Microsoft on Monday tightened access to its Cybersecurity Vulnerability Early Warning program, restricting some Chinese firms from receiving ‘proof of concept code’ that simulates how real malware operates, Reuters reported.
The tighter controls follow last month’s large-scale hacking attempts against Microsoft SharePoint servers, attacks that Microsoft and several security researchers have linked to China.
The breaches reportedly impacted more than 400 organizations, among them government agencies and private companies. Victims included the US National Nuclear Security Administration, the body responsible for overseeing the nation’s nuclear weapons program.
Analysts are divided on whether Microsoft’s decision will strengthen security or create new risks. “It certainly raises a notional wall between Chinese firms and Microsoft, even though it may actually make Western firms feel a little better about their ability to withstand Chinese state-backed attacks against their MS infrastructure, if they suspect that there may be collusion between the Chinese firms and threat actors in that country,” said Rik Turner, chief analyst for cybersecurity at Omdia.
Others are less convinced that restricting Chinese companies will change the balance of power. “Chinese companies have their intel gathering capabilities, along with many other intel feeds globally, so limiting access to intel from Microsoft alone may not change much in their capabilities for the vendors,” said Sunil Varkey, a cybersecurity analyst.
The move also underscores a difficult trade-off for Microsoft and other vendors that run threat intelligence sharing programs. “Sharing complete information with all their customers, trusting them not to misuse it, has proved counterproductive,” said Keith Prabhu, founder and CEO of Confidis. “However, the approach of selective sharing of cybersecurity vulnerabilities will create doubts in the minds of customers about whether crucial information is actually being withheld from them. Enterprises would have to now augment their threat intelligence programs by getting feeds from other sources.”
That tension may already be prompting closer scrutiny from enterprises. Organizations are likely to demand stronger governance and oversight of vendor-managed threat intelligence programs, particularly when there is a risk that participants could misuse sensitive data shared through them, according to Praharsh Srivastava, practice director at Everest Group.
Enterprise operations fallout – Microsoft’s proactive response by revoking access amid suspicions of misuse demonstrates accountability and may restore confidence in the ability of vendors to enforce strict protocol controls, while also prompting questions about the broader ecosystem’s integrity, analysts say. Turner cautioned that long-term effects could extend beyond regional politics, potentially creating blind spots and “windows of vulnerability” for defenders.