Microsoft will change its Active Protections Program (MAPP) due to attacks on Exchange
Microsoft is allegedly considering making changes to its Active Protections Program, a tool for communication on threats and vulnerabilities. According to the company, this program could become a key factor in the massive attacks on Exchange servers in March this year.
The Microsoft Active Protections Program (MAPP) is a program for software vendors and partners that gives them early access to data on vulnerabilities and other threats before it is published. The MAPP, which has 81 member organizations, aims to ensure that companies can develop strategies and deploy appropriate updates before vulnerabilities become known to the public.
In particular, program participants are provided with a package of documents with all details of vulnerabilities known to Microsoft. It also includes instructions on how to reproduce the vulnerability and how to identify it.
“In some cases, the company also provides PoC exploits and other tools to better understand the vulnerability and develop a fix”, — Microsoft experts inform.
Despite the obvious advantages of MAPP, experts recently criticized the program because, according to an article in the Wall Street Journal, it could have (accidentally or intentionally) leaked an exploit, which was later used in sensational attacks on Exchange servers.
Let me remind you that I reported that 60,000 Organizations Hacked Due to Microsoft Exchange Vulnerability.
Microsoft is considering revising the program and, in particular, the mechanism of how and when it will provide data on vulnerabilities to partners, Bloomberg sources informed.
“The company suspects that MAPP participants could have ‘hinted’ to attackers about the existence of vulnerabilities in Exchange after they learned about them from Microsoft in February 2021. At least two Chinese companies are under investigation”, — Bloomberg sources told.
MAPP establishes different levels of access for participants that determine what information will be transferred and in what time frame (from several weeks to several days).
Potential program changes could include changing the order of participants and their level of access, re-evaluating what Microsoft will share in the future, and adding watermarks to track data transfers and any subsequent leaks.