Security News > 2021 > July > Bug hunters asked to probe Microsoft Teams mobile apps, can earn up to $30k
Microsoft's Applications Bounty Program has been extended to cover Microsoft Teams mobile apps, and bug hunters can earn up to $30,000 for reports about specific vulnerabilities.
Microsoft Teams is an enterprise communication and collaboration platform that provides workspace one-on-one and group chat, videoconferencing, VoIP, file sharing and storage, and meetings.
Microsoft started its Applications Bounty Program in March 2021, with Microsoft Teams Windows, macOS, and Linux desktop clients as the initial targets for bug hunters.
Microsoft is now looking for reports about vulnerabilities of Critical or Important severity reproducible on a fully patched operating system and the latest version of the corresponding Microsoft Teams mobile application.
Microsoft offers a maximum award of $30,000 for vulnerabilities that allow remote code execution with no user interaction, and $15,000 for those that may allow attackers to obtain authentication credentials for other users - but not through phishing.
"Submissions for Teams online services will continue to be awarded under the Online Services Bounty Program," Lynn Miyashita, Program Manager at Microsoft Security Response Center, added.
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/6jignvKFLwk/
Related news
- Week in review: Microsoft fixes two exploited zero-days, SOC teams are losing trust in security tools (source)
- Black Basta poses as IT support on Microsoft Teams to breach networks (source)
- Black Basta ransomware poses as IT support on Microsoft Teams to breach networks (source)
- Black Basta operators phish employees via Microsoft Teams (source)
- Week in review: Windows Themes spoofing bug “returns”, employees phished via Microsoft Teams (source)
- Microsoft Ignite 2024 Unveils Groundbreaking AI, Security, and Teams Innovations (source)