(Singapore, 21.08.2025)In a stunning move that’s sending ripples through the global tech community, Microsoft has quietly but decisively curtailed a decade-old practice, limiting how Chinese companies receive critical cybersecurity vulnerability information. This major shift comes on the heels of a massive cyberattack on its SharePoint software, which breached over 400 organizations worldwide, including the highly sensitive U.S. National Nuclear Security Administration.
According to Bloomberg, Microsoft’s Active Protections Program (MAPP) was, for years, a cornerstone of global security cooperation. The program offered a “golden ticket” to select partners—including more than a dozen Chinese firms—by giving them a 24-hour head start on new security patches. This allowed them a sneak peek at vulnerabilities and the chance to deploy protections for their customers before hackers could exploit the flaws. Essentially, it was a race against time, with Microsoft providing its partners a critical advantage.
But what if that head start was being used for something else entirely?
Following the devastating SharePoint attacks, Microsoft launched a full-scale investigation into a potential leak from its MAPP partners. While the tech giant hasn’t commented on the specific findings of its probe, its actions speak volumes. The company is now limiting access for participants in countries where they are legally required to report vulnerabilities to their governments, a policy that directly impacts Chinese firms.
The change is more than a simple tweak; it’s a fundamental restructuring of trust. Instead of receiving “proof of concept” code that shows exactly how a flaw can be exploited, affected MAPP partners will now only get a “more general written description” of the vulnerability. Crucially, this information will only be sent out at the same time the public receives the patch, effectively eliminating the 24-hour advantage. This new policy creates a level playing field, but not for the reasons originally intended.
A History of Suspicion and Leaks
This isn’t the first time the MAPP program has come under scrutiny. Allegations of leaks have plagued the initiative for over a decade. Back in 2012, Microsoft publicly accused Chinese network security company Hangzhou DPtech Technologies Co. of breaching a non-disclosure agreement and exposing a major Windows vulnerability.
The pattern seemed to repeat in 2021 when Microsoft again suspected Chinese MAPP partners of leaking information about flaws in its Exchange servers, which led to a global hacking campaign blamed on a Chinese espionage group called Hafnium.
These incidents, coupled with China’s 2021 law mandating that any company or researcher must report a discovered vulnerability to the government within 48 hours, paint a clear picture.
As Dakota Cary, a consultant at US cybersecurity firm SentinelOne, puts it, “It is very clear the Chinese companies in MAPP have to respond to incentives from the government.” He calls Microsoft’s decision a “fantastic change” that makes perfect sense in light of these pressures.
The current geopolitical climate has also amped up the pressure. Eugenio Benincasa, a researcher at ETH Zurich’s Center for Security Studies, noted that while suspicions about MAPP leaks have existed for years, “unprecedented attention on China’s cyber operations right now” likely forced Microsoft’s hand. The decision to act was no longer just about protecting its own network, but about navigating a complex international landscape where technology and national security are inextricably linked.
The End of an Era: Closing the “Transparency Centers”
In another significant development, Microsoft has also for the first time confirmed the closure of its “transparency centers” in China. These facilities, which had operated since at least 2003, were created to allow the Chinese government to review Microsoft’s source code. The goal was to build trust and assure authorities that Microsoft’s technology was free of hidden “backdoors” that could be used for digital surveillance.
According to Microsoft spokesperson David Cuddy, these facilities have been “long retired” and have not been visited since 2019. This revelation is especially notable given a new report alleging that Chinese cyber-espionage organizations were operating from the same sprawling campus in Wuhan as MAPP program members. The report, from a U.S. advocacy group called the Tech Integrity Project, claims these organizations worked out of the
National Cybersecurity Center, which houses a division of China’s Ministry of State Security. Cuddy flatly denied that Microsoft ever engaged with the Wuhan center.
In response to the news, a spokesperson for the Chinese embassy in Washington D.C. stated they were unfamiliar with the details of both the MAPP changes and the report about the Wuhan campus. However, they maintained that China “opposes and fights hacking activities” and condemned any “smears and attacks against China under the excuse of cybersecurity issues.”
Ultimately, Microsoft’s moves represent a tectonic shift. What was once a gesture of trust and global collaboration is now being reevaluated through the lens of national security and the harsh reality of ongoing cyber threats.
The company is taking a firmer stance, prioritizing control over vulnerabilities in an effort to protect its technology and its customers from potential misuse. The message is clear: when it comes to critical security information, the rules of engagement have officially changed.
