Security News > 2022 > April > Microsoft ups bug bounties 30% for cloud lines, pays more for 'scenario-based' exploits

Microsoft will pay more - up to $26,000 more - for "High-impact" bugs in its Office 365 products via its bug bounty program.

The new "Scenario-based" payouts to the Dynamics 365 and Power Platform Bounty Program and M365 Bounty Program aim to incentivize bug hunters to focus on finding vulnerabilities with "The highest potential impact on customer privacy and security," Microsoft said late last week.

Same for finding a vuln that deserializes untrusted data, also leading to potential RCE. Microsoft made a similar move with its Azure bug bounty program in the fall and now pays up to $60,000 for high-impact cloud vulnerabilities.

During Microsoft's April monthly patching bonanza, the software giant addressed more than 100 vulnerabilities including ten critical RCEs.

Teradici, which HP acquired last year, created a PC-over-IP remote desktop protocol, which has more than 15 million endpoints deployed globally, according to HP. These include government agencies, media companies, production studios, and financial institutions - in other words, these bugs could do some serious damage if cybercriminals exploit them before organizations patch the holes.

Security researchers at Plugin Vulnerabilities discovered the bug in the WordPress website builder, which has more than five million installations.

News URL

https://go.theregister.com/feed/www.theregister.com/2022/04/18/in-brief-security/