Microsoft announced on Wednesday that it has restricted some Chinese companies’ access to its cybersecurity early warning system after suspicions emerged linking Beijing to recent hacking campaigns targeting Microsoft SharePoint servers. The move follows a surge of cyberattacks last month that exploited vulnerabilities in SharePoint, raising questions among security experts about whether sensitive information from Microsoft’s own security-sharing network was misused.
The company operates the Microsoft Active Protections Program (MAPP), which provides select security vendors—including firms in China—with early details on software vulnerabilities. This system is designed to allow defenders to prepare protections before flaws are publicly disclosed. However, the timing of recent attacks sparked concerns that details shared through MAPP may have leaked.
According to reports, Microsoft informed MAPP participants about SharePoint vulnerabilities on June 24, July 3, and July 7. On the same day the last advisory was sent, Microsoft said it observed exploitation attempts. That coincidence, experts suggested, raised the possibility that a member of the program might have misused the information.
Beijing has denied any role in the SharePoint hacking campaign. Still, in response to the concerns, Microsoft confirmed that some Chinese partners would no longer receive “proof of concept code,” which demonstrates how vulnerabilities can be exploited. While such code is valuable for defenders racing to patch systems, it can also provide hackers with a roadmap for attacks.
In a statement, Microsoft explained, “We continuously review participants and suspend or remove them if we find they violated their contract with us which includes a prohibition on participating in offensive attacks.” The company also acknowledged the inherent risks in sharing sensitive details with partners, adding, “We are aware that the information we provide can be exploited, which is why we take steps – both known and confidential – to prevent misuse.”
Microsoft declined to disclose specifics about which Chinese companies were affected by the restrictions or provide updates on its ongoing investigation into the hacking incidents.
The decision highlights growing tensions in global cybersecurity cooperation, particularly as governments and corporations weigh the balance between collaboration and the risks of information leakage in sensitive security programs.
