Microsoft 365 Bug Bounty Program Now Offers up to $26K Rewards

Posted on April 19, 2022 by Laurent Giret in Cloud, Microsoft, Office 365, Uncategorized with 1 Comment

Microsoft announced last week that it was increasing rewards for some of its Bug Bounty Programs by up to 30% (via The Register). This is the consequence of the Redmond giant introducing new scenario-based bounty awards for its Microsoft 365 Bounty Program and Dynamics 365 and Power Platform Bounty Program.

“Through these new scenario-based bounty awards, we encourage researchers to focus their research on vulnerabilities that have the highest potential impact on customer privacy and security. Awards increase by up to 30% ($26,000 USD total) for eligible scenario submissions,” the Microsoft Security Response Center team explained. 

One of the scenario-based bounty awards that will get a bonus is the discovery of a remote code execution vulnerability through untrusted input, either via code injection or deserialization of untrusted data. In both cases, Microsoft will grant researchers a 30% bonus on top of the general Microsoft 365 bounty awards.

“These new bounty awards are part of our continued efforts to partner with the security research community as part of Microsoft’s holistic approach to defending against security threats,” Microsoft said. Back in October, Microsoft also announced up to $60,000 awards for its Azure Bounty Program to encourage researchers to discover new vulnerabilities in the company’s cloud computing platform. 

Tagged with ,

Join the discussion!


Don't have a login but want to join the conversation? Become a Thurrott Premium or Basic User to participate

Comments (1)

One response to “Microsoft 365 Bug Bounty Program Now Offers up to $26K Rewards”

  1. hrlngrv

    I may be losing out on $$, but is Excel 365 unable to use LAMBDA function calling XLM functions in .XLSB files but they work in .XLSM files a bug or intended design?

Leave a Reply