Security News > 2022 > April > Microsoft increases awards for high-impact Microsoft 365 bugs
Microsoft has increased the maximum awards for high-impact security flaws reported through the Microsoft 365 and the Dynamics 365 / Power Platform bug bounty programs.
With the expansion of these two programs, security researchers reporting Office 365 and Microsoft Account service vulnerabilities can earn up to 30% for eligible scenarios.
"Through these new scenario-based bounty awards, we encourage researchers to focus their research on vulnerabilities that have the highest potential impact on customer privacy and security," a Microsoft Security Response Center announcement revealed.
Microsoft added that flaws that aren't considered high impact might still be eligible for bounties under the General Awards program.
"If a reported vulnerability does not qualify for a bounty award under the High Impact Scenarios, it may be eligible for a bounty award under General Awards," the company says.
"Higher awards are possible, at Microsoft's sole discretion, based on the severity and impact of the vulnerability and the quality of the submission."
News URL
Related news
- Phishing-as-a-Service "Rockstar 2FA" Targets Microsoft 365 Users with AiTM Attacks (source)
- New Rockstar 2FA phishing service targets Microsoft 365 accounts (source)
- Microsoft 365 outage takes down Office web apps, admin center (source)
- CISA orders federal agencies to secure Microsoft 365 tenants (source)
- Microsoft 365 users hit by random product deactivation errors (source)
- Microsoft fixes bug behind random Office 365 deactivation errors (source)
- Severe Security Flaws Patched in Microsoft Dynamics 365 and Power Apps Web API (source)
- Microsoft MFA outage blocking access to Microsoft 365 apps (source)
- Azure, Microsoft 365 MFA outage locks out users across regions (source)
- Microsoft 365 apps crash on Windows Server after Office update (source)