14 DAY TRIAL // Microsoft has recently announced that three more products have been added to its bug bounty program, namely the on-premises versions of Exchange, SharePoint, and Skype for Business.
Just like for the rest of apps and on-premises, the rewards start at $500 and go all the way up to $30,000 depending on the discovered vulnerability and the quality of the report.
“Microsoft 365 and Microsoft Office Servers are your productivity solutions across work and life, designed to help you achieve more with innovative Office apps, intelligent cloud services, and world-class security. The Microsoft Applications and On-Premises Servers Bounty Program invites researchers across the globe to identify vulnerabilities in specific Microsoft applications and on-premise servers and share them with our team. Qualified submissions are eligible for bounty rewards from $500 to $30,000 USD,” Microsoft says.
The rewards
Naturally, Microsoft offers the biggest reward for Remote Code Execution flaws. If they’re rated as critical flaws and are being sent to Microsoft alongside a high-quality report, they can be worth $20,000. On the other hand, if you come across an elevation of privilege, also rated as critical, the bounty drops to $8,000 when a high-quality report is sent as well. Microsoft, however, says it could also offer higher rewards, depending on your findings.
“Bounty awards range from $500 up to $30,000 USD. Higher awards are possible, at Microsoft’s sole discretion, based on the severity and impact of the vulnerability and the quality of the submission. Researchers who provide submissions that do not qualify for bounty awards may still be eligible for public acknowledgment if their submission leads to a vulnerability fix, and points in our Researcher Recognition Program,” the company says.
Full information on this bug bounty program, including the value of each reward, is available here.