Security News > 2022 > April > Microsoft asks bug hunters to probe on-premises Exchange, SharePoint servers
Bug hunters that discover and report high-impact security vulnerabilities in on-premises Exchange, SharePoint and Skype for Business may earn as much as $26,000 per eligible submission, Microsoft has announced.
The highest awards will go to those who discover vulnerabilities that have the highest potential impact to customer security.
Authentication bypass allows for unauthenticated exploitation which results in mass exploitation of vulnerabilities.
Server-Side Request Forgery allows an attacker to make server-side HTTP requests to arbitrary URLs.
Authenticated Server-Side Request Forgery allows an attacker to make authenticated server-side HTTP requests to arbitrary URL. More information about in scope and out of scope vulnerabilities is available on the Microsoft Applications and On-Premises Servers Bounty Program page.
In general, technical vulnerabilities are in-scope, and phishing or other social engineering attacks against Microsoft employees are forbidden.
News URL
https://www.helpnetsecurity.com/2022/04/06/bug-on-premises-exchange/
Related news
- 17,000+ Microsoft Exchange servers in Germany are vulnerable to attack, BSI warns (source)
- Germany warns of 17K vulnerable Microsoft Exchange servers exposed online (source)
- These 17,000 unpatched Microsoft Exchange servers are a ticking time bomb (source)
- Microsoft fixes Outlook clients not syncing over Exchange ActiveSync (source)
- Microsoft confirms Windows Server issue behind domain controller crashes (source)
- Microsoft releases emergency fix for Windows Server crashes (source)
- Microsoft confirms memory leak in March Windows Server security update (source)
- CISA Warns: Hackers Actively Attacking Microsoft SharePoint Vulnerability (source)
- CISA tags Microsoft SharePoint RCE bug as actively exploited (source)
- Patch actively exploited Microsoft SharePoint bug, CISA orders federal agencies (CVE-2023-24955) (source)