Security News > 2021 > March > Microsoft offers rewards for security bugs in Microsoft Teams
Microsoft is starting a new Applications Bounty Program, and the first application that they want researchers to find bugs in is Microsoft Teams, its popular business communication platform.
Microsoft Teams offers workspace chat, VoIP and videoconferencing, file sharing through chats, and meetings.
Like other videoconferencing and communication solutions, Microsoft Teams received a considerable boost with the advent of the Covid-19 outbreak, fueled by companies' need to keep in touch with their employees working from home.
For the time being, only the Microsoft Teams desktop client for Windows, macOS, and Linux is in-scope.
XSS or other code injection resulting in ability to execute arbitrary scripts in the context of teams.
Depending on their severity and the quality of the report, the rewards can be as much as $15,000 or as little as $500. "Submissions identifying vulnerabilities that reproduce only in online services will be reviewed under the Online Services Bounty Program. For eligible bounty targets and awards for research in other Office products, please see the Office Insider Bounty Program. All submissions are reviewed for bounty eligibility, so don't worry if you aren't sure where your submission fits. We will route your report to the right program," the company added.
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/NW1h4GcPdoA/
Related news
- Attackers Exploit Microsoft Teams and AnyDesk to Deploy DarkGate Malware (source)
- Severe Security Flaws Patched in Microsoft Dynamics 365 and Power Apps Web API (source)
- 3 Actively Exploited Zero-Day Flaws Patched in Microsoft's Latest Security Update (source)
- Fleet: Open-source platform for IT and security teams (source)
- Ransomware attackers are “vishing” organizations via Microsoft Teams (source)
- Ransomware gangs pose as IT support in Microsoft Teams phishing attacks (source)
- ‘Sneaky Log’ Microsoft Spoofing Scheme Sidesteps Two-Factor Security (source)
- Microsoft: Outdated Exchange servers fail to auto-mitigate security bugs (source)
- Week in review: 48k Fortinet firewalls open to attack, attackers “vishing” orgs via Microsoft Teams (source)
- Microsoft Teams phishing attack alerts coming to everyone next month (source)