Security News > 2022 > April > Microsoft ups bug bounties 30% for cloud lines, pays more for 'scenario-based' exploits
Microsoft will pay more - up to $26,000 more - for "High-impact" bugs in its Office 365 products via its bug bounty program.
The new "Scenario-based" payouts to the Dynamics 365 and Power Platform Bounty Program and M365 Bounty Program aim to incentivize bug hunters to focus on finding vulnerabilities with "The highest potential impact on customer privacy and security," Microsoft said late last week.
Same for finding a vuln that deserializes untrusted data, also leading to potential RCE. Microsoft made a similar move with its Azure bug bounty program in the fall and now pays up to $60,000 for high-impact cloud vulnerabilities.
During Microsoft's April monthly patching bonanza, the software giant addressed more than 100 vulnerabilities including ten critical RCEs.
Teradici, which HP acquired last year, created a PC-over-IP remote desktop protocol, which has more than 15 million endpoints deployed globally, according to HP. These include government agencies, media companies, production studios, and financial institutions - in other words, these bugs could do some serious damage if cybercriminals exploit them before organizations patch the holes.
Security researchers at Plugin Vulnerabilities discovered the bug in the WordPress website builder, which has more than five million installations.
News URL
https://go.theregister.com/feed/www.theregister.com/2022/04/18/in-brief-security/
Related news
- Microsoft Identifies Storm-0501 as Major Threat in Hybrid Cloud Ransomware Attacks (source)
- Ransomware gang using stolen Microsoft Entra ID creds to bust into the cloud (source)
- Ransomware attackers hop from on-premises systems to cloud to compromise Microsoft 365 accounts (source)
- Microsoft lost some customers’ cloud security logs (source)
- Microsoft SharePoint RCE flaw exploits in the wild – you've had 3 months to patch (source)
- VEILDrive Attack Exploits Microsoft Services to Evade Detection and Distribute Malware (source)