Microsoft launches bug bounty for Office previews

Microsoft is inviting early adopters to hunt for vulnerabilities in initial builds of its Office productivity suite via a new bounty program.

Under the Microsoft Office Insider Builds on Windows Bounty Program, researchers who find reproducible vulnerabilities in the company's productivity suite can earn up to US$15,000 (A$19,480).

That amount is paid for vulnerabilites that allow for Office Protected View sandbox escapes, and macro execution through bypassing security policies in Word, Excel and Powerpoint.

The discovery of vulnerabilties that bypass the automatic attachment block policies in Outlook reaps rewards of up to US$9,000 (A$11,700) for each flaw.

Researchers must submit a proof of concept for their submitted vulnerabilties, and Microsoft will dock thousands off the payout if the report is of low quality.

The Office Insider bug bounty program will run from today until June 15 US time.

Microsoft's trustworthy computing team said the new program will complement its internal testing. 

The company currently operates seven different bug bounty programs. Of those, the biggest rewards are found in the mitigation bypass program, which solicits entries for novel exploitation techniques for Windows, and the related bounty for defence scheme, which offers up to US$100,000 per flaw.