Snynet Solution Logo
MON - SUN: 10 AM - 6 PM
+60 11 5624 8319

Blog

Finding a Microsoft 365 bug is now more lucrative than ever

Image Description

Security researchers and white hat hackers will now be able to earn even more when finding bugs in Microsoft 356, Dynamics 365 and Microsoft’s Power Platform.

In a new blog post, the Microsoft Security Response Center revealed that it is raising the maximum awards for high-impact security flaws reported to the Dynamics 365 and Power Platform Bounty Program as well as the M365 Bounty Program.

Share your thoughts on Cybersecurity and get a free copy of the Hacker's Manual 2022. Help us find how businesses are preparing for the post-Covid world and the implications of these activities on their cybersecurity plans. Enter your email at the end of this survey to get the bookazine, worth $10.99/£10.99.

Now when a cross-tenant information disclosure bug is found in Dynamics 365 and Power Platform, bug hunters can earn up to $20k. Meanwhile, remote code execution through untrusted input bugs in Microsoft 365 will be worth an additional 30 percent, unauthorized cross-tenant and cross identity sensitive data leakage will be worth an extra 20 percent and “confused deputy” vulnerabilities will worth an additional 15 percent.

These new bounty awards are part of Microsoft’s “continued efforts to partner with the security research community” as part of the software giant’s holistic approach to defending against security threats.

Finding bugs in on-premise Exchange, SharePoint and Skype for Business

In addition to expanding its bug bounty rewards in Microsoft 365, Dynamics 365 and Power Platform, Microsoft also recently added on-premise Exchange, SharePoint and Skype for Business to its Applications and On-Premises Servers Bounty Program.

This expanded bug bounty program makes it possible for security researchers who find and report vulnerabilities that affect on-premises servers to earn rewards ranging from $500 all the way up to $26k. 

It’s worth noting that “higher rewards are possible, at Microsoft’s sole discretion, based on the severity and impact of the vulnerability and the quality of the submission” according to a separate blog post from the Microsoft Security Response Center.

When it comes to the severity multiplier for these kinds of bugs, server-side request forgery bugs are worth an additional 20 percent in both Exchange and Sharepoint.

Security researchers and white hat hackers interested in learning more can find out all the details by visiting Microsoft’s Applications and On-Premises Servers Bounty Program page.

Via BleepingComputer

Date

15 Apr 2022

Sources


Share


Other Blog

  • Entrepreneurs: Stop dreaming and start making your creative dreams a reality with Squarespace.

    Squarespace is more than just a website builder and web hosting service. From your first page to your first sale to marketing and analytics, Squarespace has the tools to make your creative dreams real.

    Read More
  • Apple's M1 chipset could have some major compatibility issues

    Apple made some bold promises regarding the M1 chip, but people are experiencing crashes and major software issues.

    Read More
  • Firefox 84 dramatically boosts performance on Apple Silicon Macs

    Mozilla's browser now launches faster and web apps are twice as responsive on Macs running Apple Silicon.

    Read More
  • Amazon devices will soon share your internet with the neighbourhood: here's how to switch it off

    If you live in the US, your Amazon device will opt-in to share your Wi-Fi with other devices.

    Read More

Find Out More About Us

Want to hire best people for your project? Look no further you came to the right place!

Contact Us