Microsoft Reportedly Cuts China's Early Access to Bug Disclosures, PoC Exploit Code (theregister.com) 7
An anonymous reader quotes a report from The Register: Microsoft has reportedly stopped giving Chinese companies proof-of-concept exploit code for soon-to-be-disclosed vulnerabilities following last month's SharePoint zero-day attacks, which appear to be related to a leak in Redmond's early-bug-notification program. The software behemoth gives some software vendors early bug disclosures under its Microsoft Active Protections Program (MAPP), which typically delivers info two weeks before Patch Tuesday. MAPP participants sign a non-disclosure agreement, and in exchange get vulnerability details so that they can provide updated protections to customers more quickly.
According to Microsoft spokesperson David Cuddy, who spoke with Bloomberg about changes to the program, MAPP has begun limiting access to companies in "countries where they're required to report vulnerabilities to their governments," including China. Companies in these countries will no longer receive "proof of concept" exploit code, but instead will see "a more general written description" that Microsoft sends at the same time as patches, Cuddy told the news outlet. "A leak happened here somewhere," Dustin Childs, head of threat awareness at Trend Micro's Zero Day Initiative (ZDI), told The Register in July. "And now you've got a zero-day exploit in the wild, and worse than that, you've got a zero-day exploit in the wild that bypasses the patch, which came out the next day."
Childs said the MAPP change "is a positive change, if a bit late. Anything Microsoft can do to help prevent leaks while still offering MAPP guidance is welcome."
"In the past, MAPP leaks were associated with companies out of China, so restricting information from flowing to these companies should help," Childs said. "The MAPP program remains a valuable resource for network defenders. Hopefully, Microsoft can squelch the leaks while sending out the needed information to companies that have proven their ability (and desire) to protect end users."
According to Microsoft spokesperson David Cuddy, who spoke with Bloomberg about changes to the program, MAPP has begun limiting access to companies in "countries where they're required to report vulnerabilities to their governments," including China. Companies in these countries will no longer receive "proof of concept" exploit code, but instead will see "a more general written description" that Microsoft sends at the same time as patches, Cuddy told the news outlet. "A leak happened here somewhere," Dustin Childs, head of threat awareness at Trend Micro's Zero Day Initiative (ZDI), told The Register in July. "And now you've got a zero-day exploit in the wild, and worse than that, you've got a zero-day exploit in the wild that bypasses the patch, which came out the next day."
Childs said the MAPP change "is a positive change, if a bit late. Anything Microsoft can do to help prevent leaks while still offering MAPP guidance is welcome."
"In the past, MAPP leaks were associated with companies out of China, so restricting information from flowing to these companies should help," Childs said. "The MAPP program remains a valuable resource for network defenders. Hopefully, Microsoft can squelch the leaks while sending out the needed information to companies that have proven their ability (and desire) to protect end users."
In other news... (Score:2)
...Microsoft was previously providing vulnerability information and proof-of-concept exploits for those vulnerabilities in systems and software used by American and allied defense contractors' corporate networks and to utility OT networks to a foreign government before patches were widely deployed among those American and allied countries' networks.
one dickhead ruins it for everyone (Score:1)
yo china: this is why we can't have nice things
go to your fucking room and think about what you've done
Re: (Score:2)
yo china: go to your fucking room and think about what you've done
this exploit affected "tens of thousands" of sharepoint installations, and they guess some of it was chinese because "ttp's aligned" with other attacks (which aligned with ... what?). that's a pretty weak assessment. however ...
"Sixty days to fix really isn't a bad timeline for a bug that stays private and stays under coordinated disclosure rules,"
yes it is. "coordinated disclosure rules" isn't by any means a sensible argument. it's pretty obvious that pointing the finger in any vague direction is a big temptation at this point, and ofc bad china bad is the perfect target. hey, "ttps align!".
now, it's ofc possible that chinese