Widespread intrusions compromising vulnerable on-premises Microsoft SharePoint servers are believed by Trend Micro Zero Day Initiative Head of Threat Awareness Dustin Childs to have been facilitated by the exposure of bug details from the Microsoft Active Protections Program, where security vendors were able to obtain advanced access to the flaw earlier this month after being discovered in May, The Register reports.
"The first MAPP drop occurs at what we call r minus 14, which is two weeks ahead of the [Patch Tuesday] release. Then, on July 7, we started to see attacks. July 8, the patches were out and were almost immediately bypassed," said Childs, who noted that more recent vulnerabilities, tracked as CVE-2025-53770 and CVE-2025-53771, have not been given any MAPP guidance. Microsoft has not commented on Childs' statement. "As part of our standard process, we'll review this incident, find areas to improve, and apply those improvements broadly," Microsoft added.
"The first MAPP drop occurs at what we call r minus 14, which is two weeks ahead of the [Patch Tuesday] release. Then, on July 7, we started to see attacks. July 8, the patches were out and were almost immediately bypassed," said Childs, who noted that more recent vulnerabilities, tracked as CVE-2025-53770 and CVE-2025-53771, have not been given any MAPP guidance. Microsoft has not commented on Childs' statement. "As part of our standard process, we'll review this incident, find areas to improve, and apply those improvements broadly," Microsoft added.
