Finding a Microsoft 365 bug is now more lucrative than ever
Rewards have been increased for discovering and reporting high-impact bugs
When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.
Security researchers and white hat hackers will now be able to earn even more whenfinding bugsinMicrosoft 356, Dynamics 365 andMicrosoft’s Power Platform.
In a newblog post, the Microsoft Security Response Center revealed that it is raising the maximum awards for high-impact security flaws reported to the Dynamics 365 and Power Platform Bounty Program as well as the M365 Bounty Program.
Share your thoughts on Cybersecurity and get a free copy of the Hacker’s Manual 2022.Help us find how businesses are preparing for the post-Covid world and the implications of these activities on their cybersecurity plans. Enter your email at theend of this surveyto get the bookazine, worth $10.99/£10.99.
Now when a cross-tenant information disclosure bug is found in Dynamics 365 and Power Platform, bug hunters can earn up to $20k. Meanwhile, remote code execution through untrusted input bugs in Microsoft 365 will be worth an additional 30 percent, unauthorized cross-tenant and cross identity sensitive data leakage will be worth an extra 20 percent and “confused deputy” vulnerabilities will worth an additional 15 percent.
These new bounty awards are part of Microsoft’s “continued efforts to partner with the security research community” as part of the software giant’s holistic approach to defending against security threats.
Finding bugs in on-premise Exchange, SharePoint and Skype for Business
In addition to expanding its bug bounty rewards in Microsoft 365, Dynamics 365 and Power Platform, Microsoft also recently added on-premiseExchange,SharePointandSkype for Businessto its Applications and On-Premises Servers Bounty Program.
This expandedbug bounty programmakes it possible for security researchers who find and report vulnerabilities that affect on-premises servers to earn rewards ranging from $500 all the way up to $26k.
1Password ups maximum bug bounty>Meta is getting serious about its bug bounty program>Building the world’s largest bug bounty platform
It’s worth noting that “higher rewards are possible, at Microsoft’s sole discretion, based on the severity and impact of the vulnerability and the quality of the submission” according to aseparate blog postfrom the Microsoft Security Response Center.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
When it comes to the severity multiplier for these kinds of bugs, server-side request forgery bugs are worth an additional 20 percent in both Exchange and Sharepoint.
Security researchers and white hat hackers interested in learning more can find out all the details by visiting Microsoft’sApplications and On-Premises Servers Bounty Program page.
ViaBleepingComputer
After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.
7 myths about email security everyone should stop believing
Best Usenet client of 2024
We might have our first look at the long-rumored Samsung tri-fold
