Microsoft vs. the Great Wall of Leaks: Why China’s Off the Security Guest List
Microsoft has decided to stop sending Chinese companies proof-of-concept exploit codes following SharePoint zero-day attacks. The move is a bid to prevent leaks potentially aiding hackers. Instead, these companies will receive a vague description of vulnerabilities—like getting a recipe for cake without the secret ingredient!
Hot Take:
Microsoft just pulled a classic “better late than never” move by cutting off Chinese companies from getting their hands on juicy proof-of-concept exploit codes. After a SharePoint zero-day party that got a bit too wild, they finally decided to close the vulnerability floodgates. It’s like Microsoft is saying, “You can’t sit with us” to China, at the bug disclosure lunch table. Let’s hope this stops future exploits from running amok like toddlers in a candy store.
Key Points:
- Microsoft halts sharing proof-of-concept exploit code with Chinese companies due to SharePoint zero-day attacks.
- MAPP now limits access to companies in countries that mandate reporting vulnerabilities to governments.
- Over 400 organizations affected by the SharePoint server hijackings.
- Microsoft’s initial patches didn’t fully fix the SharePoint flaws, requiring a second round of patches.
- Trend Micro’s ZDI sees the MAPP changes as a positive step, albeit a delayed one.