Microsoft Cuts PoC Exploits to China After SharePoint Zero-Day Leak Implicates Redmond's Bug Program
Microsoft allegedly halted providing Chinese companies with proof-of-concept (PoC) exploit code for new vulnerabilities. This reported action followed mass exploitation involving SharePoint flaws and appears linked to a leak within Microsoft's internal early-bug-notification program.
The core assertion circulating is that the company stopped sharing this PoC code, specifically via the Microsoft Active Protections Program (MAPP). Users cite the connection between this cutoff and major SharePoint zero-day attacks that occurred in July.
The prevailing view is that Microsoft altered its developer sharing practices for Chinese entities. The narrative points to a clear shift in policy following the exploitation window involving SharePoint and leaked bug disclosure information.
Key Points
#1Microsoft reportedly stopped sharing PoC exploit code with Chinese companies.
This is the core claim driving the discussion, citing a change in the company's practices.
#2The policy change followed zero-day exploitation of SharePoint.
Multiple sources tie the stoppage directly to recent, high-profile security incidents involving SharePoint flaws.
#3The leak originated from Microsoft's internal bug disclosure program.
Commenters like 'Alphane_Moon' specified the incident's root cause within Redmond's early-bug-notification process.
#4The mechanism of code sharing was the MAPP program.
User 'lemmydev2' named the Microsoft Active Protections Program (MAPP) as the source of the alleged cutoff.
Source Discussions (5)
This report was synthesized from the following Lemmy discussions, ranked by community score.