Security News > 2021 > March > Microsoft offers rewards for security bugs in Microsoft Teams
Microsoft is starting a new Applications Bounty Program, and the first application that they want researchers to find bugs in is Microsoft Teams, its popular business communication platform.
Microsoft Teams offers workspace chat, VoIP and videoconferencing, file sharing through chats, and meetings.
Like other videoconferencing and communication solutions, Microsoft Teams received a considerable boost with the advent of the Covid-19 outbreak, fueled by companies' need to keep in touch with their employees working from home.
For the time being, only the Microsoft Teams desktop client for Windows, macOS, and Linux is in-scope.
XSS or other code injection resulting in ability to execute arbitrary scripts in the context of teams.
Depending on their severity and the quality of the report, the rewards can be as much as $15,000 or as little as $500. "Submissions identifying vulnerabilities that reproduce only in online services will be reviewed under the Online Services Bounty Program. For eligible bounty targets and awards for research in other Office products, please see the Office Insider Bounty Program. All submissions are reviewed for bounty eligibility, so don't worry if you aren't sure where your submission fits. We will route your report to the right program," the company added.
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/NW1h4GcPdoA/
Related news
- Microsoft disables BitLocker security fix, advises manual mitigation (source)
- Microsoft launches unified Teams app for personal, work accounts (source)
- Microsoft security tools questioned for treating employees as threats (source)
- Microsoft hosts a security summit but no press, public allowed (source)
- Microsoft Is Disabling Default ActiveX Controls in Office 2024 to Improve Security (source)
- Microsoft fixes 4 exploited zero-days and a code defect that nixed earlier security fixes (source)
- Microsoft overhauls security for publishing Edge extensions (source)
- SOC teams are frustrated with their security tools (source)
- Microsoft Issues Security Update Fixing 118 Flaws, Two Actively Exploited in the Wild (source)