In a brand new blog post, the Microsoft Safety Response Heart revealed that it’s elevating the utmost awards for high-impact safety flaws reported to the Dynamics 365 and Energy Platform Bounty Program in addition to the M365 Bounty Program.
Now when a cross-tenant info disclosure bug is present in Dynamics 365 and Energy Platform, bug hunters can earn as much as $20k. In the meantime, distant code execution via untrusted enter bugs in Microsoft 365 can be price a further 30 p.c, unauthorized cross-tenant and cross id delicate information leakage can be price an additional 20 p.c and “confused deputy” vulnerabilities will price a further 15 p.c.
These new bounty awards are a part of Microsoft’s “continued efforts to associate with the safety analysis neighborhood” as a part of the software program large’s holistic method to defending towards safety threats.
Discovering bugs in on-premise Change, SharePoint and Skype for Enterprise
Along with increasing its bug bounty rewards in Microsoft 365, Dynamics 365 and Energy Platform, Microsoft additionally lately added on-premise Exchange, SharePoint and Skype for Business to its Functions and On-Premises Servers Bounty Program.
This expanded bug bounty program makes it potential for safety researchers who discover and report vulnerabilities that have an effect on on-premises servers to earn rewards starting from $500 all the way in which as much as $26k.
It’s price noting that “increased rewards are potential, at Microsoft’s sole discretion, primarily based on the severity and affect of the vulnerability and the standard of the submission” in accordance with a separate blog post from the Microsoft Safety Response Heart.
In relation to the severity multiplier for these sorts of bugs, server-side request forgery bugs are price a further 20 p.c in each Change and Sharepoint.
Safety researchers and white hat hackers fascinated by studying extra can discover out all the main points by visiting Microsoft’s Applications and On-Premises Servers Bounty Program page.