*

Microsoft ( MSFT ) evaluates partner program security amid leak

concerns

*

Program aims to give security vendors a head start against

hackers

July 25 (Reuters) - Microsoft ( MSFT ) is investigating

whether a leak from its early alert system for cybersecurity

companies allowed Chinese hackers to exploit flaws in its

SharePoint service before they were patched, Bloomberg News

reported on Friday.

A security patch Microsoft ( MSFT ) released this month failed to fully

fix a critical flaw in the U.S. tech giant's SharePoint server

software, opening the door to a sweeping global cyber espionage

effort.

In a blog post on Tuesday, Microsoft ( MSFT ) said two allegedly

Chinese hacking groups, dubbed "Linen Typhoon" and "Violet

Typhoon," were exploiting the weaknesses, along with a third,

also based in China.

The tech giant is probing if a leak from the Microsoft

Active Protections Program (MAPP) led to the widespread

exploitation of vulnerabilities in its SharePoint software

globally over the past several days, the report said.

Microsoft ( MSFT ) said in a statement provided to Reuters that the

company continually evaluates "the efficacy and security of all

of our partner programs and makes the necessary improvements as

needed."

A researcher with Vietnamese cybersecurity firm Viettel

demonstrated the SharePoint vulnerability in May at the Pwn2Own

cybersecurity conference in Berlin. The conference, put on by

cybersecurity company Trend Micro's Zero Day Initiative, rewards

researchers in the pursuit of ethically disclosing software

vulnerabilities.

The researcher, Dinh Ho Anh Khoa, was awarded $100,000 and

Microsoft ( MSFT ) issued an initial patch for the vulnerability in July,

but members of the MAPP program were notified of the

vulnerabilities on June 24, July 3 and July 7, Dustin Childs,

head of threat awareness for the Zero Day Initiative at Trend

Micro, told Reuters Friday.

Microsoft ( MSFT ) first observed exploit attempts on July 7, the

company said in the Tuesday blog post.

Childs told Reuters that "the likeliest scenario is that

someone in the MAPP program used that information to create the

exploits."

It's not clear which vendor was responsible, Childs said,

"but since many of the exploit attempts come from China, it

seems reasonable to speculate it was a company in that region."

It would not be the first time that a leak from the MAPP

program led to a security breach. More than a decade ago,

Microsoft ( MSFT ) accused a Chinese firm, Hangzhou DPTech Technologies

Co., Ltd., of breaching its non-disclosure agreement and

expelled it from the program.

"We recognize that there is the potential for vulnerability

information to be misused," Microsoft ( MSFT ) said in a 2012 blog post,

around the time that information first leaked from the program.

"In order to limit this as much as possible, we have strong

non-disclosure agreements (NDA) with our partners. Microsoft ( MSFT )

takes breaches of its NDAs very seriously."

Any confirmed leak from MAPP would be a blow to the program,

which is meant to give cyber defenders the upper hand against

hackers who race to parse Microsoft ( MSFT ) updates for clues on how to

develop malicious software that can be used against

still-vulnerable users.

Launched in 2008, MAPP was meant to give trusted security

vendors a head start against the hackers, for example, by

supplying them with detailed technical information and, in some

cases, "proof of concept" software that mimics the operation of

genuine malware.