Security News > 2022 > April > Microsoft asks bug hunters to probe on-premises Exchange, SharePoint servers
Bug hunters that discover and report high-impact security vulnerabilities in on-premises Exchange, SharePoint and Skype for Business may earn as much as $26,000 per eligible submission, Microsoft has announced.
The highest awards will go to those who discover vulnerabilities that have the highest potential impact to customer security.
Authentication bypass allows for unauthenticated exploitation which results in mass exploitation of vulnerabilities.
Server-Side Request Forgery allows an attacker to make server-side HTTP requests to arbitrary URLs.
Authenticated Server-Side Request Forgery allows an attacker to make authenticated server-side HTTP requests to arbitrary URL. More information about in scope and out of scope vulnerabilities is available on the Microsoft Applications and On-Premises Servers Bounty Program page.
In general, technical vulnerabilities are in-scope, and phishing or other social engineering attacks against Microsoft employees are forbidden.
News URL
https://www.helpnetsecurity.com/2022/04/06/bug-on-premises-exchange/
Related news
- Hijacked Microsoft web domain injects spam into SharePoint servers (source)
- Microsoft fixes bug causing Windows Server 2025 boot errors (source)
- Microsoft's End of Support for Exchange 2016 and 2019: What IT Teams Must Do Now (source)
- New ClickFix attack deploys Havoc C2 via Microsoft Sharepoint (source)
- Microsoft Exchange Online outage affects Outlook web users (source)
- Microsoft: Exchange Online bug mistakenly quarantines user emails (source)
- Microsoft fixes auth issues on Windows Server, Windows 11 24H2 (source)
- Microsoft investigates global Exchange Admin Center outage (source)