chinese laws on data collection and handling clearly safeguards data security and strongly oppose cyberattacks and other criminal activity.”

Even though Microsoft has previously removed specific members from the MAPP system, Bloomberg believes this won’t be the case this time, despite the destructive force of the hack. The company could, however, reconsider the type and volume of data shared with Chinese members.