Microsoft Investigates Potential Cybersecurity Breach in Partner Program – What’s Leaking?
Redmond's security ecosystem faces scrutiny as Microsoft launches probe into alleged data leak from its elite cybersecurity partner network.
Behind the digital curtain: Sources whisper about compromised vendor credentials and potential exposure of sensitive client data—just as enterprise security budgets hit record highs (naturally).
The irony? This comes weeks after Microsoft's 'unhackable' Azure Sentinel platform celebrated its 1M-customer milestone. Cue the Wall Street analysts recalculating their 'buy' ratings.
One infosec insider quipped: 'When the guards start stealing keys, maybe it's time to rebuild the vault.' Meanwhile, corporate clients are quietly dusting off their incident response playbooks.
Microsoft probes suspected leak from cybersecurity partner program
The company is now investigating whether details from its MAPP program—shared with partners ahead of public patch releases—may have been leaked, accelerating the spread of these attacks.
Microsoft confirmed that it “continually evaluates the efficacy and security of all of our partner programs and makes the necessary improvements as needed.”
The SharePoint vulnerability first came to light in May when Vietnamese security researcher Dinh Ho Anh Khoa demonstrated it at the Pwn2Own cybersecurity conference in Berlin, organized by Trend Micro’s Zero Day Initiative. Khoa was awarded $100,000, and Microsoft issued an initial patch in July.
However, Dustin Childs, head of threat awareness at Trend Micro, said that MAPP partners had been informed of the vulnerability across three waves—June 24, July 3, and July 7. Coincidentally, Microsoft noted the first exploit attempts began on July 7.
Childs suggested the most likely scenario is that “someone in the MAPP program used that information to create the exploits.” While he didn’t name any vendor, he noted the exploit attempts originated mostly from China, making it “reasonable to speculate” the leak came from a company in that region.
Chinese state-backed hackers exploit unpatched SharePoint vulnerability
This is not the first time Microsoft has dealt with this kind of MAPP-related leak. A decade ago, the firm jettisoned China-headquartered Hangzhou DPTech Technologies Co., Ltd., for violating its nondisclosure agreement. Microsoft admitted at the time that there were risks and understood that vulnerable data could be abused.
The MAPP program, which debuted in 2008, was intended to provide security vendors with advance notice of the technical details of vulnerabilities — and, on occasion, sample proof-of-concept code — so they could better protect their customers. A leaked breach now WOULD fly directly in the face of the program’s mission—empowering defenders, not attackers.
Microsoft has not disclosed whether it has identified the source of the leak, but emphasized that any NDA breach would be taken seriously.
Past breaches resurface as Microsoft reconsiders MAPP program integrity
In 2021, Microsoft suspected at least two other Chinese MAPP partners of leaking information about vulnerabilities in its Exchange servers. This led to a global hacking campaign that Microsoft attributed to a Chinese espionage group called Hafnium. It was one of the firm’s worst breaches ever—tens of thousands of exchange servers were hacked, including at the European Banking Authority and the Norwegian Parliament.
After the 2021 incident, the company considered revising the MAPP program. But it did not disclose whether any changes were ultimately made, or whether any leaks were discovered.
Under a 2021 Chinese law, companies and security researchers must report newly discovered vulnerabilities to the Ministry of Industry and Information Technology within 48 hours, according to a report by the Atlantic Council. Some Chinese firms still involved in MAPP, such as Beijing CyberKunlun Technology Co Ltd., also participate in the China National Vulnerability Database—run by the Ministry of State Security—raising further concerns about dual reporting obligations.
Eugenio Benincasa, a researcher at ETH Zurich’s Center for Security Studies, points to the lack of transparency in how Chinese companies reconcile Microsoft’s confidentiality rules with state reporting mandates. “We know some of these firms work with security agencies, and China’s vulnerability management is highly centralized,” he said. “This is an area that clearly needs more scrutiny.”
Your crypto news deserves attention - KEY Difference Wire puts you on 250+ top sites
