Snynet Solution Logo
MON - SUN: 10 AM - 6 PM
+60 11 5624 8319

Blog

Finding a Microsoft 365 bug is now more lucrative than ever

Image Description

Security researchers and white hat hackers will now be able to earn even more when finding bugs in Microsoft 356, Dynamics 365 and Microsoft’s Power Platform.

In a new blog post, the Microsoft Security Response Center revealed that it is raising the maximum awards for high-impact security flaws reported to the Dynamics 365 and Power Platform Bounty Program as well as the M365 Bounty Program.

Share your thoughts on Cybersecurity and get a free copy of the Hacker's Manual 2022. Help us find how businesses are preparing for the post-Covid world and the implications of these activities on their cybersecurity plans. Enter your email at the end of this survey to get the bookazine, worth $10.99/£10.99.

Now when a cross-tenant information disclosure bug is found in Dynamics 365 and Power Platform, bug hunters can earn up to $20k. Meanwhile, remote code execution through untrusted input bugs in Microsoft 365 will be worth an additional 30 percent, unauthorized cross-tenant and cross identity sensitive data leakage will be worth an extra 20 percent and “confused deputy” vulnerabilities will worth an additional 15 percent.

These new bounty awards are part of Microsoft’s “continued efforts to partner with the security research community” as part of the software giant’s holistic approach to defending against security threats.

Finding bugs in on-premise Exchange, SharePoint and Skype for Business

In addition to expanding its bug bounty rewards in Microsoft 365, Dynamics 365 and Power Platform, Microsoft also recently added on-premise Exchange, SharePoint and Skype for Business to its Applications and On-Premises Servers Bounty Program.

This expanded bug bounty program makes it possible for security researchers who find and report vulnerabilities that affect on-premises servers to earn rewards ranging from $500 all the way up to $26k. 

It’s worth noting that “higher rewards are possible, at Microsoft’s sole discretion, based on the severity and impact of the vulnerability and the quality of the submission” according to a separate blog post from the Microsoft Security Response Center.

When it comes to the severity multiplier for these kinds of bugs, server-side request forgery bugs are worth an additional 20 percent in both Exchange and Sharepoint.

Security researchers and white hat hackers interested in learning more can find out all the details by visiting Microsoft’s Applications and On-Premises Servers Bounty Program page.

Via BleepingComputer

Date

15 Apr 2022

Sources


Share


Other Blog

  • Nvidia GeForce RTX 3090 outsells all AMD RX 6000 GPUs – is AMD in trouble?

    Despite the Nvidia flagship GPU having an eyewateringly high pricetag, it's outsold every card in AMD's RX 6000 series.

    Read More
  • The best Dell laptops 2020

    Dell is renowned for its well built, generously specced laptops, and these are the best Dell laptops from across its current range.

    Read More
  • Scribd ebook and audiobook subscription service launches in Australia

    Amazon Kindle Unlimited and Audible now have competition from another American ebook platform.

    Read More
  • Adata reveals seriously fast next-gen DDR5 RAM optimized for Intel motherboards

    Hopefully we won’t be waiting too long for these superfast sticks of memory which go up to 64GB in capacity.

    Read More

Find Out More About Us

Want to hire best people for your project? Look no further you came to the right place!

Contact Us