Software giant Microsoft Corp. has launched an investigation to determine whether one of its flagship information-sharing programs sprung a leak that led to the widespread exploitation of Exchange server deployments around the world.
According to a bombshell report in the Wall Street Journal, Redmond is looking closely at its Microsoft Active Protections Program (MAPP) to figure out if an anti-malware partner in China leaked proof-of-concept code ahead of the availability of security updates.
The MAPP program lets Microsoft share vulnerability data to give anti-malware, intrusion prevention/detection and corporate network security vendors a head-start to add signatures and filters to protect against Microsoft software vulnerabilities.
The program is popular with defenders but it has long been controversial because of there is legitimate risk that data on serious, unpatched vulnerabilities could land in the wrong hands.
[ ALSO SEE: Microsoft Drops Chinese Vendor From MAPP ]
In 2012, Microsoft dropped a Chinese vendor from the program after violations and there is rampant speculation that something similar happened in late February this year ahead of the Exchange Server patches.
The WSJ says Microsoft’s new investigation centers on the question of how a stealthy attack that began in early January picked up steam in the week before the company was able to send a software fix to customers.
From the WSJ article:
Some of the tools used in the second wave of the attack, which is believed to have begun Feb. 28, bear similarities to “proof-of-concept” attack code that Microsoft distributed to antivirus companies and other security partners Feb. 23, investigators at securi ..
Support the originator by clicking the read the rest link below.
