AsianFin -- Microsoft announced Wednesday that it had curtailed access to "proof of concept" (PoC) code for certain Chinese firms participating in its Microsoft Active Protections Program (MAPP), a cybersecurity early warning system that shares vulnerability information with global partners ahead of public disclosure.

This decision follows a wave of SharePoint-focused cyberattacks in June and July targeting Microsoft’s enterprise software. Microsoft first issued vulnerability alerts on June 24, July 3, and July 7—only to face widespread exploitation attempts soon after, raising concerns that the MAPP-based collaborative system may have been compromised.

Security analysts speculated that a rogue partner within MAPP could have misused the privileged data, prompting Microsoft to tighten access controls.

Under the new policy, affected Chinese participants will no longer receive PoC code, which simulates malware behavior—essential for timely defensive measures but potentially dangerous if misappropriated. Instead, they will be provided with a general written description of vulnerabilities, aligned with the release of official patches.

David Cuddy, Microsoft's spokesperson, highlighted that the move particularly targets regions—such as China—where companies are mandated by law to report vulnerabilities to state authorities.

SentinelOne consultant Dakota Cary called the decision a “fantastic change,” contending that Chinese firms in MAPP may face governmental pressure that could threaten data confidentiality.

Other analysts caution that curbed information sharing might create “blind spots” in global cybersecurity. Rik Turner of Omdia noted that while restrictions may reassure Western customers wary of potential collusion, they could also weaken the broader ecosystem by limiting collective defenses CSO Online. Keith Prabhu, CEO of Confidis, echoed this concern, suggesting that selective sharing may foster distrust and hinder comprehensive threat intelligence CSO Online.

This is not the first time Microsoft has faced scrutiny over Chinese access to sensitive data. As early as 2012, Microsoft accused Hangzhou DPtech of breaching its non-disclosure agreement, exposing a major Windows vulnerability. In 2021, two additional Chinese MAPP partners were suspected of leaking information linked to the global Exchange server attacks attributed to the Hafnium espionage group.

Microsoft emphasized a robust process for monitoring and removing partners who violate contractual rules, including the prohibition of cyber offense. The company stated: “We continuously review participants and suspend or remove them if we find they violated their contract with us,” while stopping short of identifying the companies affected or detailing its investigation into the SharePoint breach.