Finding a Microsoft 365 bug is now more lucrative than ever

Security researchers and hackers will now be able to earn even more by finding bugs in Microsoft 356, Dynamics 365, and Microsoft’s Power Platform.

In a new blog post, the Microsoft Security Response Center revealed that it is increasing the maximum rewards for high-impact security breaches reported to the Dynamics 365 and Power Platform Bounty program as well as the M365 Bounty program.

Now, when a cross-tenant information disclosure bug is detected in Dynamics 365 and Power Platform, bug hunters can earn up to $20,000. Meanwhile, remote code execution through untrusted ingress bugs in Microsoft 365 will be worth an additional 30%, unauthorized cross-tenant and cross-identity data leaks will be worth an additional 20%, and “confused deputy” vulnerabilities. will be worth an additional 15%.

The new awards are part of “Microsoft’s ongoing efforts to partner with the security research community” as part of the software giant’s holistic approach to defending against security threats.

Finding bugs in on-premises Exchange, SharePoint, and Skype for Business

In addition to expanding its bug bounties in Microsoft 365, Dynamics 365, and Power Platform, Microsoft also recently added on-premises Exchange, SharePoint, and Skype for Business to its on-premises application and server bounty program.

This extensive bug bounty program allows security researchers who find and report vulnerabilities that affect on-premises servers to earn rewards ranging from $500 to $26,000.

It should be noted that “higher rewards are possible, at Microsoft’s sole discretion, depending on the severity and impact of the vulnerability and the quality of the submission,” according to a separate Microsoft blog post. Security Response Center.

See also  Heroku confirms user details were stolen by hackers

As for the severity multiplier for these types of bugs, server-side request forgery bugs are worth an additional 20% in Exchange and Sharepoint.

Security researchers and hackers interested in learning more can find out all the details by visiting Microsoft’s on-premises server and application bounty program page.

Via BleepingComputer

Leave a Comment