Connect with us

Hi, what are you looking for?

Hard News Hard Hitting News Source Global Political News

Cyber Security

Microsoft Teams is the first target for new app-focused bug bounty program

Microsoft has launched a bug bounty program for 365 applications, with Microsoft Teams’ desktop client the sole in-scope target for now.

Announced yesterday (March 24), the Microsoft Applications Bounty Program will pay out bounty rewards of between $500 and $30,000 for valid security vulnerabilities – a substantially higher ceiling than the $20,000 on offer under its online services counterpart.

Five scenario-based awards ranging between $6,000 and $30,000 are on offer for remote code execution (RCE), authentication credential theft, privilege escalation, and XSS or similar flaws leading to arbitrary code execution with minimal or no user interaction.

Other valid vulnerability reports will attract rewards within the $500 to $15,000 range.

In a related development, valid vulnerability reports for Microsoft Teams are now eligible for a 200% bonus multiplier applied to points earned under the Researcher Recognition Program.

Determined by the bug’s severity and impact, points are accrued for vulnerabilities found on eligible applications and contribute towards Microsoft Security Response Center’s (MSRC) annual Most Valuable Security Researcher roll call.

Security researchers should continue to submit vulnerabilities found in Teams’ web browser application to Microsoft’s Online Services Bounty Program.

365 protection

Microsoft did not specify when other Microsoft 365 desktop clients, such as for OneDrive, Outlook, and PowerPoint, would be brought within scope for the new program.

“Partnering with the security research community is an important part of Microsoft’s holistic approach to defending against security threats,” said MSRC program manager Lynn Miyashita.

“As much of the world has shifted to working from home in the last year, Microsoft Teams has enabled people to stay connected, organized, and collaborate remotely.

Miyashita added: “Microsoft and security researchers across the planet continue to partner to help secure customers and the technologies we use for remote collaboration.”

Microsoft Teams, a videoconferencing and business collaboration platform, reported a 50% surge to 115 million daily active users in the six months after Covid-19 was declared a pandemic.

Source: https://portswigger.net/daily-swig/microsoft-teams-is-the-first-target-for-new-app-focused-bug-bounty-program

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

You May Also Like

Cyber Security

Belgium became a haven for ethical hackers following the adoption of a nationwide safe harbor agreement last month. The framework means that well-intentioned security researchers are free...

Cyber Security

Twitter faced further criticism this week when Elon Musk’s social networking platform announced SMS-based 2FA will only be available to paying customers going forward....

Cyber Security

ANALYSIS Weaknesses in the existing CVSS scoring system have been highlighted through new research, with existing metrics deemed responsible for “overhyping” some vulnerabilities. So-called “overinflated” ratings...

Cyber Security

Apache has resolved a vulnerability potentially exploitable to launch remote code execution (RCE) attacks using Kafka Connect. Announced on February 8, the critical vulnerability...

Copyright © 2023 Hard News Herd Hitting in Your Face News Source | World News | Breaking News | US News | Political News Website by Top Search SEO