Cybersecurity experts and white hat hackers may now earn extra money by discovering defects in Microsoft 356, Dynamics 365, and Microsoft’s Power Platform.
The Microsoft Security Response Center said in a recent article that it is increasing the maximum awards for high-impact security issues reported to the Dynamics 365 and Power Platform Bounty Programs, and also the Microsoft 365 Bounty Program.
Defect hunters may now earn up to $20k for discovering a cross-tenant information exposure bug in Dynamics 365 and Power Platform. Furthermore, remote code execution via untrusted input issues in Microsoft 365 will be valued 30percent more, unauthorized cross-tenant and cross-identity critical data leakage will be valued 20 percent more, and “confused deputy” flaws will be valued 15 percent more.
Such new bounty rewards are part of Microsoft’s “ongoing attempts to cooperate with the cybersecurity research community,” as part of the corporation’s comprehensive approach to guarding against security risks.
Microsoft which is known for products like Microsoft Teams has introduced on-premise Exchange, SharePoint, and Skype for Business to its Apps and On-Premises Servers Bounty Program, in addition to extending its bug bounty awards in Microsoft 365, Dynamics 365, and Power Platform.
This enhanced bug bounty program allows security experts who discover and disclose flaws affecting on-premises servers to win awards starting from $500 to $26,000.
As per a second blog article from the Microsoft Security Response Center, “greater awards are available, at Microsoft’s absolute discretion, depending on the severity and effect of the bug and the credibility of the submission.”
Server-side request forgery issues are worth an extra 20 percent in both Exchange and SharePoint whenever it comes to the severity multiplier for these types of vulnerabilities.
Curious security experts and white hat hackers may discover more by checking Microsoft’s Applications and On-Premises Servers Bounty Program page.
Microsoft also recently released a new upgrade that allows IT administrators to set a tenant-wide timeout policy to automatically log out inactive users in Microsoft 365 web applications.