Security News > 2021 > March > Microsoft offers rewards for security bugs in Microsoft Teams

Microsoft is starting a new Applications Bounty Program, and the first application that they want researchers to find bugs in is Microsoft Teams, its popular business communication platform.

Microsoft Teams offers workspace chat, VoIP and videoconferencing, file sharing through chats, and meetings.

Like other videoconferencing and communication solutions, Microsoft Teams received a considerable boost with the advent of the Covid-19 outbreak, fueled by companies' need to keep in touch with their employees working from home.

For the time being, only the Microsoft Teams desktop client for Windows, macOS, and Linux is in-scope.

XSS or other code injection resulting in ability to execute arbitrary scripts in the context of teams.

Depending on their severity and the quality of the report, the rewards can be as much as $15,000 or as little as $500. "Submissions identifying vulnerabilities that reproduce only in online services will be reviewed under the Online Services Bounty Program. For eligible bounty targets and awards for research in other Office products, please see the Office Insider Bounty Program. All submissions are reviewed for bounty eligibility, so don't worry if you aren't sure where your submission fits. We will route your report to the right program," the company added.

News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/NW1h4GcPdoA/