Microsoft launches bug bounty for Office previews

By

Testers have three months to score up to US$15,000.

Microsoft is inviting early adopters to hunt for vulnerabilities in initial builds of its Office productivity suite via a new bounty program.

Microsoft launches bug bounty for Office previews

Under the Microsoft Office Insider Builds on Windows Bounty Program, researchers who find reproducible vulnerabilities in the company's productivity suite can earn up to US$15,000 (A$19,480).

That amount is paid for vulnerabilites that allow for Office Protected View sandbox escapes, and macro execution through bypassing security policies in Word, Excel and Powerpoint.

The discovery of vulnerabilties that bypass the automatic attachment block policies in Outlook reaps rewards of up to US$9,000 (A$11,700) for each flaw.

Researchers must submit a proof of concept for their submitted vulnerabilties, and Microsoft will dock thousands off the payout if the report is of low quality.

The Office Insider bug bounty program will run from today until June 15 US time.

Microsoft's trustworthy computing team said the new program will complement its internal testing. 

The company currently operates seven different bug bounty programs. Of those, the biggest rewards are found in the mitigation bypass program, which solicits entries for novel exploitation techniques for Windows, and the related bounty for defence scheme, which offers up to US$100,000 per flaw.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:

Most Read Articles

Ex-student charged over Western Sydney University cyberattacks

Ex-student charged over Western Sydney University cyberattacks

Home Affairs officer accessed data on "friends and associates"

Home Affairs officer accessed data on "friends and associates"

SA Water plans 'once-in-a-generation' core technology uplift

SA Water plans 'once-in-a-generation' core technology uplift

Sportsbet recruits 'security champions' in shift-left strategy

Sportsbet recruits 'security champions' in shift-left strategy

Log In

  |  Forgot your password?